|
Log-Analyse und Auswertung: Trojan.Maljava entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.04.2013, 18:03 | #1 |
| Trojan.Maljava entfernen Hallihallo zusammen, wie die Überschrift schon sagt hat Norton den Schädling Trojan.Maljava entdeckt und isoliert. Bitte um Eure Hilfe, um das garstige Ding entgültig vom Computer zu verbannen. Da die Logs offensichtlich zu lang sind, hänge ich sie an. Vielen Dank schonmal im Voraus. |
06.04.2013, 19:13 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava entfernen Hallo und
__________________Zitat:
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten. Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
06.04.2013, 21:38 | #3 |
| Trojan.Maljava entfernen Hallo cosinus,
__________________danke für deine schnelle Antwort. Trojan.Maljava ist unter Scan-Ergebnisse in Norton IS nicht zu finden. Schicke dir einfach mal den Quarantäne-Bericht und den zu behobene Sicherheitsrisiken (hoffe das meintest du). Quarantäne.txt: Code:
ATTFilter Kategorie: Quarantäne Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 14.01.2013 12:26:51,Hoch,710e927a-561a5a3e (Trojan.Maljava) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\martin\appdata\locallow\sun\java\deployment\cache\6.0\58\710e927a-561a5a3e behobene Sicherheitsrisiken: Code:
ATTFilter Kategorie: Behobene Sicherheitsrisiken Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Pfad - Dateiname 05.04.2013 11:27:18,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 04.04.2013 17:49:52,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 03.04.2013 19:51:51,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 01.04.2013 16:59:24,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 02.03.2013 13:36:36,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 30.01.2013 21:07:38,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 28.01.2013 10:27:06,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 14.01.2013 12:26:51,Hoch,710e927a-561a5a3e (Trojan.Maljava) erkannt von Auto-Protect,Isoliert,Behoben - Keine Aktion erforderlich,c:\users\martin\appdata\locallow\sun\java\deployment\cache\6.0\58\710e927a-561a5a3e 01.01.2013 22:05:24,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 28.12.2012 11:39:28,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 27.12.2012 18:28:25,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 19.12.2012 15:17:01,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 26.11.2012 20:55:47,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 17.11.2012 15:21:35,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, 18.10.2012 13:47:54,Gering,Tracking Cookies erkannt von Virenscanner,Entfernt,Behoben - Keine Aktion erforderlich, OTL.txt: Code:
ATTFilter OTL logfile created on: 05.04.2013 16:57:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,90 Gb Total Physical Memory | 4,09 Gb Available Physical Memory | 69,25% Memory free 11,81 Gb Paging File | 9,89 Gb Available in Paging File | 83,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 420,56 Gb Total Space | 346,44 Gb Free Space | 82,37% Space Free | Partition Type: NTFS Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,30% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.05 16:55:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Downloads\OTL.exe PRC - [2013.03.14 18:30:28 | 000,148,840 | ---- | M] () -- C:\Programme\Lenovo\Lenovo Solution Center\LSC.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe PRC - [2012.12.12 11:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.28 10:20:06 | 000,163,456 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2012.02.28 11:20:02 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.28 11:19:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.28 11:19:46 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.01.28 23:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2007.04.19 15:45:10 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe PRC - [2007.04.19 15:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe ========== Modules (No Company Name) ========== MOD - [2013.03.14 18:30:28 | 000,148,840 | ---- | M] () -- C:\Programme\Lenovo\Lenovo Solution Center\LSC.exe MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.0.36\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.12.17 10:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2007.04.19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device) SRV - [2013.03.13 14:42:08 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.11 20:22:48 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS) SRV - [2012.12.03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.10 03:22:26 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.04.28 10:20:06 | 000,163,456 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent) SRV - [2012.04.28 09:57:54 | 000,119,424 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2012.03.26 14:41:18 | 000,572,976 | ---- | M] (Lenovo (Beijing) Limited) [Disabled | Stopped] -- C:\Programme\Lenovo\Instant Reset\DamageGuardSvc.exe -- (DamageGuardSvc) SRV - [2012.02.28 11:20:02 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.28 11:19:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.28 11:19:46 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.05 11:29:25 | 000,096,856 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR322.SYS -- (SMR322) DRV:64bit: - [2013.03.04 09:54:56 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.03.04 09:54:56 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys -- (SymDS) DRV:64bit: - [2012.12.03 17:47:14 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2012.11.21 17:33:32 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.10.10 03:22:28 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.17 21:59:11 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.17 12:53:33 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2012.07.17 12:53:33 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2012.07.17 12:52:59 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2012.07.17 12:52:59 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2012.05.02 10:35:26 | 002,811,392 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.04.28 10:09:24 | 000,550,528 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2012.04.28 10:08:30 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2012.04.28 10:08:12 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2012.04.28 10:07:36 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2012.04.28 10:07:18 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2012.04.28 10:07:00 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2012.04.28 10:06:42 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2012.04.28 10:06:18 | 000,341,120 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2012.03.02 12:49:18 | 000,104,048 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.02.27 13:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.27 13:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.27 13:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.10 17:36:26 | 000,217,392 | ---- | M] (Lenovo) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\DamageGuardX64.sys -- (DamageGuard) DRV:64bit: - [2012.01.31 07:17:44 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2012.01.16 00:21:04 | 000,208,168 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2011.12.13 11:04:52 | 000,023,648 | ---- | M] (Lenovo) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dgfltrX64.sys -- (dgFltr) DRV:64bit: - [2011.12.06 13:23:10 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.12.06 09:31:40 | 000,952,832 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm331avs.sys -- (vm331avs) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.15 12:24:20 | 000,313,960 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.11.09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.10 09:56:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.10.10 09:56:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.01.28 23:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.07.21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.03.22 03:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.01.16 11:12:11 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130404.024\ex64.sys -- (NAVEX15) DRV - [2013.01.16 11:12:11 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130404.024\eng64.sys -- (NAVENG) DRV - [2012.11.30 11:51:10 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.11.20 17:48:10 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130404.