|
Plagegeister aller Art und deren Bekämpfung: PiPi jfCacheMgr.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.02.2013, 13:10 | #1 |
| PiPi jfCacheMgr.exe Dies ist (vorerst) kein Hilferuf, sondern nur eine Problembeschreibung. Ich bin absoluter Laie, also nix Fachmännisches von mir erwarten. Auf meinem Computer startet in unregelmäßigen Abständen ein kleines Fenster mit chinesischer Werbung, das sich nach ca. einer Minute wieder abschaltet. Nicht schlimm, aber lästig. Wenn man auf das Werbefenster darauf klickt, öffnet sich mein Opera-Browser mit einem Fenster von PiPi (zweimal das chinesische Zeichen 皮 für "Pi"). Im Taskmanager ist zur Zeit der Aktivität des Werbungsfensters eine zeitgleiche Aktivität des Programms jfCacheMgr.exe als Prozess zu erkennen. Die Datei jfCacheMgr.exe lässt sich im Ordner c:\pipi finden. Mein Taskmanager weigert sich leider, den Prozess abzubrechen (). |
25.02.2013, 13:33 | #2 |
/// Malware-holic | PiPi jfCacheMgr.exe Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
26.02.2013, 12:40 | #3 |
| PiPi jfCacheMgr.exe OTL Logfile:
__________________OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 26.02.2013 11:45:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files (x86)\Oldtimer OTL 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 5,31 Gb Available Physical Memory | 67,36% Memory free 15,77 Gb Paging File | 12,64 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 131,96 Gb Total Space | 27,48 Gb Free Space | 20,83% Space Free | Partition Type: NTFS Drive Q: | 15,62 Gb Total Space | 5,82 Gb Free Space | 37,26% Space Free | Partition Type: NTFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Oldtimer OTL\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\****\Brosix\Brosix.exe () PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) PRC - C:\pipi\jfCacheMgr.exe (皮皮科技) PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files (x86)\Nuance\PDF Create 5\PdfCreate5Hook.exe (Nuance Communications, Inc.) PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Users\****\AppData\Local\Temp\Application\mFormat.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\****~1\AppData\Local\Temp\85688_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\437B2_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\3E011_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\3DFD3_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\3DF94_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\3DF56_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\336F7_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\336C8_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\31A43_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\30195_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\30109_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FFE0_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FF73_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FF44_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FF06_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FE89_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FE1C_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FDBE_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FCD4_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FC96_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FC38_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FB7D_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FB3F_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FAD2_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2FA93_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2F46C_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2F3FE_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2F382_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2F334_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2F24A_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2DDFF_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\2D94D_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\23571_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1FC29_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1FBFA_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1FBAC_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1FB5E_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1AF32_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1A65C_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1A0E0_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1A0C1_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1A092_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1A063_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\1A015_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\19FD7_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\E80D_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\E7CE_0.DLL () MOD - C:\Users\****~1\AppData\Local\Temp\E667_0.DLL () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4976e150a5d096db3981d4d56dda5a8e\System.Deployment.ni.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\eb4fa29ea9ab56d453b36696edbe6423\System.Runtime.Serialization.Formatters.Soap.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Users\****\Brosix\lib_voice_engine.dll () MOD - C:\Users\****\Brosix\lib_video_engine.dll () MOD - C:\Users\****\Brosix\Brosix.exe () MOD - C:\Users\****\Brosix\plugins\whiteboard\whiteboard.dll () MOD - C:\Users\****\Brosix\plugins\welcome\welcome.dll () MOD - C:\Users\****\Brosix\plugins\screenshot\screenshot.dll () MOD - C:\Users\****\Brosix\plugins\userprofile\userprofile.dll () MOD - C:\Users\****\Brosix\plugins\screensharing\screensharing.dll () MOD - C:\Users\****\Brosix\plugins\filetransfer\filetransfer.dll () MOD - C:\Users\****\Brosix\plugins\history\history.dll () MOD - C:\Users\****\Brosix\plugins\chat\chat.dll () MOD - C:\Users\****\Brosix\plugins\cobrowse\cobrowse.dll () MOD - C:\Users\****\Brosix\plugins\avlive\avlive.dll () MOD - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Users\****\AppData\Local\Temp\Application\FAVPID.dll () MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll () MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\Program Files (x86)\HP\StatusAlerts\bin\nativeutils.dll () MOD - C:\PROGRA~2\MICROS~3\Office12\ADDINS\UMOUTL~1.DLL () MOD - C:\PROGRA~2\MICROS~3\Office12\OUTLCTL.DLL () MOD - C:\Programme\Lenovo\AutoLock\cv210.dll () MOD - C:\Programme\Lenovo\AutoLock\cxcore210.dll () MOD - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () MOD - C:\PROGRA~2\MICROS~3\Office12\ADDINS\COLLEA~1.DLL () MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.DEU () MOD - C:\Program Files (x86)\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll () MOD - C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll () MOD - C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll () MOD - C:\Users\****\AppData\Local\Temp\Application\mFormat.exe () ========== Services (SafeList) ========== SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (PIPIStartSvr) -- C:\pipi\PIPIStartSvr.exe (PIPI) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Lenovo.RapidDrive.Advanced.Svc) -- C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe (Lenovo, Japan, Ltd. ) SRV - (McTaskManager) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.) SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (WMCoreService) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited) SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (HP DS Service) -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe (Hewlett-Packard Company) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (WDDMService.exe) -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC) SRV - (WDSmartWareBackgroundService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (l36wgps) -- C:\Windows\SysNative\drivers\l36wgps64.sys (Ericsson AB) DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB) DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB) DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation) DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation) DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation) DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation) DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.) DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848 IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6001F0CE-FBA9-4497-8AB8-ADF9E736C03D}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deAT475 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.03.13 09:59:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP5X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 10:36:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.21 10:36:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.20 20:32:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP CHR - Extension: Skype Click to Call = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120313095933.dll (McAfee, Inc.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (PIPI Link Helper) - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\pipi\JfCheck.dll (PIPI Tech.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120313095933.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [Nuance OmniPage 17-reminder] C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 5\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create 5\pdfcreate5hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [LTT] C:\Programme\PC-Doctor\EnableToolbarW32.exe (PC-Doctor, Inc.) O4 - HKCU..\Run: [Quickbar] C:\Users\****\AppData\Local\Temp\Application\mFormat.exe () O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: An vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Linkinhalt an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: PDF-Datei aus Linkinhalt erstellen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Datei erstellen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: PDF-Dateien aus den ausgewählten Links erstellen - C:\Program Files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll (Zeon Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4631FC65-B24F-4818-966F-AF1629B57CDC} https://pbank.95559.com.cn/personbank/cab/SafeCtl.cab (BcActiveX Control) O16 - DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///F:/launch.ocx (Launch Control) O16 - DPF: {B3D433B8-F0D2-4D58-9DC0-09C62B7B8EAD} https://pbank.95559.com.cn/personbank/cab/BocomAssistComm.cab (AxAssistComm Class) O16 - DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} https://univpn.univie.ac.at/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = exp.univie.ac.at O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFC40532-1799-483A-A207-EA9F73895E75}: NameServer = 194.48.124.202 194.48.124.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFBD7CB8-34B1-4B50-AB01-6AB7D1E6C060}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FB86C49B-A125-400F-914B-5071DBA2DAB1}: NameServer = 192.2.4.247,192.2.4.248 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{3ab9ce47-5065-11e1-bb7d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3ab9ce47-5065-11e1-bb7d-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{deac886f-e493-11e1-a596-2477035275b8}\Shell - "" = AutoRun O33 - MountPoints2\{deac886f-e493-11e1-a596-2477035275b8}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{ed7af55e-6cf1-11e1-859d-f0def1c7c766}\Shell - "" = AutoRun O33 - MountPoints2\{ed7af55e-6cf1-11e1-859d-f0def1c7c766}\Shell\AutoRun\command - "" = D:\SETUP.EXE O33 - MountPoints2\{ed7af55e-6cf1-11e1-859d-f0def1c7c766}\Shell\configure\command - "" = D:\SETUP.EXE O33 - MountPoints2\{ed7af55e-6cf1-11e1-859d-f0def1c7c766}\Shell\install\command - "" = D:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.26 11:02:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oldtimer OTL [2013.02.25 15:06:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.25 15:06:19 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.25 15:06:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.25 15:06:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.25 15:06:15 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.25 15:06:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.21 10:36:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.02.13 03:35:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 03:35:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 03:35:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 03:35:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 03:35:51 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 03:35:51 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 03:35:51 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 03:35:51 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 03:35:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 03:35:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 03:35:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 03:35:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 03:35:50 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 03:35:50 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 03:35:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.13 02:10:57 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 02:10:56 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 02:10:56 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 02:09:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 02:09:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 02:09:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 02:09:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 02:09:21 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 02:09:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 02:08:45 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.09 09:07:52 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Ascaron Entertainment [2013.02.09 09:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascaron Entertainment [2013.02.09 09:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ascaron Entertainment ========== Files - Modified Within 30 Days ========== [2013.02.26 11:45:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.02.26 11:42:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.02.26 11:29:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.26 11:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.26 09:51:55 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 09:51:55 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.26 09:48:36 | 007,058,824 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.26 09:48:36 | 002,547,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.26 09:48:36 | 002,180,416 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.26 09:48:36 | 001,955,020 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.26 09:48:36 | 000,005,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.26 09:46:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.26 09:44:43 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.26 09:43:37 | 2054,868,991 | -HS- | M] () -- C:\hiberfil.sys [2013.02.25 15:06:11 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.25 15:06:09 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.25 15:06:09 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.25 15:06:08 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.02.25 15:06:08 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.25 15:06:08 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.24 13:43:25 | 000,001,246 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013.02.24 11:37:12 | 000,000,248 | ---- | M] () -- C:\Windows\tasks\PIPI_Update.job [2013.02.13 03:49:05 | 002,396,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.11 05:49:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\multbp.cfg [2013.02.08 08:02:40 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.08 08:02:40 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.07.21 17:11:55 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.05.18 14:03:58 | 000,000,017 | ---- | C] () -- C:\Users\****\AppData\Local\resmon.resmoncfg [2012.04.04 08:28:45 | 000,000,027 | ---- | C] () -- C:\Users\****\AppData\Local\UACBrResultRetrieving.dat [2012.03.21 10:16:42 | 000,035,265 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2012.03.14 10:32:49 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.14 10:30:36 | 000,000,403 | ---- | C] () -- C:\Windows\MAXLINK.INI [2012.03.12 09:54:35 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\{AE2957E1-9508-4550-BED4-1191F2055980} [2012.02.06 11:40:46 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2012.02.06 03:03:33 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.02.06 03:03:33 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.06 03:03:33 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.06 03:03:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.06 03:03:33 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.04 08:28:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Brosix [2012.04.17 08:40:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Design Science [2012.09.20 03:38:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2012.09.20 02:25:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.12 