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.10.07 12:25:17 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE500 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.05 11:33:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.21 17:37:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 20:22:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 20:22:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 10:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Extensions [2013.04.03 19:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\extensions [2013.04.03 19:33:57 | 000,492,403 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\extensions\toolbar@gmx.net.xpi [2013.03.11 20:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.11 20:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.03.11 20:22:45 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net [2013.03.11 20:22:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.25 00:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.25 00:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.25 00:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.25 00:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.25 00:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.25 00:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B87CAA2-CB41-4A54-8349-FA671B455907}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC8E8541-F012-4A4C-AB3E-F0818F7FFBDD}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.05 11:29:25 | 000,096,856 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR322.SYS [2013.04.04 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2013.04.04 17:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.04 17:30:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.04 17:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.04 17:26:03 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Martin\Desktop\mbam-setup-1-70-0-1100.exe [2013.03.28 13:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.03.23 14:40:46 | 000,000,000 | ---D | C] -- C:\Users\Martin\.jskat [2013.03.23 14:39:43 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Downloaded Installations [2013.03.13 13:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.11 20:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.05 16:54:04 | 000,000,000 | ---- | M] () -- C:\Users\Martin\defogger_reenable [2013.04.05 16:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.05 16:26:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.05 16:05:58 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.05 16:05:58 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.05 16:05:58 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.05 16:05:58 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.05 16:05:58 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.05 16:02:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.05 11:38:18 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.05 11:38:18 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.05 11:31:33 | 000,125,356 | ---- | M] () -- C:\Windows\SysNative\fastboot.set [2013.04.05 11:31:07 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.05 11:30:29 | 460,079,103 | -HS- | M] () -- C:\hiberfil.sys [2013.04.05 11:29:25 | 000,096,856 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR322.SYS [2013.04.04 17:26:31 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Martin\Desktop\mbam-setup-1-70-0-1100.exe [2013.03.30 14:08:22 | 000,002,726 | ---- | M] () -- C:\Users\Martin\AppData\Local\recently-used.xbel [2013.03.28 13:03:50 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.19 11:45:40 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.05 16:54:04 | 000,000,000 | ---- | C] () -- C:\Users\Martin\defogger_reenable [2013.03.30 14:08:22 | 000,002,726 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel [2013.03.28 13:03:50 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.19 11:45:40 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk [2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.09.18 15:01:10 | 000,000,100 | ---- | C] () -- C:\Windows\Lexstat.ini [2012.09.18 15:00:27 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll [2012.09.18 15:00:27 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll [2012.09.18 15:00:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll [2012.09.18 15:00:27 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll [2012.09.18 15:00:27 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll [2012.09.18 15:00:27 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll [2012.09.18 15:00:27 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll [2012.09.18 15:00:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe [2012.09.18 15:00:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll [2012.09.18 15:00:26 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll [2012.09.18 15:00:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll [2012.09.18 15:00:26 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll [2012.09.18 15:00:26 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe [2012.09.18 15:00:26 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll [2012.09.18 15:00:26 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe [2012.09.18 15:00:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe [2012.09.18 15:00:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll [2012.09.18 13:43:31 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\LXCZhcp.dll [2012.09.18 12:53:00 | 000,014,355 | ---- | C] () -- C:\Users\Martin\Ihre+Retourenmarke.pdf [2012.09.05 19:43:56 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.05 19:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab [2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files (x86)\openofficeorg341.msi [2012.08.13 11:09:30 | 000,473,600 | ---- | C] () -- C:\Program Files (x86)\setup.exe [2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files (x86)\setup.ini [2012.07.17 12:51:27 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll [2012.07.17 12:51:27 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll [2012.07.17 12:51:27 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll [2012.07.17 12:51:27 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll [2012.07.17 12:51:13 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll [2012.07.17 12:38:04 | 000,001,822 | ---- | C] () -- C:\Windows\vm331Rmv.ini [2012.07.17 12:38:04 | 000,001,822 | ---- | C] () -- C:\Windows\SysWow64\vm331Rmv.ini [2012.05.16 07:26:34 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.05.16 07:26:21 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.05 19:42:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech [2012.12.08 18:04:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Lenovo [2012.09.05 19:42:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LSC [2012.12.18 19:28:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OpenOffice.org [2013.02.04 15:23:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PDF Architect [2013.02.04 15:36:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\pdfforge [2012.12.09 00:16:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ProtectDISC [2013.03.28 19:34:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SoftGrid Client [2012.09.05 19:44:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TP ========== Purity Check ========== < End of report > Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 05.04.2013 16:57:53 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,90 Gb Total Physical Memory | 4,09 Gb Available Physical Memory | 69,25% Memory free 11,81 Gb Paging File | 9,89 Gb Available in Paging File | 83,76% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 420,56 Gb Total Space | 346,44 Gb Free Space | 82,37% Space Free | Partition Type: NTFS Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,30% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10E951EE-1A4C-45A7-8E3B-BB575D0D5BC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1D611797-E240-472F-A726-9B5946CA5AB4}" = rport=10243 | protocol=6 | dir=out | app=system | "{203B2945-828F-43B7-AA70-85B401A2F877}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{28FA5232-67DC-4E21-BF71-11972EFD560E}" = lport=137 | protocol=17 | dir=in | app=system | "{2C466446-62AD-4664-B045-AA06814C5033}" = lport=138 | protocol=17 | dir=in | app=system | "{334186AD-6648-4F0B-8F89-EB9132C0224D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3A1AF9C7-0042-4B30-92EB-1AE214D26F5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3F154DF7-8C0A-4B82-9109-426B3DF3C901}" = lport=445 | protocol=6 | dir=in | app=system | "{4ACF28BC-79E3-4A05-8AC9-1D74E43DFA77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4DD4B301-8B5C-4ADF-8C2E-A78678623F73}" = lport=2869 | protocol=6 | dir=in | app=system | "{4EA44185-E73F-4232-939D-C8793ADDB080}" = rport=137 | protocol=17 | dir=out | app=system | "{5518F040-CD4A-4852-B766-B7FBB5014484}" = lport=139 | protocol=6 | dir=in | app=system | "{6C1C5B9E-976D-44C1-9779-2CF462096F8A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E5D6A6E-C027-4478-A73A-6CC1A501F0C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{741621B8-1607-403A-942B-A8DED66E97EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7B040E3F-586C-4272-9226-E9674A7FCB57}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8B5B31A1-B3DA-46B0-AF5F-618C1C031CA2}" = rport=445 | protocol=6 | dir=out | app=system | "{925E65CC-3B6E-4387-8B28-1F0A19E12C9D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9EFD0C8C-145F-448F-BBC4-2F7E66E6224E}" = rport=139 | protocol=6 | dir=out | app=system | "{A056F21F-AA69-4032-BABA-CC3C89D64D71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A4BEF393-8290-474A-A484-D9AE19ADCC82}" = rport=138 | protocol=17 | dir=out | app=system | "{BE576647-1775-42D3-B1DF-19E4C9510882}" = lport=10243 | protocol=6 | dir=in | app=system | "{ECFEA22A-065E-4B50-B509-6483148FC81B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027C69BC-935C-4832-A0B1-40A4B7C4FDF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{16837B5B-BEDE-434A-8355-215E3DFA08D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2506B921-FB5F-4A6B-8742-EC65DD4EE4A6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{2642E0A8-5575-41A5-86B9-91F2A2788A79}" = protocol=6 | dir=out | app=system | "{2C59C436-EB0D-4C11-B397-9F9B94F1F11C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2F6230D5-F6E1-4CD6-BE4F-C3C33F49F425}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{36E6A2EC-576F-47FA-AE68-103F14B2FFCB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{376EEE4A-8DE4-4790-B3C1-DA142159E957}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | "{3C342F44-7151-4544-A185-8257AD0CA3E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{41BCE86A-5B6F-4C66-AA8F-843F1FDE72B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe | "{4D46AB94-9CA4-4F4A-9E7D-D8394578668D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5000343C-4F9F-416D-B142-7185D4372E07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5DB19B99-0CC9-431F-AEB1-1F416D7F661D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7933D7F9-1602-478C-A4CD-34C3410D0E8C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe | "{895F9FE4-0EF5-4EA2-81CB-79850C12F57A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{92F84294-87CD-47E1-83C9-92B1E189F8C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9640BA75-9A3B-4256-97FE-AA4B81BFDFD3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{995E25AB-22B3-48DA-8703-8511BB4C97E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F462710-9973-49CB-BC79-FB232D32E256}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A1103C22-7BCF-4C17-9231-85296DA26A0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AFCA3A04-FB81-4827-8F0F-C796CC1F1590}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B2BFE2FF-D43F-46B2-B241-EF724C732C54}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | "{B78138EA-0700-487D-A0BA-A2EC451C687B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe | "{B9D2F344-FC79-4C82-AD58-4E9F4A5213EF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C1FB643F-1798-489B-A99B-33F0AE480695}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CA303667-69DB-43FE-A8B6-2835852380F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CF350A99-6F22-44F2-8B45-00FD23BC6192}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D648074F-1062-4EA7-A55A-DDD67510AA77}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D90F181B-0669-4E51-A4B1-A9CA0CA55CC0}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe | "{E5C5B5D4-78D1-46A0-939D-0FF164AF3620}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E92028CE-D54D-411C-81E1-94B496E21E90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F08BD6FE-1D70-4980-8A78-71C19E152C4E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F73014D9-F302-48DF-BF18-7205AD200668}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FEADC0B0-5282-4683-AB46-0B6FF509C91F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{5DEFFC02-063C-4781-A371-077729F869B4}" = Lenovo Solution Center "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) "CNXT_AUDIO_HDA" = Conexant HD Audio "Elantech" = Lenovo pointing device "GIMP-2_is1" = GIMP 2.8.2 "Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer "Lexmark 1200 Series" = Lexmark 1200 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1 "{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D40F840-30CA-4747-B988-E86C4C5F3B12}" = A New Beginning "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 "{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera "{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Black Mirror 2_is1" = Black Mirror 2 "Deponia" = Deponia "EdnaSE" = Edna Bricht Aus "FormatFactory" = FormatFactory 3.0.1 "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "Lizenz zum Putten!" = W&G - Lizenz zum Putten! "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Qt Eclipse Integration 1.6.1 - C:_Users_Martin_Documents_eclipse-cpp-juno-SR1-win32" = Qt Eclipse Integration 1.6.1 "Qt OpenSource 4.8.3 - C:_Qt_4.8.3" = Qt OpenSource 4.8.3 "VeriFace" = VeriFace "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.01.2013 16:09:19 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 09.01.2013 16:43:37 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 10.01.2013 06:17:48 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 10.01.2013 16:25:42 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 11.01.2013 04:57:50 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 11.01.2013 11:00:16 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 11.01.2013 16:31:26 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 12.01.2013 04:58:10 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 12.01.2013 07:26:48 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 12.01.2013 10:27:29 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 03.04.2013 17:06:37 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 04.04.2013 08:30:47 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 04.04.2013 08:30:47 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 04.04.2013 10:22:20 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error - 04.04.2013 11:40:48 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 04.04.2013 11:40:48 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 05.04.2013 04:52:28 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 05.04.2013 04:52:28 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 05.04.2013 05:33:05 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 05.04.2013 05:33:05 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > |
06.04.2013, 21:42 | #4 |
| Trojan.Maljava entfernen Und hier noch die gmer.log. Die hatte in den letzten Beitrag nicht mehr reingepasst. gmer.log: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-04-05 18:20:30 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0011 465,76GB Running: gmer_2.1.19163.exe; Driver: C:\Users\Martin\AppData\Local\Temp\axriypoc.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010011091c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100110048 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001001102ee .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001001104b2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001001109fe .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100110ae0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010011012a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100110758 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100110676 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001001103d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100110594 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010011083a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010011020c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 000000010012059e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 0000000100110f52 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100120210 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100120048 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8952a9d1} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 0000000100110ca6 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001001203d8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010012012c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001001202f4 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1620] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 0000000100110e6e .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010011091c .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100110048 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001001102ee .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001001104b2 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001001109fe .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100110ae0 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010003004c .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010011012a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100110758 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100110676 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001001103d0 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100110594 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010011083a .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010011020c .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 0000000100110f52 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100120210 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100120048 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8952a9d1} .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 0000000100110ca6 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001001203d8 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010012012c .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001001202f4 .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 0000000100110e6e .text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1704] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 00000001001204bc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010011091c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100110048 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001001102ee .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001001104b2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001001109fe .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100110ae0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010003004c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010011012a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100110758 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100110676 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001001103d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100110594 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010011083a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010011020c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 0000000100110f52 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100120210 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100120048 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8952a9d1} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 0000000100110ca6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001001203d8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010012012c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001001202f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 0000000100110e6e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 00000001001204bc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d21465 2 bytes [D2, 75] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d214bb 2 bytes [D2, 75] .text ... * 2 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 00000001001d091c .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 00000001001d0048 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001001d02ee .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001001d04b2 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001001d09fe .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 00000001001d0ae0 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 00000001001d012a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 00000001001d0758 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 00000001001d0676 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001001d03d0 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 00000001001d0594 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 00000001001d083a .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 00000001001d020c .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 00000001002604bc .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 00000001001d0f52 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100260210 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100260048 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8966a9d1} .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 00000001001d0ca6 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001002603d8 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010026012c .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001002602f4 .text C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe[2276] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 00000001001d0e6e .