10:16:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GameRanger [2012.03.12 08:59:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2012.03.12 10:40:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lenovo [2012.06.27 14:02:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LyX2.0 [2012.03.14 10:30:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nuance [2012.03.20 12:45:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org [2012.03.12 11:01:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera [2012.03.13 11:13:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PCDr [2013.01.06 13:59:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PIPI [2012.03.12 09:54:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PwrMgr [2012.04.18 12:27:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ScanSoft [2012.03.20 20:32:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird [2012.03.13 14:30:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ulead Systems [2012.08.12 21:26:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Western Digital [2012.03.14 10:39:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Zeon ========== Purity Check ========== < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.02.2013 11:45:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Program Files (x86)\Oldtimer OTL 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 5,31 Gb Available Physical Memory | 67,36% Memory free 15,77 Gb Paging File | 12,64 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 131,96 Gb Total Space | 27,48 Gb Free Space | 20,83% Space Free | Partition Type: NTFS Drive Q: | 15,62 Gb Total Space | 5,82 Gb Free Space | 37,26% Space Free | Partition Type: NTFS Computer Name: ****2 | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~3\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01AF0571-4F8C-42C3-8152-5190E203BF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{04E15610-4B24-40D6-93EE-F6DD2B7213E9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{148FAD27-5340-4266-9715-1CDDC786EB80}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{1A58B936-19D4-4A80-B7D0-21A9A56D0093}" = lport=2869 | protocol=6 | dir=in | app=system | "{2857E586-B373-4FC7-BD4A-3BAC96D71C46}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2BFF3FBB-4C67-46E3-B08C-43E98765E1B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{33AFF5CE-8D59-4EF7-B334-1ABBE88CCF42}" = rport=445 | protocol=6 | dir=out | app=system | "{46AFFCEC-4016-4000-99FA-64FD9899A055}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{76F4C365-0152-464B-840D-DE568875E98C}" = rport=138 | protocol=17 | dir=out | app=system | "{797A93D7-F757-4301-88C3-314DA21A1926}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{871F82B6-EE12-4F14-A73C-5BEE68197C8B}" = lport=137 | protocol=17 | dir=in | app=system | "{8A705D5A-375F-43E4-B4E1-0D1DEAA559D1}" = lport=139 | protocol=6 | dir=in | app=system | "{8C3E9328-BD89-4D52-8587-6637AEBCD477}" = lport=10243 | protocol=6 | dir=in | app=system | "{967E2C7C-DA08-447C-A5B2-A444D53904BF}" = lport=445 | protocol=6 | dir=in | app=system | "{9FAA178C-B1E8-4CF9-A122-FFBE9277B72C}" = rport=10243 | protocol=6 | dir=out | app=system | "{A68F782D-5C02-4092-B0F0-1E80356BFDBD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AA13322E-A59B-47FC-AE2B-6FE58973B9F2}" = rport=137 | protocol=17 | dir=out | app=system | "{AD887511-0AD6-44A6-AA3F-F0B6E7F624F3}" = rport=139 | protocol=6 | dir=out | app=system | "{B5570889-790B-49EC-86FD-08DC1768F1D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C5F1EFB8-B48B-49B1-951C-0912E08A7E87}" = lport=138 | protocol=17 | dir=in | app=system | "{C9D301CE-17FD-4985-90E0-12D21020F778}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D6C212FA-A50E-445F-B598-C880DC2510F5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DD9F914F-A7E3-4623-BB63-E9CAD87AC06C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{DE7F6E10-604D-4D2F-AAB8-2C50C5E5BC01}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A74BF2C-81A5-4D7C-8125-32EB7D0011B8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{0AAE4EA0-A040-433D-B8C3-F276BAEBB30B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{0DFA8D81-4114-48E4-9440-D60049B88F81}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{1432F71B-5BE9-4D5C-A780-0C72BDA5BBFE}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{1444079B-4DCF-40ED-A861-48CBF26F93FB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{16319D66-C43D-43A0-B8EB-85309651FEDD}" = protocol=17 | dir=in | app=c:\pipi\httpdownload.exe | "{17C664BB-3A2C-4776-A463-5AB11C2409B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2052DE7C-48EF-469A-ADFD-11CF2B74B116}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{24A8BD45-F88E-4684-BB18-3A3D8E43DE45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{27A5D1EE-9855-4577-A366-27B3542F7BB9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2961390B-DDCF-42FC-908D-43B3AD262025}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2E4DF77F-6180-46B4-BEC4-FEC61EB57EA7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{32A13E85-1E18-42A3-A159-B2DEDD9DDEA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3779E41E-8A3B-4D5D-97CF-5947046C5ACA}" = protocol=17 | dir=in | app=c:\pipi\kmliveupdate.exe | "{3DCED006-FAD9-4A50-9C47-CE9541B00A61}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\gameranger\gameranger\gameranger.exe | "{412D0A7D-2EB7-4C11-B485-83AAAF5649DF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{48405E27-E816-4A8B-BC0A-BF72F148551A}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{4C158A1B-7B65-4B26-9102-28D6F39DDB9A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{4E28305B-546D-47B1-A9A2-58C356B81F8D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{4E759788-6FE8-41F5-8223-9BD7D3876ED9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{50CB4266-A755-4256-AE81-1138A0A3817E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{51A70B3C-B7C3-45E5-896F-7DB471E70093}" = protocol=17 | dir=in | app=c:\pipi\pipiplayer.exe | "{58B7056B-9A12-47D5-8D76-D892213A39D1}" = protocol=6 | dir=in | app=c:\pipi\kmliveupdate.exe | "{5A5109B7-93DB-47F2-8F8D-E4716A370DCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{6770BE46-C8E2-411A-B71C-1BB8EC14F279}" = protocol=6 | dir=in | app=c:\pipi\httpdownload.exe | "{6DFD2463-E99E-459E-9129-BA700D664900}" = protocol=6 | dir=out | app=system | "{6E9D4BB2-6D49-423D-80BA-EF976DC449D4}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{70E5C503-09F2-4B48-A076-86B8904290BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{729DA11D-AE22-494A-BC75-D0476952ED4D}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{7AACBA79-F820-4496-9AD7-324338F70E3B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{89A8B4F5-4A5C-4A9B-A1C4-EAE3A3E01F0C}" = protocol=6 | dir=in | app=c:\pipi\pipiplayer.exe | "{904E6960-CB6B-4381-8495-32054957993A}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{963ACAF6-DDA3-4394-BD42-1386BDDA5E1E}" = protocol=17 | dir=in | app=c:\pipi\jfcachemgr.exe | "{990779C4-D008-44B7-A8EE-820DFDC09469}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9D92B759-A569-41AF-919F-6F26C29FA305}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A04AE4AF-E383-4C5A-88FB-BD018ABAEC1A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{A066AB12-A0F5-4146-9639-246DFB8C291B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A0767827-C941-4E7D-9B2B-71207D581E0D}" = protocol=17 | dir=in | app=c:\users\****\downloads\spiele\age of empire 2.0a_fehler\empires2.exe | "{A0E43613-4096-4296-B1B2-4401FD515D27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AA209488-7E5B-4A52-8CDB-52F17B67D6A7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B2BF1E3C-E7CD-4D9F-808C-561C621E2F6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B64BC198-271F-4EA1-A796-A1970B1C6981}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{B7DB3CC7-5A2E-4ECC-9752-D63A54630E40}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{BB15D88D-36AA-4E3F-B81D-B590D1F7FA4A}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{C02B5717-DAF0-408A-9201-0A480923F0AF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{C621FD4D-0847-4E1B-BEBA-031D56FB2E86}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C6707B6D-BC17-4878-989B-2F6B3C1BC617}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\gameranger\gameranger\gameranger.exe | "{CA40C03B-3E28-4EB3-A1FA-6E54688DE8E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CBC94F98-C955-45B0-A6C4-17D187251872}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D144785D-976E-46BD-8964-8D6B6F70529E}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{D2CD30CB-38B3-4859-9F87-F05B68D3C1B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D69AC82E-A39C-43F5-92A8-C8BDAEDECF26}" = protocol=6 | dir=in | app=c:\pipi\jfcachemgr.exe | "{DA3BD7AD-38D5-4A96-86D0-4EA105CA86B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E72949D9-61FD-4BBE-8B67-1037E6DA6881}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{F29FE5D9-3E89-41F9-A4F0-403EBF1D5BC0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F331AF90-704A-413A-AE30-EAE2D053E29E}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe | "{F4FDB86F-705C-45A1-8785-D2D5915DA8AD}" = protocol=6 | dir=in | app=c:\users\****\downloads\spiele\age of empire 2.0a_fehler\empires2.exe | "TCP Query User{014BB302-2B91-427A-9900-E874D5365C9F}C:\users\****\brosix\brosix.exe" = protocol=6 | dir=in | app=c:\users\****\brosix\brosix.exe | "TCP Query User{18589071-FDFF-49D0-B3F9-6021EC81F98C}C:\users\****\downloads\spiele\age of empire 2.0a\empires2.exe" = protocol=6 | dir=in | app=c:\users\****\downloads\spiele\age of empire 2.0a\empires2.exe | "TCP Query User{1B904742-71AF-48EE-B5C7-660786D2320B}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{3255691C-688D-45EE-94E2-D084F5240346}C:\users\****\desktop\age of empire 2.0a\empires2.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empire 2.0a\empires2.exe | "TCP Query User{33367156-7ADF-4EB8-9BEE-4391FA38B578}C:\users\****\documents\my saved games\anno 1602\1602.exe" = protocol=6 | dir=in | app=c:\users\****\documents\my saved games\anno 1602\1602.exe | "TCP Query User{3F3FD71C-0413-4E74-B3FC-9BDCE39B45A2}C:\users\****\desktop\age of empire 2.0a\empires2.exe" = protocol=6 | dir=in | app=c:\users\****\desktop\age of empire 2.0a\empires2.exe | "TCP Query User{5DD2B71F-29B6-4F98-8B02-94C3CB75EA99}C:\users\****\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{91EBDDAF-AA86-413F-BC22-9B2CAB8E2CB1}C:\users\****\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\gameranger\gameranger\gameranger.exe | "TCP Query User{9A18AC5A-E0EC-4107-97B0-A3161D717E44}C:\users\****\brosix\brosix.exe" = protocol=6 | dir=in | app=c:\users\****\brosix\brosix.exe | "TCP Query User{C1B2A1E5-621E-4EE0-B7C0-6BFE7B47597E}C:\program files\tivoli\tsm\baclient\dsmagent.exe" = protocol=6 | dir=in | app=c:\program files\tivoli\tsm\baclient\dsmagent.exe | "TCP Query User{C1EA7B60-57DC-4889-9585-10302D1924C6}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{C7CC0467-A38E-49C1-8743-269C9D28EC11}C:\users\****\downloads\spiele\age of empire 2.0a_fehler\empires2.exe" = protocol=6 | dir=in | app=c:\users\****\downloads\spiele\age of empire 2.0a_fehler\empires2.exe | "TCP Query User{DA117827-3353-4FEE-92CD-C0D1E4B57DA3}C:\program files\tivoli\tsm\baclient\dsmagent.exe" = protocol=6 | dir=in | app=c:\program files\tivoli\tsm\baclient\dsmagent.exe | "UDP Query User{2EA87235-92FB-4418-B68F-F742C731DDC4}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{3786E0C5-A99D-4408-82A2-D0434164AED4}C:\users\****\documents\my saved games\anno 1602\1602.exe" = protocol=17 | dir=in | app=c:\users\****\documents\my saved games\anno 1602\1602.exe | "UDP Query User{520C685B-3B67-406A-A463-1D0DCA5EC5B7}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{85277779-B084-4B44-8570-B08B1DC730DD}C:\users\****\brosix\brosix.exe" = protocol=17 | dir=in | app=c:\users\****\brosix\brosix.exe | "UDP Query User{B73ABCA0-2D80-4A39-8BF6-9CD32762145E}C:\program files\tivoli\tsm\baclient\dsmagent.exe" = protocol=17 | dir=in | app=c:\program files\tivoli\tsm\baclient\dsmagent.exe | "UDP Query User{BA90D04F-821F-4B83-870E-59E3C8463C20}C:\program files\tivoli\tsm\baclient\dsmagent.exe" = protocol=17 | dir=in | app=c:\program files\tivoli\tsm\baclient\dsmagent.exe | "UDP Query User{BCBEA1F0-6231-42CB-87AD-E860C441E2F0}C:\users\****\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{C1276066-79F4-4DF2-9471-C477A0139F2E}C:\users\****\downloads\spiele\age of empire 2.0a_fehler\empires2.exe" = protocol=17 | dir=in | app=c:\users\****\downloads\spiele\age of empire 2.0a_fehler\empires2.exe | "UDP Query User{DC190E19-D882-4EC1-B6C4-57CF442618AD}C:\users\****\brosix\brosix.exe" = protocol=17 | dir=in | app=c:\users\****\brosix\brosix.exe | "UDP Query User{E716116E-19FB-48F3-BEA4-25F7B8D58705}C:\users\****\desktop\age of empire 2.0a\empires2.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empire 2.0a\empires2.exe | "UDP Query User{EB6E4E8B-550A-419D-8DD7-2CAF7262C64F}C:\users\****\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\gameranger\gameranger\gameranger.exe | "UDP Query User{ECF15090-B7D8-48C6-9DD7-744D4FBAF133}C:\users\****\downloads\spiele\age of empire 2.0a\empires2.exe" = protocol=17 | dir=in | app=c:\users\****\downloads\spiele\age of empire 2.0a\empires2.exe | "UDP Query User{F1BFED34-220A-479A-B0E7-4F2A77367F8B}C:\users\****\desktop\age of empire 2.0a\empires2.exe" = protocol=17 | dir=in | app=c:\users\****\desktop\age of empire 2.0a\empires2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033123A8-E639-4108-BFC8-27566EFFAAF4}" = HP Unified IO "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E495961-0186-4F3C-9ABD-8421B53ACEBB}" = IBM Tivoli Storage Manager Client "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software "{26402BDB-C2DC-43D6-A522-B058928BA832}" = Nuance PDF Create! 5 "{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software "{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BAC619B-B811-4318-8C27-B11DDF3F1719}" = WD SmartWare "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock "{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) "0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021) "43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016) "466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) "6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) "8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) "A6BCA7876CD547CFB5821019998F044515D81B74" = Windows-Treiberpaket - Hewlett-Packard Image (04/27/2007 9.0.0.0) "CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD "DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) "DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2 "OnScreenDisplay" = Anzeige am Bildschirm "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Create "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7 "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{15CA73D8-3C82-4BAE-86CD-945BF9620516}" = HP LJ300-400 color M351-M451 "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{24D3BA48-E2F0-4357-B973-F9373F52ADC4}" = Adobe Photoshop CS3 "{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}" = McAfee Agent "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{32C0FD10-8FB4-427E-A16F-ED57C9343CF0}" = InstanceFinder "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{55757576-28B2-4552-AAF6-340F9FFBA9FA}" = ToolboxProxy "{56D8909F-DFAF-4F79-83E9-DCEA942F0264}" = hpStatusAlertsM351_M451 "{5952A881-831C-451A-BF20-F0CA2C295D94}" = HP Unified IO "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}" = HPLJDXPHelper "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69BCC264-0D43-469F-8434-31E738982E7B}" = Cisco AnyConnect Secure Mobility Client "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{76595FA3-0B98-43EF-BDD2-D04004AEB3A6}" = hppToolboxProxyM351 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7C8660F9-42DC-4D4E-85D5-CCAE3A2E5B1F}" = HPLJUTCore "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86F513F7-6CFD-4B07-A762-28E5ED2CEE97}" = hppLaserJetService "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9416A209-B8AD-4FE5-A893-3BDA6E9BDEC5}" = HP Product FWUpdater "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96C103D3-F058-4F9A-BDD9-BBE9C1431376}" = hppM351_M451LaserJetService "{9767CBB5-2A81-427D-8F05-497737D56AA0}" = hpbDSService "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147 "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BD019D8F-25B9-49D6-B301-07AFF65E35DD}" = HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI "{BD666C86-25CE-4D88-9F7D-C6266394C18D}" = hpStatusAlerts "{BF2198EB-503D-4E0B-89FB-509AADD6D545}" = hpbM351M451DSService "{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0 "{C0FB11B1-C991-4D2B-81BB-DBDF223736D6}" = Nuance OmniPage 17 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E25710A1-F024-4BAF-898C-32703F047737}" = HPLJUTM351-M451 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E7E7C73D-F5D4-4E7F-809C-48D380EAEBCD}" = Adobe Setup "{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers "{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}" = LJDXPHelperUI "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F8F9F1AC-5CB0-4DBB-87FA-1A6BC4EA02E5}_is1" = RapidDrive