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d21465 2 bytes [D2, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d214bb 2 bytes [D2, 75] .text ... * 2 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010027091c .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100270048 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002702ee .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002704b2 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002709fe .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100270ae0 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010027012a .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100270758 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100270676 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002703d0 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100270594 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010027083a .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010027020c .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 000000010028059e .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 0000000100270f52 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100280210 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100280048 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8968a9d1} .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 0000000100270ca6 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001002803d8 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010028012c .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001002802f4 .text C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe[3256] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 0000000100270e6e .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010028091c .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100280048 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002802ee .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002804b2 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002809fe .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100280ae0 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010028012a .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100280758 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100280676 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002803d0 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100280594 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010028083a .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010028020c .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 00000001002904bc .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 0000000100280f52 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100290210 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100290048 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8969a9d1} .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 0000000100280ca6 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001002903d8 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010029012c .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001002902f4 .text C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe[3284] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 0000000100280e6e .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010028091c .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100280048 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002802ee .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002804b2 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002809fe .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100280ae0 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010028012a .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100280758 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100280676 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002803d0 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100280594 .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010028083a .text C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3388] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010028020c .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 00000001000e091c .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 00000001000e0048 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001000e02ee .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001000e04b2 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001000e09fe .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 00000001000e0ae0 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 00000001000e012a .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 00000001000e0758 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 00000001000e0676 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001000e03d0 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 00000001000e0594 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 00000001000e083a .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 00000001000e020c .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 000000010026059e .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 00000001000e0f52 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100260210 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100260048 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8966a9d1} .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 00000001000e0ca6 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001002603d8 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010026012c .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001002602f4 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3472] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 00000001000e0e6e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010010091c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100100048 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001001002ee .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001001004b2 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001001009fe .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100100ae0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010010012a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100100758 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100100676 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001001003d0 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100100594 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010010083a .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010010020c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 0000000100100f52 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100110210 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100110048 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8951a9d1} .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 0000000100100ca6 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001001103d8 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010011012c .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001001102f4 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 0000000100100e6e .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 0000000100110762 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d21465 2 bytes [D2, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d214bb 2 bytes [D2, 75] .text ... * 2 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 00000001017b091c .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 00000001017b0048 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001017b02ee .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001017b04b2 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001017b09fe .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 00000001017b0ae0 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010179004c .