Advanced Version 1.0.12 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01 "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "½»ÐÐÍøÒø°²È«ÊäÈëÈí¼þ" = ½»ÐÐÍøÒø°²È«ÊäÈëÈí¼þ 3.0 "Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.0 Professional "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe_2ab305d4b0dea4a54f4852f3f5ed507" = Adobe Photoshop CS3 "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free YouTube Download_is1" = Free YouTube Download version 3.1.35.903 "Google Chrome" = Google Chrome "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "Lenovo Welcome_is1" = Lenovo Welcome "LyX203" = LyX 2.0.3 "MiKTeX 2.9" = MiKTeX 2.9 "Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Opera 12.14.1738" = Opera 12.14 "PIPI_is1" = PIPI 2.12.0.0 "ProInst" = Intel PROSet Wireless "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VLC media player 2.0.0 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Brosix" = Brosix "GameRanger" = GameRanger ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 26.02.2013 04:44:15 | Computer Name = ****2.exp.univie.ac.at | Source = WinMgmt | ID = 10 Description = Error - 26.02.2013 04:44:36 | Computer Name = ****2.exp.univie.ac.at | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0 Error - 26.02.2013 04:44:36 | Computer Name = ****2.exp.univie.ac.at | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0 Error - 26.02.2013 04:44:36 | Computer Name = ****2.exp.univie.ac.at | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0 Error - 26.02.2013 04:44:36 | Computer Name = ****2.exp.univie.ac.at | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error - 26.02.2013 04:44:36 | Computer Name = ****2.exp.univie.ac.at | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error - 26.02.2013 04:44:36 | Computer Name = ****2.exp.univie.ac.at | Source = Microsoft-Windows-EapHost | ID = 2002 Description = Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0 Error - 26.02.2013 04:48:33 | Computer Name = ****2.exp.univie.ac.at | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 26.02.2013 04:48:33 | Computer Name = ****2.exp.univie.ac.at | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich. Error - 26.02.2013 04:48:33 | Computer Name = ****2.exp.univie.ac.at | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 26.02.2013 06:21:44 | Computer Name = ****2.exp.univie.ac.at | Source = SideBySide | ID = 16842811 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige XML-Syntax. [ Cisco AnyConnect Secure Mobility Client Events ] Error - 26.02.2013 03:54:36 | Computer Name = ****2.exp.univie.ac.at | Source = acvpnagent | ID = 67108865 Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp Line: 311 m_pITelemetryPlugin is NULL Error - 26.02.2013 04:43:44 | Computer Name = ****2.exp.univie.ac.at | Source = acvpnagent | ID = 67108866 Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182 Invoked Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description: WINDOWS_ERROR_CODE Error - 26.02.2013 04:43:44 | Computer Name = ****2.exp.univie.ac.at | Source = acvpnagent | ID = 67108866 Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp Line: 603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Error - 26.02.2013 04:44:19 | Computer Name = ****2.exp.univie.ac.at | Source = acvpnagent | ID = 67108866 Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE Error - 26.02.2013 04:44:45 | Computer Name = ****2.exp.univie.ac.at | Source = acvpnui | ID = 67108866 Description = Function: XmlPrefMgr::endElement File: .\xml\XmlPrefMgr.cpp Line: 142 Invoked Function: UserPreferences::endElement Return Code: -33554423 (0xFE000009) Description: GLOBAL_ERROR_UNEXPECTED Attempt to set undefined preference <DefaultDomain>. Error - 26.02.2013 04:44:46 | Computer Name = ****2.exp.univie.ac.at | Source = acvpnui | ID = 67108866 Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 26.02.2013 04:44:46 | Computer Name = ****2.exp.univie.ac.at | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1336 NULL object. Cannot establish a connection at this time. Error - 26.02.2013 04:48:44 | Computer Name = ****2.exp.univie.ac.at | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 26.02.2013 04:48:44 | Computer Name = ****2.exp.univie.ac.at | Source = acvpnagent | ID = 67108865 Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp Line: 274 m_pIServicePlugin is NULL Error - 26.02.2013 04:48:44 | Computer Name = ****2.exp.univie.ac.at | Source = acvpnagent | ID = 67108865 Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp Line: 311 m_pITelemetryPlugin is NULL [ Lenovo-Lenovo Patch Utility/Admin Events ] Error - 22.02.2013 04:41:24 | Computer Name = ****2.exp.univie.ac.at | Source = Lenovo Patch Utility | ID = 2 Description = Can not grant access to Everyone: Manche oder alle Identitätsverweise konnten nicht übersetzt werden. [ Lenovo-Message Center Plus/Admin Events ] Error - 15.03.2012 12:01:49 | Computer Name = ****2.exp.univie.ac.at | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. -> Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. Error - 27.11.2012 23:38:59 | Computer Name = ****2.exp.univie.ac.at | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. -> Exception message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. Error - 02.02.2013 08:32:29 | Computer Name = ****2.exp.univie.ac.at | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Der Index war außerhalb des Arraybereichs. -> Exception message: Der Index war außerhalb des Arraybereichs. [ OSession Events ] Error - 19.04.2012 08:43:50 | Computer Name = ****2.exp.univie.ac.at | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 24.02.2013 06:37:10 | Computer Name = ****2.exp.univie.ac.at | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?24.?02.?2013 um 11:07:14 unerwartet heruntergefahren. Error - 24.02.2013 06:37:44 | Computer Name = ****2.exp.univie.ac.at | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Protexis Licensing V2 erreicht. Error - 24.02.2013 06:37:44 | Computer Name = ****2.exp.univie.ac.at | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Protexis Licensing V2" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 24.02.2013 08:47:13 | Computer Name = ****2.exp.univie.ac.at | Source = DCOM | ID = 10010 Description = Error - 24.02.2013 13:00:02 | Computer Name = ****2.exp.univie.ac.at | Source = DCOM | ID = 10010 Description = Error - 25.02.2013 18:27:10 | Computer Name = ****2.exp.univie.ac.at | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Protexis Licensing V2 erreicht. Error - 25.02.2013 18:27:10 | Computer Name = ****2.exp.univie.ac.at | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Protexis Licensing V2" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 26.02.2013 03:49:34 | Computer Name = ****2.exp.univie.ac.at | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?26.?02.?2013 um 08:48:06 unerwartet heruntergefahren. Error - 26.02.2013 03:54:32 | Computer Name = ****2.exp.univie.ac.at | Source = DCOM | ID = 10010 Description = Error - 26.02.2013 04:43:42 | Computer Name = ****2.exp.univie.ac.at | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?26.?02.?2013 um 09:42:35 unerwartet heruntergefahren. < End of report > Geändert von HoraceTWest (26.02.2013 um 12:50 Uhr) |
26.02.2013, 14:26 | #4 |
/// Malware-holic | PiPi jfCacheMgr.exe hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O8:64bit: - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O33 - MountPoints2\{3ab9ce47-5065-11e1-bb7d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3ab9ce47-5065-11e1-bb7d-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{deac886f-e493-11e1-a596-2477035275b8}\Shell - "" = AutoRun O33 - MountPoints2\{deac886f-e493-11e1-a596-2477035275b8}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{ed7af55e-6cf1-11e1-859d-f0def1c7c766}\Shell - "" = AutoRun O33 - MountPoints2\{ed7af55e-6cf1-11e1-859d-f0def1c7c766}\Shell\AutoRun\command - "" = D:\SETUP.EXE O33 - MountPoints2\{ed7af55e-6cf1-11e1-859d-f0def1c7c766}\Shell\configure\command - "" = D:\SETUP.EXE O33 - MountPoints2\{ed7af55e-6cf1-11e1-859d-f0def1c7c766}\Shell\install\command - "" = D:\SETUP.EXE :files :Commands [emptytemp]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.02.2013, 09:19 | #5 |
| PiPi jfCacheMgr.exe Hi Markusg, danke für die Hilfe und sorry, dass das etwas gedauert hat. Um sicher zu gehen, habe ich zuerst ein Backup durchgeführt. Hier ist das Textdokument: [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799 |
28.02.2013, 16:58 | #6 |
/// Malware-holic | PiPi jfCacheMgr.exe ist zwar nicht das richtige, macht aber erst mal nichts. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> PiPi jfCacheMgr.exe |
01.03.2013, 09:39 | #7 |
| PiPi jfCacheMgr.exe 09:23:23.0963 4352 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 09:23:24.0119 4352 ============================================================ 09:23:24.0119 4352 Current date / time: 2013/03/01 09:23:24.0119 09:23:24.0119 4352 SystemInfo: 09:23:24.0119 4352 09:23:24.0119 4352 OS Version: 6.1.7601 ServicePack: 1.0 09:23:24.0119 4352 Product type: Workstation 09:23:24.0119 4352 ComputerName: **** 09:23:24.0119 4352 UserName: **** 09:23:24.0119 4352 Windows directory: C:\Windows 09:23:24.0119 4352 System windows directory: C:\Windows 09:23:24.0119 4352 Running under WOW64 09:23:24.0119 4352 Processor architecture: Intel x64 09:23:24.0119 4352 Number of processors: 4 09:23:24.0119 4352 Page size: 0x1000 09:23:24.0119 4352 Boot type: Normal boot 09:23:24.0119 4352 ============================================================ 09:23:24.0416 4352 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:23:24.0431 4352 ============================================================ 09:23:24.0431 4352 \Device\Harddisk0\DR0: 09:23:24.0431 4352 MBR partitions: 09:23:24.0431 4352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000 09:23:24.0431 4352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x107EA800 09:23:24.0431 4352 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x10AD9000, BlocksNum 0x1F40000 09:23:24.0431 4352 ============================================================ 09:23:24.0431 4352 C: <-> \Device\Harddisk0\DR0\Partition2 09:23:24.0431 4352 Q: <-> \Device\Harddisk0\DR0\Partition3 09:23:24.0431 4352 ============================================================ 09:23:24.0431 4352 Initialize success 09:23:24.0431 4352 ============================================================ 09:28:42.0971 7336 ============================================================ 09:28:42.0971 7336 Scan started 09:28:42.0971 7336 Mode: Manual; SigCheck; TDLFS; 09:28:42.0971 7336 ============================================================ 09:28:43.0143 7336 ================ Scan system memory ======================== 09:28:43.0143 7336 System memory - ok 09:28:43.0143 7336 ================ Scan services ============================= 09:28:43.0174 7336 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 09:28:43.0252 7336 1394ohci - ok 09:28:43.0267 7336 [ F4AF97702BAD85BFEF64B9A557F11B6F ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys 09:28:43.0314 7336 5U877 - ok 09:28:43.0314 7336 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 09:28:43.0330 7336 ACPI - ok 09:28:43.0330 7336 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 09:28:43.0377 7336 AcpiPmi - ok 09:28:43.0392 7336 [ DEECCADBD25F65D65293A09721B3A447 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe 09:28:43.0392 7336 AcPrfMgrSvc - ok 09:28:43.0408 7336 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys 09:28:43.0439 7336 acsock - ok 09:28:43.0460 7336 [ A7753804C6C66C9C80F4E29659FD721C ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe 09:28:43.0470 7336 AcSvc - ok 09:28:43.0475 7336 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:28:43.0482 7336 AdobeARMservice - ok 09:28:43.0502 7336 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 09:28:43.0512 7336 AdobeFlashPlayerUpdateSvc - ok 09:28:43.0520 7336 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 09:28:43.0535 7336 adp94xx - ok 09:28:43.0535 7336 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 09:28:43.0566 7336 adpahci - ok 09:28:43.0566 7336 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 09:28:43.0581 7336 adpu320 - ok 09:28:43.0581 7336 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 09:28:43.0628 7336 AeLookupSvc - ok 09:28:43.0644 7336 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 09:28:43.0659 7336 AFD - ok 09:28:43.0659 7336 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 09:28:43.0675 7336 agp440 - ok 09:28:43.0675 7336 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 09:28:43.0691 7336 ALG - ok 09:28:43.0706 7336 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 09:28:43.0706 7336 aliide - ok 09:28:43.0722 7336 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 09:28:43.0722 7336 amdide - ok 09:28:43.0722 7336 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 09:28:43.0737 7336 AmdK8 - ok 09:28:43.0753 7336 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 09:28:43.0753 7336 AmdPPM - ok 09:28:43.0769 7336 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 09:28:43.0800 7336 amdsata - ok 09:28:43.0815 7336 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 09:28:43.0831 7336 amdsbs - ok 09:28:43.0831 7336 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 09:28:43.0831 7336 amdxata - ok 09:28:43.0847 7336 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 09:28:43.0893 7336 AppID - ok 09:28:43.0893 7336 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 09:28:43.0925 7336 AppIDSvc - ok 09:28:43.0925 7336 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 09:28:43.0956 7336 Appinfo - ok 09:28:43.0971 7336 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 09:28:43.0971 7336 Apple Mobile Device - ok 09:28:43.0971 7336 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 09:28:44.0003 7336 AppMgmt - ok 09:28:44.0003 7336 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 09:28:44.0018 7336 arc - ok 09:28:44.0018 7336 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 09:28:44.0034 7336 arcsas - ok 09:28:44.0034 7336 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 09:28:44.0065 7336 AsyncMac - ok 09:28:44.0065 7336 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 09:28:44.0081 7336 atapi - ok 09:28:44.0081 7336 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 09:28:44.0143 7336 AudioEndpointBuilder - ok 09:28:44.0159 7336 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 09:28:44.0190 7336 AudioSrv - ok 09:28:44.0190 7336 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 09:28:44.0237 7336 AxInstSV - ok 09:28:44.0237 7336 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 09:28:44.0268 7336 b06bdrv - ok 09:28:44.0268 7336 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 09:28:44.0283 7336 b57nd60a - ok 09:28:44.0299 7336 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 09:28:44.0315 7336 BDESVC - ok 09:28:44.0315 7336 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 09:28:44.0346 7336 Beep - ok 09:28:44.0361 7336 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 09:28:44.0408 7336 BFE - ok 09:28:44.0424 7336 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 09:28:44.0455 7336 BITS - ok 09:28:44.0455 7336 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 09:28:44.0471 7336 blbdrive - ok 09:28:44.0486 7336 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 09:28:44.0502 7336 Bonjour Service - ok 09:28:44.0502 7336 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 09:28:44.0517 7336 bowser - ok 09:28:44.0517 7336 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 09:28:44.0533 7336 BrFiltLo - ok 09:28:44.0533 7336 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 09:28:44.0549 7336 BrFiltUp - ok 09:28:44.0549 7336 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 09:28:44.0595 7336 Browser - ok 09:28:44.0595 7336 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 09:28:44.0627 7336 Brserid - ok 09:28:44.0627 7336 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 09:28:44.0642 7336 BrSerWdm - ok 09:28:44.0642 7336 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 09:28:44.0658 7336 BrUsbMdm - ok 09:28:44.0658 7336 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 09:28:44.0673 7336 BrUsbSer - ok 09:28:44.0673 7336 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 09:28:44.0689 7336 BthEnum - ok 09:28:44.0705 7336 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 09:28:44.0705 7336 BTHMODEM - ok 09:28:44.0720 7336 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 09:28:44.0736 7336 BthPan - ok 09:28:44.0736 7336 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 09:28:44.0783 7336 BTHPORT - ok 09:28:44.0783 7336 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 09:28:44.0814 7336 bthserv - ok 09:28:44.0814 7336 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 09:28:44.0861 7336 BTHUSB - ok 09:28:44.0861 7336 [ 8834F87A6A745872894DF8223201A6C3 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys 09:28:44.0923 7336 BTWAMPFL - ok 09:28:44.0923 7336 [ 9863D82ECBEC6106D377ED73680D99D8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 09:28:44.0970 7336 btwaudio - ok 09:28:44.0970 7336 [ 3432DD66AE75AB2DE6D0527AD78DBFC7 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 09:28:45.0020 7336 btwavdt - ok 09:28:45.0035 7336 [ EB4AFE08FB39BB444F221D7D501E0915 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 09:28:45.0053 7336 btwdins - ok 09:28:45.0055 7336 [ 382DC5A631CED0462EA09B7EB898BDBF ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 09:28:45.0095 7336 btwl2cap - ok 09:28:45.0100 7336 [ 13A9C2CEDD44C175E6CA39A536795CA6 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 09:28:45.0140 7336 btwrchid - ok 09:28:45.0143 7336 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 09:28:45.0175 7336 cdfs - ok 09:28:45.0178 7336 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 09:28:45.0223 7336 cdrom - ok 09:28:45.0228 7336 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 09:28:45.0278 7336 CertPropSvc - ok 09:28:45.0283 7336 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 09:28:45.0298 7336 circlass - ok 09:28:45.0305 7336 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 09:28:45.0318 7336 CLFS - ok 09:28:45.0323 7336 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:28:45.0335 7336 clr_optimization_v2.0.50727_32 - ok 09:28:45.0340 7336 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:28:45.0353 7336 clr_optimization_v2.0.50727_64 - ok 09:28:45.0360 7336 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:28:45.0368 7336 clr_optimization_v4.0.30319_32 - ok 09:28:45.0378 7336 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:28:45.0388 7336 clr_optimization_v4.0.30319_64 - ok 09:28:45.0390 7336 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 09:28:45.0403 7336 CmBatt - ok 09:28:45.0405 7336 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 09:28:45.0418 7336 cmdide - ok 09:28:45.0425 7336 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 09:28:45.0443 7336 CNG - ok 09:28:45.0465 7336 [ DB6F09464C57606892BF6D2458483417 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 09:28:45.0513 7336 CnxtHdAudService - ok 09:28:45.0515 7336 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 09:28:45.0525 7336 Compbatt - ok 09:28:45.0528 7336 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 09:28:45.0565 7336 CompositeBus - ok 09:28:45.0565 7336 COMSysApp - ok 09:28:45.0581 7336 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 09:28:45.0591 7336 crcdisk - ok 09:28:45.0596 7336 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 09:28:45.0636 7336 CryptSvc - ok 09:28:45.0644 7336 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 09:28:45.0686 7336 CSC - ok 09:28:45.0702 7336 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 09:28:45.0725 7336 CscService - ok 09:28:45.0730 7336 [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe 09:28:45.0740 7336 CxAudMsg - ok 09:28:45.0745 7336 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 09:28:45.0785 7336 dc3d - ok 09:28:45.0787 7336 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 09:28:45.0818 7336 DcomLaunch - ok 09:28:45.0834 7336 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 09:28:45.0865 7336 defragsvc - ok 09:28:45.0865 7336 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 09:28:45.0896 7336 DfsC - ok 09:28:45.0896 7336 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 09:28:45.0943 7336 Dhcp - ok 09:28:45.0943 7336 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 09:28:45.0974 7336 discache - ok 09:28:45.0974 7336 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 09:28:45.0990 7336 Disk - ok 09:28:45.0990 7336 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 09:28:46.0037 7336 dmvsc - ok 09:28:46.0037 7336 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 09:28:46.0068 7336 Dnscache - ok 09:28:46.0084 7336 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 09:28:46.0130 7336 dot3svc - ok 09:28:46.0146 7336 [ 277247B79DA2230D0C3AEB83E6CD8CA7 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE 09:28:46.0193 7336 DozeSvc - ok 09:28:46.0208 7336 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 09:28:46.0224 7336 DPS - ok 09:28:46.0240 7336 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 09:28:46.0255 7336 drmkaud - ok 09:28:46.0255 7336 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 09:28:46.0318 7336 DXGKrnl - ok 09:28:46.0318 7336 [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys 09:28:46.0333 7336 DzHDD64 - ok 09:28:46.0333 7336 [ DC1776D086AA9733B1929A3D979D9FDD ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys 09:28:46.0380 7336 e1cexpress - ok 09:28:46.0380 7336 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 09:28:46.0411 7336 EapHost - ok 09:28:46.0442 7336 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 09:28:46.0505 7336 ebdrv - ok 09:28:46.0505 7336 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\Windows\system32\Drivers\wwuss64.sys 09:28:46.0536 7336 ecnssndis - ok 09:28:46.0552 7336 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\Windows\system32\Drivers\wwussf64.sys 09:28:46.0552 7336 ecnssndisfltr - ok 09:28:46.0552 7336 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 09:28:46.0598 7336 EFS - ok 09:28:46.0614 7336 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 09:28:46.0676 7336 ehRecvr - ok 09:28:46.0676 7336 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 09:28:46.0692 7336 ehSched - ok 09:28:46.0692 7336 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 09:28:46.0739 7336 ElbyCDIO - ok 09:28:46.0739 7336 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 09:28:46.0770 7336 elxstor - ok 09:28:46.0770 7336 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 09:28:46.0786 7336 ErrDev - ok 09:28:46.0801 7336 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 09:28:46.0817 7336 EventSystem - ok 09:28:46.0848 7336 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 09:28:46.0864 7336 EvtEng - ok 09:28:46.0864 7336 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 09:28:46.0910 7336 exfat - ok 09:28:46.0910 7336 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 09:28:46.0942 7336 fastfat - ok 09:28:46.0957 7336 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 09:28:46.0973 7336 Fax - ok 09:28:46.0973 7336 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 09:28:46.0988 7336 fdc - ok 09:28:46.0988 7336 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 09:28:47.0020 7336 fdPHost - ok 09:28:47.0020 7336 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 09:28:47.0051 7336 FDResPub - ok 09:28:47.0051 7336 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 09:28:47.0066 7336 FileInfo - ok 09:28:47.0066 7336 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 09:28:47.0098 7336 Filetrace - ok 09:28:47.0098 7336 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 09:28:47.0113 7336 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 09:28:47.0113 7336 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 09:28:47.0113 7336 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 09:28:47.0129 7336 flpydisk - ok 09:28:47.0129 7336 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 09:28:47.0144 7336 FltMgr - ok 09:28:47.0160 7336 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 09:28:47.0176 7336 FontCache - ok 09:28:47.0191 7336 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:28:47.0191 7336 FontCache3.0.0.0 - ok 09:28:47.0191 7336 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 09:28:47.0207 7336 FsDepends - ok 09:28:47.0207 7336 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 09:28:47.0254 7336 Fs_Rec - ok 09:28:47.0254 7336 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 09:28:47.0269 7336 fvevol - ok 09:28:47.0269 7336 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 09:28:47.0285 7336 gagp30kx - ok 09:28:47.0285 7336 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 09:28:47.0332 7336 GEARAspiWDM - ok 09:28:47.0332 7336 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 09:28:47.0394 7336 gpsvc - ok 09:28:47.0394 7336 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:28:47.0410 7336 gupdate - ok 09:28:47.0410 7336 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 09:28:47.0425 7336 gupdatem - ok 09:28:47.0425 7336 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 09:28:47.0472 7336 gusvc - ok 09:28:47.0488 7336 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 09:28:47.0503 7336 hcw85cir - ok 09:28:47.0503 7336 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 09:28:47.0550 7336 HdAudAddService - ok 09:28:47.0550 7336 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 09:28:47.0566 7336 HDAudBus - ok 09:28:47.0566 7336 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 09:28:47.0581 7336 HidBatt - ok 09:28:47.0581 7336 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 09:28:47.0597 7336 HidBth - ok 09:28:47.0597 7336 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 09:28:47.0612 7336 HidIr - ok 09:28:47.0628 7336 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 09:28:47.0644 7336 hidserv - ok 09:28:47.0659 7336 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 09:28:47.0690 7336 HidUsb - ok 09:28:47.0690 7336 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 09:28:47.0753 7336 hkmsvc - ok 09:28:47.0753 7336 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 09:28:47.0768 7336 HomeGroupListener - ok 09:28:47.0768 7336 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 09:28:47.0784 7336 HomeGroupProvider - ok 09:28:47.0800 7336 [ F5F4818A15AF6128A2BADD1B1F102413 ] HP DS Service C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe 09:28:47.0831 7336 HP DS Service ( UnsignedFile.Multi.Generic ) - warning 09:28:47.0831 7336 HP DS Service - detected UnsignedFile.Multi.Generic (1) 09:28:47.0831 7336 [ 3755C0F9D2A0CBE1CC0C37410725533A ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe 09:28:47.0846 7336 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning 09:28:47.0846 7336 HP LaserJet Service - detected UnsignedFile.Multi.Generic (1) 09:28:47.0846 7336 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 09:28:47.0893 7336 HpSAMD - ok 09:28:47.0909 7336 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 09:28:47.0940 7336 HTTP - ok 09:28:47.0940 7336 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 09:28:47.0956 7336 hwpolicy - ok 09:28:47.0956 7336 [ E935C8099F9196BF19224D9EE4808612 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe 09:28:47.0971 7336 HyperW7Svc - ok 09:28:47.0971 7336 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 09:28:47.0987 7336 i8042prt - ok 09:28:47.0987 7336 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys 09:28:48.0002 7336 iaStor - ok 09:28:48.0018 7336 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 09:28:48.0065 7336 iaStorV - ok 09:28:48.0065 7336 [ 29ED470689B7C597A9701D6A4C57A578 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys 09:28:48.0114 7336 IBMPMDRV - ok 09:28:48.0117 7336 [ BC7AF43EEC24E995D770EC92A441D5D8 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe 09:28:48.0124 7336 IBMPMSVC - ok 09:28:48.0137 7336 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:28:48.0187 7336 idsvc - ok 09:28:48.0358 7336 [ 33FAA40B288002C89529DBD14F3AB72C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 09:28:48.0592 7336 igfx - ok 09:28:48.0592 7336 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 09:28:48.0608 7336 iirsp - ok 09:28:48.0608 7336 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 09:28:48.0670 7336 IKEEXT - ok 09:28:48.0686 7336 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 09:28:48.0733 7336 IntcDAud - ok 09:28:48.0733 7336 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 09:28:48.0748 7336 intelide - ok 09:28:48.0748 7336 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 09:28:48.0748 7336 intelppm - ok 09:28:48.0764 7336 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 09:28:48.0795 7336 IPBusEnum - ok 09:28:48.0795 7336 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:28:48.0842 7336 IpFilterDriver - ok 09:28:48.0857 7336 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 09:28:48.0873 7336 iphlpsvc - ok 09:28:48.0889 7336 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 09:28:48.0920 7336 IPMIDRV - ok 09:28:48.0935 7336 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 09:28:48.0951 7336 IPNAT - ok 09:28:48.0982 7336 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 09:28:48.0982 7336 iPod Service - ok 09:28:48.0998 7336 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 09:28:49.0013 7336 IRENUM - ok 09:28:49.0013 7336 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 09:28:49.0029 7336 isapnp - ok 09:28:49.0029 7336 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 09:28:49.0076 7336 iScsiPrt - ok 09:28:49.0076 7336 [ 6C85719A21B3F62C2C76280F4BD36C7B ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe 09:28:49.0091 7336 jhi_service - ok 09:28:49.0091 7336 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 09:28:49.0107 7336 kbdclass - ok 09:28:49.0107 7336 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 09:28:49.0154 7336 kbdhid - ok 09:28:49.0154 7336 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 09:28:49.0169 7336 KeyIso - ok 09:28:49.0169 7336 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 09:28:49.0185 7336 KSecDD - ok 09:28:49.0185 7336 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 09:28:49.0201 7336 KSecPkg - ok 09:28:49.0201 7336 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 09:28:49.0232 7336 ksthunk - ok 09:28:49.0232 7336 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 09:28:49.0263 7336 KtmRm - ok 09:28:49.0279 7336 [ F761A831C9DC8D0204B7FB43E3A896B7 ] l36wgps C:\Windows\system32\DRIVERS\l36wgps64.sys 09:28:49.0310 7336 l36wgps - ok 09:28:49.0325 7336 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 09:28:49.0372 7336 LanmanServer - ok 09:28:49.0372 7336 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 09:28:49.0419 7336 LanmanWorkstation - ok 09:28:49.0435 7336 [ 56B74943929BC575914631EDC0E72220 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 09:28:49.0435 7336 LENOVO.CAMMUTE - ok 09:28:49.0435 7336 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 09:28:49.0450 7336 LENOVO.MICMUTE - ok 09:28:49.0450 7336 [ 2BD420494B7B0EE762B758C5CC4963D4 ] Lenovo.RapidDrive.Advanced.Svc C:\Program Files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe 09:28:49.0466 7336 Lenovo.RapidDrive.Advanced.Svc ( UnsignedFile.Multi.Generic ) - warning 09:28:49.0466 7336 Lenovo.RapidDrive.Advanced.Svc - detected UnsignedFile.Multi.Generic (1) 09:28:49.0466 7336 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys 09:28:49.0497 7336 lenovo.smi - ok 09:28:49.0513 7336 [ F9B51B2A5DA1222A910021C71E9EA559 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 09:28:49.0513 7336 LENOVO.TPKNRSVC - ok 09:28:49.0513 7336 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 09:28:49.0528 7336 Lenovo.VIRTSCRLSVC - ok 09:28:49.0528 7336 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 09:28:49.0559 7336 lltdio - ok 09:28:49.0559 7336 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 09:28:49.0591 7336 lltdsvc - ok 09:28:49.0606 7336 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 09:28:49.0637 7336 lmhosts - ok 09:28:49.0637 7336 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 09:28:49.0653 7336 LMS - ok 09:28:49.0653 7336 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 09:28:49.0669 7336 LSI_FC - ok 09:28:49.0669 7336 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 09:28:49.0684 7336 LSI_SAS - ok 09:28:49.0684 7336 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 09:28:49.0700 7336 LSI_SAS2 - ok 09:28:49.0700 7336 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 09:28:49.0715 7336 LSI_SCSI - ok 09:28:49.0715 7336 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 09:28:49.0747 7336 luafv - ok 09:28:49.0747 7336 [ D8BA1ECBF0B9A4B4E1F3B7EB517D6C20 ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys 09:28:49.0793 7336 Mbm3CBus - ok 09:28:49.0809 7336 [ 01E60917101B309E15F30DA26ACF64F6 ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys 09:28:49.0856 7336 Mbm3DevMt - ok 09:28:49.0856 7336 [ 6350A2CA21FB7B14432EFFDC61863AED ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys 09:28:49.0903 7336 Mbm3mdfl - ok 09:28:49.0903 7336 [ 9FC3A8713D148E15D0472E1C44DD0FDA ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys 09:28:49.0949 7336 Mbm3Mdm - ok 09:28:49.0949 7336 [ 062D80F13D762F7BC2F38430D60F5048 ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe 09:28:49.0965 7336 McAfeeFramework - ok 09:28:49.0965 7336 [ 3243E462DE3D307B8B1F85707BE0CBFC ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 09:28:49.0981 7336 McShield - ok 09:28:49.0981 7336 [ 462EB5733C52471DB574727B5D1F77E4 ] McTaskManager C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe 09:28:49.0996 7336 McTaskManager - ok 09:28:49.0996 7336 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 09:28:50.0027 7336 Mcx2Svc - ok 09:28:50.0043 7336 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 09:28:50.0043 7336 megasas - ok 09:28:50.0059 7336 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 09:28:50.0074 7336 MegaSR - ok 09:28:50.0074 7336 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 