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 00000001017b012a .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 00000001017b0758 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 00000001017b0676 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001017b03d0 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 00000001017b0594 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 00000001017b083a .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 00000001017b020c .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 00000001017c059e .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 00000001017b0f52 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 00000001017c0210 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 00000001017c0048 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8abca9d1} .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 00000001017b0ca6 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001017c03d8 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 00000001017c012c .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001017c02f4 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 00000001017b0e6e .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075d21465 2 bytes [D2, 75] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075d214bb 2 bytes [D2, 75] .text ... * 2 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 00000001003f091c .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 00000001003f0048 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001003f02ee .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001003f04b2 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001003f09fe .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 00000001003f0ae0 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 00000001003d004c .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 00000001003f012a .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 00000001003f0758 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 00000001003f0676 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001003f03d0 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 00000001003f0594 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 00000001003f083a .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 00000001003f020c .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 00000001003f0f52 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100590210 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100590048 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8999a9d1} .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 00000001003f0ca6 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001005903d8 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010059012c .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001005902f4 .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 00000001003f0e6e .text C:\Program Files (x86)\PDF24\pdf24.exe[3620] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 000000010059059e .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010010091c .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100100048 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001001002ee .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001001004b2 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001001009fe .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100100ae0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010010012a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100100758 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100100676 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001001003d0 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100100594 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010010083a .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010010020c .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 0000000100100f52 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100110210 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100110048 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8951a9d1} .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 0000000100100ca6 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001001103d8 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010011012c .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001001102f4 .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 0000000100100e6e .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3636] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 00000001001104bc .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010038091c .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100380048 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001003802ee .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001003804b2 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001003809fe .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100380ae0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010038012a .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100380758 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100380676 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001003803d0 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100380594 .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010038083a .text C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[1804] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010038020c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010010091c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100100048 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001001002ee .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001001004b2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001001009fe .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100100ae0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010010012a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100100758 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100100676 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001001003d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100100594 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010010083a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010010020c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 0000000100100f52 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100110210 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100110048 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8951a9d1} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 0000000100100ca6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001001103d8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010011012c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001001102f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 0000000100100e6e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4988] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 00000001001104bc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010018091c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100180048 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001001802ee .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001001804b2 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001001809fe .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100180ae0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010016004c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010018012a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100180758 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100180676 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001001803d0 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100180594 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010018083a .