09:28:50.0121 7336 MEIx64 - ok 09:28:50.0121 7336 [ A8010E2442349DF1EDE61258415406DE ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 09:28:50.0137 7336 mfeapfk - ok 09:28:50.0137 7336 [ 0152DBEF3AC1BFDCFEB67488FECFFBF7 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 09:28:50.0183 7336 mfeavfk - ok 09:28:50.0183 7336 mfeavfk01 - ok 09:28:50.0199 7336 [ DD61B7472629163AC86C73FF5CB8C090 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 09:28:50.0215 7336 mfehidk - ok 09:28:50.0215 7336 [ 63AF163F785600BE49C35429ADADCEB2 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 09:28:50.0246 7336 mferkdet - ok 09:28:50.0261 7336 [ 832FF782C16081535956403C488A9391 ] mfevtp C:\Windows\system32\mfevtps.exe 09:28:50.0261 7336 mfevtp - ok 09:28:50.0277 7336 [ A07AE92232E9C1023D8011F5F48723C5 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 09:28:50.0277 7336 mfewfpk - ok 09:28:50.0293 7336 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 09:28:50.0293 7336 Microsoft Office Groove Audit Service - ok 09:28:50.0293 7336 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 09:28:50.0324 7336 MMCSS - ok 09:28:50.0324 7336 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 09:28:50.0355 7336 Modem - ok 09:28:50.0355 7336 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 09:28:50.0371 7336 monitor - ok 09:28:50.0371 7336 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 09:28:50.0386 7336 mouclass - ok 09:28:50.0386 7336 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 09:28:50.0402 7336 mouhid - ok 09:28:50.0402 7336 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 09:28:50.0417 7336 mountmgr - ok 09:28:50.0417 7336 [ ECE7906E074FA5AAC14AF711F65AC979 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 09:28:50.0464 7336 MozillaMaintenance - ok 09:28:50.0480 7336 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 09:28:50.0527 7336 mpio - ok 09:28:50.0527 7336 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 09:28:50.0558 7336 mpsdrv - ok 09:28:50.0573 7336 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 09:28:50.0620 7336 MpsSvc - ok 09:28:50.0620 7336 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 09:28:50.0683 7336 MRxDAV - ok 09:28:50.0683 7336 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 09:28:50.0698 7336 mrxsmb - ok 09:28:50.0698 7336 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:28:50.0714 7336 mrxsmb10 - ok 09:28:50.0714 7336 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:28:50.0729 7336 mrxsmb20 - ok 09:28:50.0729 7336 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 09:28:50.0776 7336 msahci - ok 09:28:50.0776 7336 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 09:28:50.0837 7336 msdsm - ok 09:28:50.0842 7336 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 09:28:50.0857 7336 MSDTC - ok 09:28:50.0862 7336 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 09:28:50.0889 7336 Msfs - ok 09:28:50.0892 7336 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 09:28:50.0922 7336 mshidkmdf - ok 09:28:50.0927 7336 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 09:28:50.0934 7336 msisadrv - ok 09:28:50.0937 7336 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 09:28:50.0973 7336 MSiSCSI - ok 09:28:50.0973 7336 msiserver - ok 09:28:50.0978 7336 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 09:28:51.0008 7336 MSKSSRV - ok 09:28:51.0011 7336 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 09:28:51.0041 7336 MSPCLOCK - ok 09:28:51.0043 7336 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 09:28:51.0071 7336 MSPQM - ok 09:28:51.0078 7336 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 09:28:51.0091 7336 MsRPC - ok 09:28:51.0093 7336 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 09:28:51.0103 7336 mssmbios - ok 09:28:51.0106 7336 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 09:28:51.0136 7336 MSTEE - ok 09:28:51.0139 7336 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 09:28:51.0151 7336 MTConfig - ok 09:28:51.0154 7336 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 09:28:51.0164 7336 Mup - ok 09:28:51.0171 7336 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 09:28:51.0202 7336 napagent - ok 09:28:51.0209 7336 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 09:28:51.0229 7336 NativeWifiP - ok 09:28:51.0244 7336 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 09:28:51.0262 7336 NDIS - ok 09:28:51.0264 7336 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 09:28:51.0294 7336 NdisCap - ok 09:28:51.0299 7336 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 09:28:51.0327 7336 NdisTapi - ok 09:28:51.0332 7336 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 09:28:51.0390 7336 Ndisuio - ok 09:28:51.0395 7336 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 09:28:51.0455 7336 NdisWan - ok 09:28:51.0457 7336 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 09:28:51.0512 7336 NDProxy - ok 09:28:51.0520 7336 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 09:28:51.0522 7336 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:28:51.0522 7336 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:28:51.0522 7336 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 09:28:51.0556 7336 NetBIOS - ok 09:28:51.0561 7336 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 09:28:51.0583 7336 NetBT - ok 09:28:51.0583 7336 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 09:28:51.0599 7336 Netlogon - ok 09:28:51.0599 7336 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 09:28:51.0630 7336 Netman - ok 09:28:51.0645 7336 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 09:28:51.0677 7336 netprofm - ok 09:28:51.0677 7336 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:28:51.0692 7336 NetTcpPortSharing - ok 09:28:51.0770 7336 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 09:28:52.0004 7336 NETwNs64 - ok 09:28:52.0004 7336 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 09:28:52.0020 7336 nfrd960 - ok 09:28:52.0035 7336 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 09:28:52.0035 7336 NlaSvc - ok 09:28:52.0051 7336 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 09:28:52.0067 7336 Npfs - ok 09:28:52.0067 7336 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 09:28:52.0098 7336 nsi - ok 09:28:52.0098 7336 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 09:28:52.0129 7336 nsiproxy - ok 09:28:52.0145 7336 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 09:28:52.0176 7336 Ntfs - ok 09:28:52.0191 7336 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 09:28:52.0207 7336 Null - ok 09:28:52.0223 7336 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys 09:28:52.0269 7336 nusb3hub - ok 09:28:52.0269 7336 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys 09:28:52.0316 7336 nusb3xhc - ok 09:28:52.0316 7336 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 09:28:52.0363 7336 nvraid - ok 09:28:52.0363 7336 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 09:28:52.0410 7336 nvstor - ok 09:28:52.0410 7336 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 09:28:52.0425 7336 nv_agp - ok 09:28:52.0441 7336 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 09:28:52.0503 7336 odserv - ok 09:28:52.0503 7336 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 09:28:52.0519 7336 ohci1394 - ok 09:28:52.0519 7336 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:28:52.0566 7336 ose - ok 09:28:52.0581 7336 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 09:28:52.0597 7336 p2pimsvc - ok 09:28:52.0597 7336 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 09:28:52.0613 7336 p2psvc - ok 09:28:52.0613 7336 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 09:28:52.0628 7336 Parport - ok 09:28:52.0628 7336 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 09:28:52.0644 7336 partmgr - ok 09:28:52.0644 7336 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 09:28:52.0675 7336 PcaSvc - ok 09:28:52.0675 7336 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 09:28:52.0675 7336 pci - ok 09:28:52.0691 7336 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 09:28:52.0691 7336 pciide - ok 09:28:52.0706 7336 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 09:28:52.0722 7336 pcmcia - ok 09:28:52.0722 7336 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 09:28:52.0722 7336 pcw - ok 09:28:52.0737 7336 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 09:28:52.0784 7336 PEAUTH - ok 09:28:52.0800 7336 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 09:28:52.0815 7336 PeerDistSvc - ok 09:28:52.0847 7336 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 09:28:52.0847 7336 PerfHost - ok 09:28:52.0862 7336 [ 52C9F4359AF4A25969B882AECC6F3BDA ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS 09:28:52.0862 7336 PHCORE - ok 09:28:52.0878 7336 [ 3BF51EA69AD71253C4D8A4FEF0DBA5F7 ] PIPIStartSvr C:\pipi\PIPIStartSvr.exe 09:28:52.0925 7336 PIPIStartSvr - ok 09:28:52.0940 7336 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 09:28:53.0003 7336 pla - ok 09:28:53.0018 7336 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 09:28:53.0065 7336 PlugPlay - ok 09:28:53.0065 7336 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 09:28:53.0065 7336 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 09:28:53.0065 7336 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 09:28:53.0065 7336 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 09:28:53.0081 7336 PNRPAutoReg - ok 09:28:53.0096 7336 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 09:28:53.0096 7336 PNRPsvc - ok 09:28:53.0112 7336 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys 09:28:53.0143 7336 Point64 - ok 09:28:53.0159 7336 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 09:28:53.0190 7336 PolicyAgent - ok 09:28:53.0190 7336 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll 09:28:53.0205 7336 Power - ok 09:28:53.0221 7336 [ 0BF1D6B41E4D4376BE4E4FA31D1A88C0 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 09:28:53.0252 7336 Power Manager DBC Service - ok 09:28:53.0268 7336 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 09:28:53.0315 7336 PptpMiniport - ok 09:28:53.0330 7336 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 09:28:53.0330 7336 Processor - ok 09:28:53.0346 7336 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 09:28:53.0377 7336 ProfSvc - ok 09:28:53.0393 7336 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 09:28:53.0393 7336 ProtectedStorage - ok 09:28:53.0393 7336 [ B8035AF9CC0CCBA9A09AC0A0D9801797 ] psadd C:\Windows\system32\DRIVERS\psadd.sys 09:28:53.0439 7336 psadd - ok 09:28:53.0439 7336 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 09:28:53.0471 7336 Psched - ok 09:28:53.0471 7336 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 09:28:53.0486 7336 PSI_SVC_2 - ok 09:28:53.0486 7336 [ D20BF8B293EB90E3C4ED2F38B51948A1 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE 09:28:53.0549 7336 PwmEWSvc - ok 09:28:53.0564 7336 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 09:28:53.0611 7336 ql2300 - ok 09:28:53.0611 7336 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 09:28:53.0627 7336 ql40xx - ok 09:28:53.0627 7336 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 09:28:53.0658 7336 QWAVE - ok 09:28:53.0658 7336 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 09:28:53.0673 7336 QWAVEdrv - ok 09:28:53.0673 7336 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 09:28:53.0705 7336 RasAcd - ok 09:28:53.0705 7336 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 09:28:53.0736 7336 RasAgileVpn - ok 09:28:53.0736 7336 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 09:28:53.0767 7336 RasAuto - ok 09:28:53.0783 7336 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 09:28:53.0829 7336 Rasl2tp - ok 09:28:53.0845 7336 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 09:28:53.0892 7336 RasMan - ok 09:28:53.0907 7336 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 09:28:53.0939 7336 RasPppoe - ok 09:28:53.0939 7336 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 09:28:53.0970 7336 RasSstp - ok 09:28:53.0970 7336 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 09:28:54.0001 7336 rdbss - ok 09:28:54.0001 7336 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 09:28:54.0017 7336 rdpbus - ok 09:28:54.0017 7336 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 09:28:54.0048 7336 RDPCDD - ok 09:28:54.0048 7336 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 09:28:54.0095 7336 RDPDR - ok 09:28:54.0095 7336 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 09:28:54.0126 7336 RDPENCDD - ok 09:28:54.0126 7336 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 09:28:54.0157 7336 RDPREFMP - ok 09:28:54.0157 7336 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 09:28:54.0219 7336 RDPWD - ok 09:28:54.0219 7336 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 09:28:54.0235 7336 rdyboost - ok 09:28:54.0235 7336 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 09:28:54.0251 7336 RegSrvc - ok 09:28:54.0266 7336 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 09:28:54.0297 7336 RemoteAccess - ok 09:28:54.0297 7336 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 09:28:54.0329 7336 RemoteRegistry - ok 09:28:54.0329 7336 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 09:28:54.0344 7336 RFCOMM - ok 09:28:54.0360 7336 [ 5A227511ED22DDFEDF7EF7323C8F7D2F ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys 09:28:54.0407 7336 risdxc - ok 09:28:54.0407 7336 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 09:28:54.0438 7336 RpcEptMapper - ok 09:28:54.0438 7336 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 09:28:54.0453 7336 RpcLocator - ok 09:28:54.0469 7336 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 09:28:54.0500 7336 RpcSs - ok 09:28:54.0500 7336 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 09:28:54.0531 7336 rspndr - ok 09:28:54.0531 7336 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 09:28:54.0563 7336 s3cap - ok 09:28:54.0578 7336 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 09:28:54.0578 7336 SamSs - ok 09:28:54.0578 7336 SAService - ok 09:28:54.0594 7336 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 09:28:54.0641 7336 sbp2port - ok 09:28:54.0641 7336 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 09:28:54.0672 7336 SCardSvr - ok 09:28:54.0672 7336 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 09:28:54.0734 7336 scfilter - ok 09:28:54.0750 7336 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 09:28:54.0812 7336 Schedule - ok 09:28:54.0812 7336 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 09:28:54.0843 7336 SCPolicySvc - ok 09:28:54.0843 7336 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 09:28:54.0859 7336 SDRSVC - ok 09:28:54.0859 7336 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 09:28:54.0890 7336 secdrv - ok 09:28:54.0890 7336 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 09:28:54.0953 7336 seclogon - ok 09:28:54.0953 7336 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 09:28:54.0984 7336 SENS - ok 09:28:54.0984 7336 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 09:28:54.0999 7336 SensrSvc - ok 09:28:54.0999 7336 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 09:28:55.0015 7336 Serenum - ok 09:28:55.0015 7336 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 09:28:55.0031 7336 Serial - ok 09:28:55.0031 7336 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 09:28:55.0046 7336 sermouse - ok 09:28:55.0046 7336 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 09:28:55.0109 7336 SessionEnv - ok 09:28:55.0109 7336 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 09:28:55.0124 7336 sffdisk - ok 09:28:55.0124 7336 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 09:28:55.0140 7336 sffp_mmc - ok 09:28:55.0140 7336 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 09:28:55.0187 7336 sffp_sd - ok 09:28:55.0187 7336 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 09:28:55.0202 7336 sfloppy - ok 09:28:55.0202 7336 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 09:28:55.0249 7336 SharedAccess - ok 09:28:55.0249 7336 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 09:28:55.0296 7336 ShellHWDetection - ok 09:28:55.0311 7336 [ E2FC046D4EDABFE3B5EF7DA06406277D ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys 09:28:55.0311 7336 Shockprf - ok 09:28:55.0327 7336 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 09:28:55.0327 7336 SiSRaid2 - ok 09:28:55.0343 7336 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 09:28:55.0343 7336 SiSRaid4 - ok 09:28:55.0374 7336 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 09:28:55.0421 7336 Skype C2C Service - ok 09:28:55.0421 7336 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 09:28:55.0436 7336 SkypeUpdate - ok 09:28:55.0436 7336 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 09:28:55.0467 7336 Smb - ok 09:28:55.0467 7336 [ C5B1A19B14F19B08AE72FCB20A3075B6 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 09:28:55.0483 7336 smihlp - ok 09:28:55.0483 7336 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 09:28:55.0499 7336 SNMPTRAP - ok 09:28:55.0499 7336 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 09:28:55.0514 7336 spldr - ok 09:28:55.0530 7336 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 09:28:55.0577 7336 Spooler - ok 09:28:55.0608 7336 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 09:28:55.0670 7336 sppsvc - ok 09:28:55.0670 7336 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 09:28:55.0701 7336 sppuinotify - ok 09:28:55.0701 7336 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 09:28:55.0733 7336 srv - ok 09:28:55.0733 7336 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 09:28:55.0748 7336 srv2 - ok 09:28:55.0748 7336 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 09:28:55.0764 7336 srvnet - ok 09:28:55.0764 7336 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 09:28:55.0795 7336 SSDPSRV - ok 09:28:55.0795 7336 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 09:28:55.0826 7336 SstpSvc - ok 09:28:55.0826 7336 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 09:28:55.0842 7336 stexstor - ok 09:28:55.0857 7336 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 09:28:55.0889 7336 stisvc - ok 09:28:55.0904 7336 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 09:28:55.0904 7336 storflt - ok 09:28:55.0904 7336 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 09:28:55.0920 7336 StorSvc - ok 09:28:55.0935 7336 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 09:28:55.0967 7336 storvsc - ok 09:28:55.0982 7336 [ 6EA2F517373771CAC5188E82617C9C0B ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe 09:28:55.0982 7336 SUService ( UnsignedFile.Multi.Generic ) - warning 09:28:55.0982 7336 SUService - detected UnsignedFile.Multi.Generic (1) 09:28:55.0982 7336 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 09:28:55.0998 7336 swenum - ok 09:28:55.0998 7336 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 09:28:56.0029 7336 swprv - ok 09:28:56.0045 7336 [ FFDD13B42D4B106AC9FAFBB0E1F7FAA5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 09:28:56.0107 7336 SynTP - ok 09:28:56.0123 7336 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 09:28:56.0154 7336 SysMain - ok 09:28:56.0154 7336 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 09:28:56.0201 7336 TabletInputService - ok 09:28:56.0201 7336 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 09:28:56.0232 7336 TapiSrv - ok 09:28:56.0232 7336 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 09:28:56.0263 7336 TBS - ok 09:28:56.0279 7336 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 09:28:56.0310 7336 Tcpip - ok 09:28:56.0341 7336 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 09:28:56.0372 7336 TCPIP6 - ok 09:28:56.0372 7336 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 09:28:56.0419 7336 tcpipreg - ok 09:28:56.0419 7336 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 09:28:56.0435 7336 TDPIPE - ok 09:28:56.0435 7336 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 09:28:56.0481 7336 TDTCP - ok 09:28:56.0481 7336 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 09:28:56.0544 7336 tdx - ok 09:28:56.0544 7336 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 09:28:56.0575 7336 TermDD - ok 09:28:56.0596 7336 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 09:28:56.0659 7336 TermService - ok 09:28:56.0661 7336 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 09:28:56.0679 7336 Themes - ok 09:28:56.0681 7336 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 09:28:56.0709 7336 THREADORDER - ok 09:28:56.0714 7336 [ 55B7FE3E1D3B616BDC4E9EA48D92D6E6 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys 09:28:56.0721 7336 TPDIGIMN - ok 09:28:56.0724 7336 [ F0684C62ED8FD3061CD488ECFC851022 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe 09:28:56.0731 7336 TPHDEXLGSVC - ok 09:28:56.0736 7336 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 09:28:56.0746 7336 TPHKLOAD - ok 09:28:56.0749 7336 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 09:28:56.0756 7336 TPHKSVC - ok 09:28:56.0759 7336 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys 09:28:56.0771 7336 TPM - ok 09:28:56.0776 7336 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys 09:28:56.0816 7336 TPPWRIF - ok 09:28:56.0821 7336 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 09:28:56.0851 7336 TrkWks - ok 09:28:56.0856 7336 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 09:28:56.0884 7336 TrustedInstaller - ok 09:28:56.0889 7336 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 09:28:56.0949 7336 tssecsrv - ok 09:28:56.0951 7336 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 09:28:56.0999 7336 TsUsbFlt - ok 09:28:57.0001 7336 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 09:28:57.0044 7336 TsUsbGD - ok 09:28:57.0049 7336 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 09:28:57.0107 7336 tunnel - ok 09:28:57.0112 7336 [ 4DAAE0413CD4E816258838E2FAFB3147 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys 09:28:57.0152 7336 TVTI2C - ok 09:28:57.0157 7336 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 09:28:57.0169 7336 uagp35 - ok 09:28:57.0174 7336 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 09:28:57.0237 7336 udfs - ok 09:28:57.0242 7336 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 09:28:57.0257 7336 UI0Detect - ok 09:28:57.0262 7336 [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 09:28:57.0267 7336 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning 09:28:57.0267 7336 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1) 09:28:57.0272 7336 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 09:28:57.0282 7336 uliagpkx - ok 09:28:57.0287 7336 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 09:28:57.0329 7336 umbus - ok 09:28:57.0332 7336 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 09:28:57.0344 7336 UmPass - ok 09:28:57.0349 7336 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 09:28:57.0387 7336 UmRdpService - ok 09:28:57.0412 7336 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 09:28:57.0444 7336 UNS - ok 09:28:57.0444 7336 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 09:28:57.0475 7336 upnphost - ok 09:28:57.0490 7336 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 09:28:57.0522 7336 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning 09:28:57.0522 7336 USBAAPL64 - detected UnsignedFile.Multi.Generic (1) 09:28:57.0522 7336 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 09:28:57.0568 7336 usbaudio - ok 09:28:57.0568 7336 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 09:28:57.0615 7336 usbccgp - ok 09:28:57.0615 7336 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 09:28:57.0631 7336 usbcir - ok 09:28:57.0631 7336 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 09:28:57.0678 7336 usbehci - ok 09:28:57.0678 7336 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 09:28:57.0724 7336 usbhub - ok 09:28:57.0740 7336 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 09:28:57.0771 7336 usbohci - ok 09:28:57.0787 7336 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 09:28:57.0802 7336 usbprint - ok 09:28:57.0802 7336 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 09:28:57.0818 7336 usbscan - ok 09:28:57.0818 7336 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 09:28:57.0865 7336 USBSTOR - ok 09:28:57.0865 7336 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 09:28:57.0912 7336 usbuhci - ok 09:28:57.0912 7336 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 09:28:57.0958 7336 usbvideo - ok 09:28:57.0958 7336 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 09:28:57.0990 7336 UxSms - ok 09:28:57.0990 7336 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 09:28:58.0005 7336 VaultSvc - ok 09:28:58.0005 7336 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys 09:28:58.0052 7336 VClone - ok 09:28:58.0052 7336 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 09:28:58.0068 7336 vdrvroot - ok 09:28:58.0068 7336 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 09:28:58.0146 7336 vds - ok 09:28:58.0146 7336 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 09:28:58.0161 7336 vga - ok 09:28:58.0161 7336 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 09:28:58.0192 7336 VgaSave - ok 09:28:58.0192 7336 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 09:28:58.0239 7336 vhdmp - ok 09:28:58.0239 7336 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 09:28:58.0255 7336 viaide - ok 09:28:58.0255 7336 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 09:28:58.0302 7336 vmbus - ok 09:28:58.0302 7336 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 09:28:58.0348 7336 VMBusHID - ok 09:28:58.0348 7336 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 09:28:58.0364 7336 volmgr - ok 09:28:58.0364 7336 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 09:28:58.0380 7336 volmgrx - ok 09:28:58.0380 7336 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 09:28:58.0395 7336 volsnap - ok 09:28:58.0411 7336 [ E23BC9B12EF85B58083A6985F9BE3C44 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 09:28:58.0426 7336 vpnagent - ok 09:28:58.0426 7336 [ A8D4FED106B4BD337DF3DA20BA44E18E ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys 09:28:58.0458 7336 vpnva - ok 09:28:58.0473 7336 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 09:28:58.0489 7336 vsmraid - ok 09:28:58.0504 7336 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 09:28:58.0536 7336 VSS - ok 09:28:58.0551 7336 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 09:28:58.0567 7336 vwifibus - ok 09:28:58.0567 7336 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 09:28:58.0582 7336 vwififlt - ok 09:28:58.0582 7336 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 09:28:58.0598 7336 vwifimp - ok 09:28:58.0614 7336 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 09:28:58.0645 7336 W32Time - ok 09:28:58.0645 7336 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 09:28:58.0660 7336 WacomPen - ok 09:28:58.0660 7336 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 09:28:58.0723 7336 WANARP - ok 09:28:58.0723 7336 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 09:28:58.0754 7336 Wanarpv6 - ok 09:28:58.0770 7336 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 09:28:58.0848 7336 WatAdminSvc - ok 09:28:58.0863 7336 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 09:28:58.0926 7336 wbengine - ok 09:28:58.0926 7336 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 09:28:58.0941 7336 WbioSrvc - ok 09:28:58.0957 7336 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 09:28:58.0972 7336 wcncsvc - ok 09:28:58.0972 7336 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 09:28:58.0988 7336 WcsPlugInService - ok 09:28:58.0988 7336 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 09:28:59.0004 7336 Wd - ok 09:28:59.0004 7336 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys 09:28:59.0050 7336 WDC_SAM - ok 09:28:59.0066 7336 [ EAB3C68E3C38646AC5D5225F9D943D12 ] WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 09:28:59.0066 7336 WDDMService.exe ( UnsignedFile.Multi.Generic ) - warning 09:28:59.0066 7336 WDDMService.exe - detected UnsignedFile.Multi.Generic (1) 09:28:59.0082 7336 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 09:28:59.0097 7336 Wdf01000 - ok 09:28:59.0097 7336 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 09:28:59.0128 7336 WdiServiceHost - ok 09:28:59.0128 7336 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 09:28:59.0144 7336 WdiSystemHost - ok 09:28:59.0144 7336 [ 138AB06ADBBF300AA804D7974A5AEC82 ] WDSmartWareBackgroundService C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe 09:28:59.0144 7336 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning 09:28:59.0144 7336 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1) 09:28:59.0160 7336 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 09:28:59.0191 7336 WebClient - ok 09:28:59.0206 7336 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 09:28:59.0238 7336 Wecsvc - ok 09:28:59.0238 7336 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 09:28:59.0269 7336 wercplsupport - ok 09:28:59.0269 7336 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 09:28:59.0300 7336 WerSvc - ok 09:28:59.0300 7336 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 09:28:59.0331 7336 WfpLwf - ok 09:28:59.0331 7336 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 09:28:59.0347 7336 WIMMount - ok 09:28:59.0347 7336 WinDefend - ok 09:28:59.0347 7336 WinHttpAutoProxySvc - ok 09:28:59.0362 7336 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 09:28:59.0394 7336 Winmgmt - ok 09:28:59.0409 7336 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 09:28:59.0487 7336 WinRM - ok 09:28:59.0503 7336 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 09:28:59.0550 7336 WinUsb - ok 09:28:59.0565 7336 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 09:28:59.0581 7336 Wlansvc - ok 09:28:59.0596 7336 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 09:28:59.0628 7336 wlcrasvc - ok 09:28:59.0659 7336 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:28:59.0690 7336 wlidsvc - ok 09:28:59.0706 7336 WMCoreService - ok 09:28:59.0706 7336 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 09:28:59.0721 7336 WmiAcpi - ok 09:28:59.0721 7336 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 09:28:59.0737 7336 wmiApSrv - ok 09:28:59.0737 7336 WMPNetworkSvc - ok 09:28:59.0737 7336 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 09:28:59.0752 7336 WPCSvc - ok 09:28:59.0768 7336 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 09:28:59.0768 7336 WPDBusEnum - ok 09:28:59.0784 7336 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 09:28:59.0799 7336 ws2ifsl - ok 09:28:59.0815 7336 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 09:28:59.0830 7336 wscsvc - ok 09:28:59.0830 7336 WSearch - ok 09:28:59.0846 7336 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 09:28:59.0893 7336 wuauserv - ok 09:28:59.0893 7336 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 09:28:59.0940 7336 WudfPf - ok 09:28:59.0940 7336 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 09:28:59.0986 7336 WUDFRd - ok 09:28:59.0986 7336 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 09:29:00.0018 7336 wudfsvc - ok 09:29:00.0033 7336 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 09:29:00.0049 7336 WwanSvc - ok 09:29:00.0064 7336 [ 63DD9FFD416D66959C9DA57D8B001531 ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp64.sys 09:29:00.0096 7336 WwanUsbServ - ok 09:29:00.0111 7336 ================ Scan global =============================== 09:29:00.0127 7336 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 09:29:00.0127 7336 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 09:29:00.0174 7336 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 09:29:00.0174 7336 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 09:29:00.0174 7336 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 09:29:00.0189 7336 [Global] - ok 09:29:00.0189 7336 ================ Scan MBR ================================== 09:29:00.0189 7336 [ C6805E24642393A06493D40A91C061CB ] \Device\Harddisk0\DR0 09:29:00.0298 7336 \Device\Harddisk0\DR0 - ok 09:29:00.0298 7336 ================ Scan VBR ================================== 09:29:00.0314 7336 [ B5D8B9034CDD60F2E625B2CF24227315 ] \Device\Harddisk0\DR0\Partition1 09:29:00.0314 7336 \Device\Harddisk0\DR0\Partition1 - ok 09:29:00.0314 7336 [ 145A17BEBC11F6D4649CF948F0C4CCBB ] \Device\Harddisk0\DR0\Partition2 09:29:00.0314 7336 \Device\Harddisk0\DR0\Partition2 - ok 09:29:00.0314 7336 [ 4E6333B83DB5DF542A3CEC6A8F80739B ] \Device\Harddisk0\DR0\Partition3 09:29:00.0330 7336 \Device\Harddisk0\DR0\Partition3 - ok 09:29:00.0330 7336 ============================================================ 09:29:00.0330 7336 Scan finished 09:29:00.0330 7336 ============================================================ 09:29:00.0330 0996 Detected object count: 11 09:29:00.0330 0996 Actual detected object count: 11 09:31:17.0107 0996 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0107 0996 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:17.0107 0996 HP DS Service ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0107 0996 HP DS Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:17.0107 0996 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0107 0996 HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:17.0123 0996 Lenovo.RapidDrive.Advanced.Svc ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0123 0996 Lenovo.RapidDrive.Advanced.Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:17.0123 0996 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0123 0996 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:17.0123 0996 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0123 0996 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:17.0123 0996 SUService ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0123 0996 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:17.0123 0996 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0123 0996 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:17.0123 0996 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0123 0996 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:17.0123 0996 WDDMService.exe ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0123 0996 WDDMService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:17.0123 0996 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user 09:31:17.0123 0996 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:31:23.0019 8300 Deinitialize success |
01.03.2013, 13:53 | #8 |
/// Malware-holic | PiPi jfCacheMgr.exe Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
02.03.2013, 23:01 | #9 |
| PiPi jfCacheMgr.exe Combofix hat bei mir erst einmal nicht funktioniert. Das Programm ist bis Stufe 50 gelaufen und dann stehengeblieben, d.h. es wurde kein Logfile produziert. Ich habe dann Windows im abgesicherten Modus gestartet und Combofix wieder laufen lassen.Dann habe ich einen Logfile am Ende bekommen, und zwar folgenden: Combofix Logfile: Code:
ATTFilter ComboFix 13-02-26.01 - **** 02.03.2013 10:54:41.5.4 - x64 NETWORK Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8074.7188 [GMT 1:00] ausgeführt von:: c:\users\****\Programme\security Programme\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . ((((((((((((((((((((((( Dateien erstellt von 2013-02-02 bis 2013-03-02 )))))))))))))))))))))))))))))) . . 2013-03-02 09:57 . 2013-03-02 09:57 -------- d-----w- c:\users\****\AppData\Local\temp 2013-03-02 09:57 . 2013-03-02 09:57 -------- d-----w- c:\users\****\AppData\Local\temp 2013-03-02 09:57 . 2013-03-02 09:57 -------- d-----w- c:\users\Gast\AppData\Local\temp 2013-03-02 09:57 . 2013-03-02 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-01 18:15 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40A52E9C-C6AC-478A-BC77-E832B15C3B46}\mpengine.dll 2013-03-01 08:44 . 2013-03-01 15:55 -------- d-----w- c:\users\****\Programme 2013-02-28 08:21 . 2013-02-28 08:22 -------- dc----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-02-28 08:21 . 2013-02-28 08:22 -------- dc----w- c:\program files\iTunes 2013-02-28 08:21 . 2013-02-28 08:22 -------- dc----w- c:\program files (x86)\iTunes 2013-02-28 08:21 . 2013-02-28 08:21 -------- dc----w- c:\program files\iPod 2013-02-26 10:02 . 2013-02-26 10:53 -------- dc----w- c:\program files (x86)\Oldtimer OTL 2013-02-25 14:06 . 2013-02-25 14:06 -------- dc----w- c:\program files (x86)\Common Files\Java 2013-02-25 14:06 . 2013-02-25 14:06 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-25 14:06 . 2013-02-25 14:06 -------- dc----w- c:\program files (x86)\Java 2013-02-21 09:36 . 2013-02-21 11:25 -------- dc----w- c:\program files (x86)\Mozilla Thunderbird 2013-02-13 02:36 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:36 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 01:10 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 01:10 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 01:10 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 01:09 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 01:09 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 01:09 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 01:09 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 01:09 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 01:09 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 01:09 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 01:08 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 01:08 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-11 02:50 . 2013-02-11 02:50 -------- d-----w- c:\users\****\AppData\Roaming\Ascaron Entertainment 2013-02-09 08:07 . 2013-02-24 16:48 -------- dc----w- c:\program files (x86)\Ascaron Entertainment . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 15:02 . 2012-07-30 06:21 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 15:02 . 2012-03-21 12:47 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-25 14:06 . 2012-11-29 00:19 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-02-25 14:06 . 2012-03-13 11:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-13 02:38 . 2012-03-16 10:47 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-02-13 01:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 17:11 . 2012-12-22 05:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-22 05:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 05:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-22 05:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 13:20 . 2013-01-09 08:18 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 08:18 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 08:18 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 08:18 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 08:18 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 08:18 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 08:18 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 08:18 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 08:18 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 08:18 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 08:18 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 08:18 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 08:18 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 08:18 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 08:18 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 08:18 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 08:18 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 08:18 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 08:18 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 08:18 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 08:18 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 08:18 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 08:18 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 08:18 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 08:18 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 08:18 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 08:18 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 08:18 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 08:18 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 08:18 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 08:18 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-09 08:18 51712 ----a-w- c:\windows\SysWow64\esrb.rs . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}] 2011-05-09 09:49 176936 -c--a-w- c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1A3440C6-F123-4CAB-84EE-C814E1AE0D8F}] 2012-06-07 07:06 277416 -c--a-w- c:\pipi\JfCheck.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-06 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-14 215360] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560] "PDFHook"="c:\program files (x86)\Nuance\PDF Create 5\pdfcreate5hook.exe" [2008-12-13 623904] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Create 5\RegistryController.exe" [2008-12-13 58656] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2011-07-19 136760] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "jfproc"="c:\pipi\jfCacheMgr.exe" [2012-06-07 1878912] . c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GameRanger.lnk - c:\users\****\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2012-3-25 1822496] . c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112] OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2104320] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040] ƤƤ.lnk - c:\pipi\jfCacheMgr.exe [2012-9-7 1878912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784] R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2011-07-08 162816] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232] R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320] R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240] R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] R2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840] R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248] R2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 116224] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x] R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 166016] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-08-31 478056] R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824] R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-18 317440] R3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys [2011-07-01 101416] R3 Lenovo.RapidDrive.Advanced.Svc;Lenovo RapidDrive Advanced Service;c:\program files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [2011-10-06 209920] R3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2011-04-29 430664] R3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2011-04-29 19528] R3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2011-04-29 483400] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-03-13 100904] R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-17 14464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-08-31 31344] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-03-13 283744] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-15 23664] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-13 158832] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2011-06-13 26664] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2011-06-13 30248] S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2011-04-29 419400] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2011-08-12 268840] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-25 12:29 1629648 -c--a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 15:02] . 2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 02:09] . 2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 02:09] . 2013-03-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . 2013-02-24 c:\windows\Tasks\PIPI_Update.job - c:\pipi\jfCacheMgr.exe [2012-09-07 07:05] . 2013-03-02 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TpShocks"="TpShocks.exe" [2010-12-09 380776] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-14 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-18 165456] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-18 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-18 416024] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808] "ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: An vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: An vorhandenes PDF anfügen - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube Download - c:\users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: PDF-Datei aus Linkinhalt erstellen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Datei erstellen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html TCP: Interfaces\{BFC40532-1799-483A-A207-EA9F73895E75}: NameServer = 194.48.124.202 194.48.124.200 TCP: Interfaces\{FB86C49B-A125-400F-914B-5071DBA2DAB1}: NameServer = 192.2.4.247,192.2.4.248 DPF: {4631FC65-B24F-4818-966F-AF1629B57CDC} - hxxps://pbank.95559.com.cn/personbank/cab/SafeCtl.cab DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///F:/launch.ocx DPF: {B3D433B8-F0D2-4D58-9DC0-09C62B7B8EAD} - hxxps://pbank.95559.com.cn/personbank/cab/BocomAssistComm.cab DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://univpn.****/CACHE/stc/1/binaries/vpnweb.cab . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe Toolbar-Locked - (no file) WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0] "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-589514482-2097548035-1509980449-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:71,4a,1e,1f,d8,3c,c5,fb,3f,15,25,e9,61,52,62,aa,e8,d2,66,4b,34,ed,2f, 2d,1f,aa,4b,33,e5,79,af,41,f6,9d,f0,ab,d8,1f,f5,47,d2,38,9d,45,e9,ef,45,53,\ "??"=hex:f5,b9,36,0f,86,50,d2,5c,82,f4,5f,87,c3,25,30,2e . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-03-02 10:59:26 ComboFix-quarantined-files.txt 2013-03-02 09:59 . Vor Suchlauf: 20 Verzeichnis(se), 38.281.007.104 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 37.730.033.664 Bytes frei . - - End Of File - - 8A8A16FCD929058D587989AAD31F297F Inzwischen hat es geklappt. Man braucht halt viel Geduld mit Combofix. Ich habe es als Nachtlauf gestartet ... und am Morgen war der Logfile dann da ....hurra" Combofix Logfile: Code:
ATTFilter ComboFix 13-02-26.01 - ***** 02.03.2013 23:05:59.7.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8074.6092 [GMT 1:00] ausgeführt von:: c:\users\*****\Programme\security Programme\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2013-02-02 bis 2013-03-02 )))))))))))))))))))))))))))))) . . 2013-03-02 22:23 . 2013-03-02 22:23 -------- d-----w- c:\users\*****\AppData\Local\temp 2013-03-02 22:23 . 2013-03-02 22:23 -------- d-----w- c:\users\*****\AppData\Local\temp 2013-03-02 22:23 . 2013-03-02 22:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-02 22:23 . 2013-03-02 22:23 -------- d-----w- c:\users\Gast\AppData\Local\temp 2013-03-01 18:15 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40A52E9C-C6AC-478A-BC77-E832B15C3B46}\mpengine.dll 2013-03-01 08:44 . 2013-03-01 15:55 -------- d-----w- c:\users\*****\Programme 2013-02-28 08:21 . 2013-02-28 08:22 -------- dc----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-02-28 08:21 . 2013-02-28 08:22 -------- dc----w- c:\program files\iTunes 2013-02-28 08:21 . 2013-02-28 08:22 -------- dc----w- c:\program files (x86)\iTunes 2013-02-28 08:21 . 2013-02-28 08:21 -------- dc----w- c:\program files\iPod 2013-02-26 10:02 . 2013-02-26 10:53 -------- dc----w- c:\program files (x86)\Oldtimer OTL 2013-02-25 14:06 . 2013-02-25 14:06 -------- dc----w- c:\program files (x86)\Common Files\Java 2013-02-25 14:06 . 2013-02-25 14:06 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-25 14:06 . 2013-02-25 14:06 -------- dc----w- c:\program files (x86)\Java 2013-02-21 09:36 . 2013-02-21 11:25 -------- dc----w- c:\program files (x86)\Mozilla Thunderbird 2013-02-13 02:36 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 02:36 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 01:10 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 01:10 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 01:10 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 01:09 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 01:09 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 01:09 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 01:09 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 01:09 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 01:09 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 01:09 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 01:08 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 01:08 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-11 02:50 . 2013-02-11 02:50 -------- d-----w- c:\users\*****\AppData\Roaming\Ascaron Entertainment 2013-02-09 08:07 . 2013-02-24 16:48 -------- dc----w- c:\program files (x86)\Ascaron Entertainment . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 15:02 . 2012-07-30 06:21 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 15:02 . 2012-03-21 12:47 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-25 14:06 . 2012-11-29 00:19 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-02-25 14:06 . 2012-03-13 11:32 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-13 02:38 . 2012-03-16 10:47 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-17 00:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-02-13 01:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 17:11 . 2012-12-22 05:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-22 05:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-22 05:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-22 05:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 13:20 . 2013-01-09 08:18 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 08:18 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 08:18 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 08:18 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 08:18 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 08:18 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 08:18 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 08:18 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 08:18 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 08:18 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 08:18 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 08:18 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 08:18 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 08:18 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 08:18 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 08:18 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 08:18 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 08:18 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 08:18 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 08:18 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 08:18 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 08:18 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 08:18 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 08:18 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 08:18 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 08:18 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 08:18 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 08:18 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 08:18 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 08:18 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 08:18 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 10:46 . 2013-01-09 08:18 51712 ----a-w- c:\windows\SysWow64\esrb.rs . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}] 2011-05-09 09:49 176936 -c--a-w- c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1A3440C6-F123-4CAB-84EE-C814E1AE0D8F}] 2012-06-07 07:06 277416 -c--a-w- c:\pipi\JfCheck.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-06 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712] "McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088] "ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-09-14 215360] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560] "PDFHook"="c:\program files (x86)\Nuance\PDF Create 5\pdfcreate5hook.exe" [2008-12-13 623904] "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Create 5\RegistryController.exe" [2008-12-13 58656] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "StatusAlerts"="c:\program files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe" [2011-07-19 136760] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-10-17 684024] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "jfproc"="c:\pipi\jfCacheMgr.exe" [2012-06-07 1878912] . c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ GameRanger.lnk - c:\users\*****\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2012-3-25 1822496] . c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112] OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-18 1202976] WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-8-17 2104320] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-8-17 8919040] ƤƤ.lnk - c:\pipi\jfCacheMgr.exe [2012-9-7 1878912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2011-07-08 162816] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-10-17 107432] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-08-31 478056] R3 HP DS Service;HP DS Service;c:\program files (x86)\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824] R3 Lenovo.RapidDrive.Advanced.Svc;Lenovo RapidDrive Advanced Service;c:\program files (x86)\Lenovo\RapidDrive Advanced\LenovoRapidDriveAdvancedService.exe [2011-10-06 209920] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-03-13 100904] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-17 14464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-08-31 31344] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-03-13 283744] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-15 23664] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784] S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-13 158832] S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888] S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-10-17 544248] S2 WDDMService.exe;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-08-17 116224] S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 166016] S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys [2011-06-13 26664] S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys [2011-06-13 30248] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-18 317440] S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys [2011-07-01 101416] S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2011-04-29 419400] S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2011-04-29 430664] S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2011-04-29 19528] S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2011-04-29 483400] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536] S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [2011-08-12 268840] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-25 12:29 1629648 -c--a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 15:02] . 2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 02:09] . 2013-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-06 02:09] . 2013-03-02 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . 2013-03-02 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "TpShocks"="TpShocks.exe" [2010-12-09 380776] "ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-14 316032] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-18 165456] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-18 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-18 416024] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808] "ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: An vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: An vorhandenes PDF anfügen - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube Download - c:\users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Inhalt der ausgewählten Links an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML IE: Linkinhalt an vorhandene PDF-Datei anhängen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: PDF-Datei aus Linkinhalt erstellen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Datei erstellen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML IE: PDF-Dateien aus den ausgewählten Links erstellen - c:\program files (x86)\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BFC40532-1799-483A-A207-EA9F73895E75}: NameServer = 194.48.124.202 194.48.124.200 TCP: Interfaces\{FB86C49B-A125-400F-914B-5071DBA2DAB1}: NameServer = 192.2.4.247,192.2.4.248 DPF: {4631FC65-B24F-4818-966F-AF1629B57CDC} - hxxps://pbank.95559.com.cn/personbank/cab/SafeCtl.cab DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} - file:///F:/launch.ocx DPF: {B3D433B8-F0D2-4D58-9DC0-09C62B7B8EAD} - hxxps://pbank.95559.com.cn/personbank/cab/BocomAssistComm.cab DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - hxxps://univpn.*****/CACHE/stc/1/binaries/vpnweb.cab . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-589514482-2097548035-1509980449-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:71,4a,1e,1f,d8,3c,c5,fb,3f,15,25,e9,61,52,62,aa,e8,d2,66,4b,34,ed,2f, 2d,1f,aa,4b,33,e5,79,af,41,f6,9d,f0,ab,d8,1f,f5,47,d2,38,9d,45,e9,ef,45,53,\ "??"=hex:f5,b9,36,0f,86,50,d2,5c,82,f4,5f,87,c3,25,30,2e . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-03-03 00:32:55 ComboFix-quarantined-files.txt 2013-03-02 23:32 ComboFix2.txt 2013-03-02 09:59 . Vor Suchlauf: 20 Verzeichnis(se), 37.510.332.416 Bytes frei Nach Suchlauf: 21 Verzeichnis(se), 37.499.637.760 Bytes frei . - - End Of File - - EC136766A49F88765CA6BF9553FE5DE0 |
03.03.2013, 18:37 | #10 |
/// Malware-holic | PiPi jfCacheMgr.exe malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.03.2013, 09:00 | #11 |
| PiPi jfCacheMgr.exe Das sieht gut aus. Es könnte der Übeltäter gewesen sein, denn er war in dem verdächtigen Directory PiPi. Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.06.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 **** :: **** [Administrator] Schutz: Aktiviert 06.03.2013 08:35:15 mbam-log-2013-03-06 (08-35-15).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 539200 Laufzeit: 19 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\pipi\KmFileTypeSetting.exe (Trojan.MultiGen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
06.03.2013, 17:36 | #12 |
/// Malware-holic | PiPi jfCacheMgr.exe Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
07.03.2013, 20:46 | #13 |
| PiPi jfCacheMgr.exe Hi MarkusG, das popup-Fenster ist leider immer noch da und bringt auch weiterhin ungefragt Werbung auf den Bildschirm. Hier der File mit CCleaner: Code: b benötigt n nicht benötigt u unbekannt w weiss ich nicht, ob benötigt b 7-Zip 9.20 (x64 edition) Igor Pavlov 17.03.2012 4,53MB 9.20.00.0 b Adobe Acrobat 8.1.0 Professional Adobe Systems 13.03.2012 8.1.0 u Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 06.02.2012 1,85MB 10.0.32.18 u Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 n Adobe Photoshop CS3 Adobe Systems Incorporated 14.03.2012 1,06GB 10.0 n Adobe Reader X (10.1.6) - Deutsch Adobe Systems Incorporated 23.02.2013 121MB 10.1.6 u Anzeige am Bildschirm 06.02.2012 6.50.00 w Apple Application Support Apple Inc. 28.02.2013 62,7MB 2.3.3 w Apple Mobile Device Support Apple Inc. 28.02.2013 25,2MB 6.1.0.13 w Apple Software Update Apple Inc. 16.03.2012 2,38MB 2.1.3.127 w Bonjour Apple Inc. 16.03.2012 2,00MB 3.0.0.10 u Broadcom InConcert Maestro Broadcom Corporation 06.02.2012 645KB 1.0.1.1500 b Brosix Brosix 22.11.2012 3.4 b CCleaner Piriform 25.02.2013 3.28 b Cisco AnyConnect Secure Mobility Client Cisco Systems, Inc. 14.12.2012 3.1.01065 u Conexant 20672 SmartAudio HD Conexant 06.02.2012 8.32.23.0 w Corel Burn.Now Lenovo Edition Corel Corporation 06.02.2012 80,9MB 4.5.0 w Corel DVD MovieFactory Lenovo Edition Corel Corporation 06.02.2012 318MB 7.0.0 w Corel WinDVD Corel Inc. 06.02.2012 301MB 10.0.5.828 w Create Recovery Media Lenovo Group Limited 06.02.2012 8,05MB 1.20.0.00 u Dienstprogramm "ThinkPad UltraNav" Lenovo 06.02.2012 2.13.0 u Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 06.02.2012 1.00 u DVDVideoSoftTB DE Toolbar DVDVideoSoftTB DE 20.09.2012 6.9.0.16 w Evernote v. 4.5.7 Evernote Corp. 21.07.2012 139MB 4.5.7.7146 w Free YouTube Download version 3.1.35.903 DVDVideoSoft Ltd. 20.09.2012 84,7MB 3.1.35.903 b GameRanger GameRanger Technologies 12.07.2012 3,53GB n Google Chrome Google Inc. 06.02.2012 25.0.1364.152 n Google Toolbar for Internet Explorer Google Inc. 06.02.2012 7.1.1821.1806 w HP LJ300-400 color M351-M451 Hewlett-Packard 11.06.2012 w HP Update Hewlett-Packard 02.07.2012 3,98MB 5.003.001.001 w HPLaserJet300-400ColorM351-M451Series_HelpLearnCenter_SI Hewlett-Packard 11.06.2012 4,97MB 1.02.0000 b IBM Tivoli Storage Manager Client IBM 12.03.2012 337MB 06.03.0000 u Integrated Camera Driver Installer Package Ver.1.1.0.1147 RICOH 06.02.2012 1.1.0.1147 u Integrated Camera TWAIN Chicony Electronics Co.,Ltd. 06.02.2012 1.0.11.1223 u Intel(R) Control Center Intel Corporation 06.02.2012 1.2.1.1007 u Intel(R) Identity Protection Technology 1.1.2.0 Intel Corporation 06.02.2012 1,13MB 1.1.2.0 u Intel(R) Management Engine Components Intel Corporation 06.02.2012 7.0.0.1144 u Intel(R) Processor Graphics Intel Corporation 06.02.2012 8.15.10.2476 w Intel(R) PROSet/Wireless WiFi-Software Intel Corporation 06.02.2012 84,5MB 14.2.0000 w iTunes Apple Inc. 28.02.2013 187MB 11.0.2.26 w Java 7 Update 17 Oracle 06.03.2013 129MB 7.0.170 e Lenovo Auto Scroll Utility 06.02.2012 1.10 w Lenovo Registration Lenovo Inc. 06.02.2012 4,13MB 1.0.4 w Lenovo SimpleTap Lenovo Group Limited 12.03.2012 52,9MB 3.0.0010.00 w Lenovo System Interface Driver 06.02.2012 1.05 b Lenovo ThinkVantage Toolbox PC-Doctor, Inc. 06.02.2012 6.0.5849.23 w Lenovo User Guide Ihr Firmenname 06.02.2012 606KB 1.0.0008.00 w Lenovo Warranty Information Lenovo 06.02.2012 861KB 1.0.0005.00 w Lenovo Welcome Lenovo 06.02.2012 3.00.006.0 b LyX 2.0.3 LyX Team 20.04.2012 2.0.3 b Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 06.03.2013 18,4MB 1.70.0.1100 b McAfee Agent McAfee, Inc. 13.03.2012 21,3MB 4.5.0.1810 b McAfee VirusScan Enterprise McAfee, Inc. 13.03.2012 48,3MB 8.8.01000 w Message Center Plus Lenovo Group Limited 06.02.2012 1,70MB 2.0.0012.00 u Microsoft .NET Framework 4 Client Profile Microsoft Corporation 16.02.2011 38,8MB 4.0.30319 b Microsoft Office 2010 Microsoft Corporation 06.02.2012 6,40MB 14.0.4763.1000 w Microsoft Office Enterprise 2007 Microsoft Corporation 17.03.2012 12.0.6612.1000 u Microsoft Office File Validation Add-In Microsoft Corporation 18.03.2012 7,95MB 14.0.5130.5003 u Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.05.2012 508KB 2.0.4024.1 u Microsoft Silverlight Microsoft Corporation 17.05.2012 50,6MB 5.1.10411.0 u Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 06.02.2012 1,69MB 3.1.0000 u Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 14.03.2012 300KB 8.0.56336 u Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 06.02.2012 832KB 8.0.61000 u Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 06.02.2012 788KB 9.0.30729 u Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 06.02.2012 784KB 9.0.30729.4148 u Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 14.03.2012 788KB 9.0.30729.6161 u Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 06.02.2012 596KB 9.0.30729 u Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 06.02.2012 592KB 9.0.30729.4148 u Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 14.03.2012 600KB 9.0.30729.6161 u Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 15.03.2012 15,2MB 10.0.40219 w Microsoft-Maus- und Tastatur-Center Microsoft Corporation 04.03.2013 2.1.177.0 w MiKTeX 2.9 MiKTeX.org 19.04.2012 2.9 u Mobile Broadband Drivers Ericsson AB 21.03.2012 6.5.1.5 w Mozilla Maintenance Service Mozilla 21.02.2013 329KB 17.0.3 b Mozilla Thunderbird 17.0.3 (x86 de) Mozilla 21.02.2013 41,9MB 17.0.3 u MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.03.2012 1,27MB 4.20.9870.0 u MSXML 4.0 SP2 (KB973688) Microsoft Corporation 13.03.2012 1,33MB 4.20.9876.0 b Nuance OmniPage 17 Nuance Communications, Inc. 14.03.2012 408MB 17.0.0000 w Nuance PDF Create! 5 Nuance Communications, Inc 14.03.2012 109MB 5.20.6433 b OpenOffice.org 3.3 OpenOffice.org 13.03.2012 414MB 3.3.9567 b Opera 12.14 Opera Software ASA 08.02.2013 12.14.1738 u PIPI 2.12.0.0 ƤƤ¿Æ¼¼ 07.09.2012 29,4MB u RapidBoot Lenovo 06.02.2012 589KB 1.11 u RapidDrive Advanced Version 1.0.12 LENOVO, Inc. 06.02.2012 18,3MB 1.0.12 u Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 06.02.2012 1.00 w Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 06.02.2012 1,00MB 2.0.32.0 u RICOH_Media_Driver_v2.14.18.01 RICOH 06.02.2012 2.14.18.01 w Skype Click to Call Skype Technologies S.A. 09.11.2012 38,6MB 6.3.11079 b Skype™ 6.1 Skype Technologies S.A. 25.01.2013 21,1MB 6.1.129 u System Requirements Lab for Intel Husdawg, LLC 25.04.2012 763KB 4.5.5.0 u System Update Lenovo 06.02.2012 11,8MB 4.01.0015 w ThinkPad Bluetooth with Enhanced Data Rate Software Broadcom Corporation 06.02.2012 229MB 6.4.0.1500 b ThinkPad Energie-Manager 06.02.2012 3.63 w ThinkPad FullScreen Magnifier 06.02.2012 2.40 w ThinkPad Power Management Driver 06.02.2012 1.61.00.11 w ThinkPad UltraNav Driver 06.02.2012 46,4MB 15.3.8.0 w ThinkVantage Access Connections Lenovo 21.03.2012 76,1MB 5.84 w ThinkVantage AutoLock Lenovo 06.02.2012 26,0MB 1.03 w ThinkVantage Communications Utility Lenovo 06.02.2012 12,3MB 2.07 n ThinkVantage Fingerprint Software UPEK Inc. 06.02.2012 51,3MB 5.9.4.6882 w ThinkVantage System für aktiven Festplattenschutz Lenovo 06.02.2012 15,6MB 1.73 w ThinkVantage System Update 06.02.2012 w VirtualCloneDrive Elaborate Bytes 14.03.2012 b VLC media player 2.0.0 VideoLAN 18.03.2012 2.0.0 u WD SmartWare Western Digital 12.08.2012 42,9MB 1.1.0.2 u Windows Live Essentials Microsoft Corporation 06.02.2012 15.4.3508.1109 u Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 06.02.2012 5,57MB 15.4.5722.2 u Windows-Treiberpaket - Hewlett-Packard Image (04/27/2007 9.0.0.0) Hewlett-Packard 16.05.2012 04/27/2007 9.0.0.0 u Windows-Treiberpaket - Intel (e1cexpress) Net (12/21/2010 11.8.84.0) Intel 06.02.2012 12/21/2010 11.8.84.0 u Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) Intel 06.02.2012 09/10/2010 9.2.0.1011 u Windows-Treiberpaket - Intel System (09/10/2010 9.2.0.1011) Intel 06.02.2012 09/10/2010 9.2.0.1011 u Windows-Treiberpaket - Intel System (11/20/2010 9.2.0.1016) Intel 06.02.2012 11/20/2010 9.2.0.1016 u Windows-Treiberpaket - Intel USB (12/21/2010 9.2.0.1021) Intel 06.02.2012 12/21/2010 9.2.0.1021 u Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) Lenovo 06.02.2012 11/11/2010 1.61.00.11 u Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) Synaptics 06.02.2012 05/19/2011 15.3.8.0 u ½»ÐÐÍøÒø°²È«ÊäÈëÈí¼þ 3.0 ½»Í¨ÒøÐÐ 09.11.2012 3.0 |
08.03.2013, 19:30 | #14 |
/// Malware-holic | PiPi jfCacheMgr.exe bitte sortiere nach nötig, unnötig, unbekannt.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.03.2013, 11:06 | #15 |
| PiPi jfCacheMgr.exe Bei der Sortierung weiss ich bei einigen Files nicht, ob sie benötigt werden oder nicht. Daher habe ich sie nach b benötigt n nicht benötigt u unbekannt w weiss ich nicht, ob benötigt sortiert. Das w kannst Du daher als unbekannt lesen, weil ich die Konsequenzen nicht genau kenne, wenn man das wegnehmen würde. Ich weiss nicht, was Du im nächsten Schritt vorschlägst, aber wenn Du vorschlagen wirst, die nicht benötigten Programme erst mal wegzutun, kann ich das ausführen. Besonders stark in Verdacht habe ich diese beiden Programme: u PIPI 2.12.0.0 ƤƤ¿Æ¼¼ 07.09.2012 29,4MB u ½»ÐÐÍøÒø°²È«ÊäÈëÈí¼þ 3.0 ½»Í¨ÒøÐÐ 09.11.2012 3.0 Ich habe gerade noch einmal Malwarebytes laufen lassen. Malwarebytes hat nix gefunden, aber das Popup mit chinesischer Werbung kommt immer noch. Hier der letzte Logfile: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ÄÄÄÄ :: ÄÄÄÄ [Administrator] Schutz: Aktiviert 11.03.2013 09:01:30 mbam-log-2013-03-11 (09-01-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 540027 Laufzeit: 1 Stunde(n), 58 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von HoraceTWest (11.03.2013 um 11:21 Uhr) |
Themen zu PiPi jfCacheMgr.exe |
absoluter, chinesischer, compu, computer, datei, erkenne, fenster, hilferuf, kleines, klick, klickt, minute, ordner, prozess, schlimm, starte, startet, taskmanager, unregelmäßige, vorerst, werbefenster, werbung, zeichen, zweimal, öffnet |