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010018020c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 0000000100180f52 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100190210 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100190048 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8959a9d1} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 0000000100180ca6 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001001903d8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010019012c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001001902f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 0000000100180e6e .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4888] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 00000001001904bc .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 00000000778efc90 5 bytes JMP 000000010028091c .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000778efdf4 5 bytes JMP 0000000100280048 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 00000000778efe88 5 bytes JMP 00000001002802ee .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 00000000778effe4 5 bytes JMP 00000001002804b2 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778f0018 5 bytes JMP 00000001002809fe .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000778f0048 5 bytes JMP 0000000100280ae0 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 00000000778f0064 5 bytes JMP 000000010002004c .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 00000000778f077c 5 bytes JMP 000000010028012a .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 00000000778f086c 5 bytes JMP 0000000100280758 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000778f0884 5 bytes JMP 0000000100280676 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 00000000778f0dd4 5 bytes JMP 00000001002803d0 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000778f1900 5 bytes JMP 0000000100280594 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 00000000778f1bc4 5 bytes JMP 000000010028083a .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 00000000778f1d50 5 bytes JMP 000000010028020c .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076bf524f 7 bytes JMP 0000000100280f52 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076bf53d0 7 bytes JMP 0000000100290210 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076bf5677 1 byte JMP 0000000100290048 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076bf5679 5 bytes {JMP 0xffffffff8969a9d1} .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076bf589a 7 bytes JMP 0000000100280ca6 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076bf5a1d 7 bytes JMP 00000001002903d8 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076bf5c9b 7 bytes JMP 000000010029012c .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076bf5d87 7 bytes JMP 00000001002902f4 .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076bf7240 7 bytes JMP 0000000100280e6e .text C:\Users\Martin\Desktop\gmer_2.1.19163.exe[4288] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076d61492 7 bytes JMP 00000001002904bc ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d57d161d9 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\446d57d161d9@001d28f3f936 0x74 0xEB 0x86 0x1D ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d57d161d9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\446d57d161d9@001d28f3f936 0x74 0xEB 0x86 0x1D ... ---- Files - GMER 2.1 ---- File C:\SysPart\Boot? 0 bytes ---- EOF - GMER 2.1 ---- |
07.04.2013, 02:01 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava entfernen Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
07.04.2013, 10:52 | #6 |
| Trojan.Maljava entfernen Hallo cosinus, hier die benötigten Logs. mbar: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022 www.malwarebytes.org Database version: v2013.04.07.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Martin :: MARTIN-PC [administrator] 07.04.2013 10:58:42 mbar-log-2013-04-07 (10-58-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 29908 Time elapsed: 10 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-04-07 11:03:27 ----------------------------- 11:03:27.980 OS Version: Windows x64 6.1.7601 Service Pack 1 11:03:27.980 Number of processors: 4 586 0x3A09 11:03:27.980 ComputerName: MARTIN-PC UserName: Martin 11:03:29.962 Initialize success 11:07:21.814 AVAST engine defs: 13040700 11:07:38.241 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 11:07:38.241 Disk 0 Vendor: ST950032 0011 Size: 476940MB BusType: 3 11:07:38.366 Disk 0 MBR read successfully 11:07:38.366 Disk 0 MBR scan 11:07:38.382 Disk 0 Windows 7 default MBR code 11:07:38.382 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048 11:07:38.413 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 430658 MB offset 411648 11:07:38.444 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 26080 MB offset 882399232 11:07:38.460 Disk 0 Partition 4 00 12 Compaq diag NTFS 20001 MB offset 935811072 11:07:38.616 Disk 0 scanning C:\Windows\system32\drivers 11:07:52.063 Service scanning 11:08:18.912 Modules scanning 11:08:18.912 Disk 0 trace - called modules: 11:08:19.443 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 11:08:19.443 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80087de060] 11:08:19.458 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f6b050] 11:08:20.613 AVAST engine scan C:\Windows 11:08:22.828 AVAST engine scan C:\Windows\system32 11:11:17.756 AVAST engine scan C:\Windows\system32\drivers 11:11:43.405 AVAST engine scan C:\Users\Martin 11:20:40.593 AVAST engine scan C:\ProgramData 11:23:13.602 Scan finished successfully 11:23:36.393 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat" 11:23:36.409 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt" TDSSKiller: Code:
ATTFilter 11:32:07.0823 2916 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 11:32:08.0135 2916 ============================================================ 11:32:08.0135 2916 Current date / time: 2013/04/07 11:32:08.0135 11:32:08.0135 2916 SystemInfo: 11:32:08.0135 2916 11:32:08.0135 2916 OS Version: 6.1.7601 ServicePack: 1.0 11:32:08.0135 2916 Product type: Workstation 11:32:08.0135 2916 ComputerName: MARTIN-PC 11:32:08.0135 2916 UserName: Martin 11:32:08.0135 2916 Windows directory: C:\Windows 11:32:08.0135 2916 System windows directory: C:\Windows 11:32:08.0135 2916 Running under WOW64 11:32:08.0135 2916 Processor architecture: Intel x64 11:32:08.0135 2916 Number of processors: 4 11:32:08.0135 2916 Page size: 0x1000 11:32:08.0135 2916 Boot type: Normal boot 11:32:08.0135 2916 ============================================================ 11:32:08.0759 2916 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:32:08.0759 2916 ============================================================ 11:32:08.0759 2916 \Device\Harddisk0\DR0: 11:32:08.0759 2916 MBR partitions: 11:32:08.0759 2916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000 11:32:08.0759 2916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34921000 11:32:08.0759 2916 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34985800, BlocksNum 0x32F0000 11:32:08.0759 2916 ============================================================ 11:32:08.0774 2916 C: <-> \Device\Harddisk0\DR0\Partition2 11:32:08.0821 2916 D: <-> \Device\Harddisk0\DR0\Partition3 11:32:08.0821 2916 ============================================================ 11:32:08.0821 2916 Initialize success 11:32:08.0821 2916 ============================================================ 11:32:18.0368 3776 ============================================================ 11:32:18.0368 3776 Scan started 11:32:18.0368 3776 Mode: Manual; SigCheck; TDLFS; 11:32:18.0368 3776 ============================================================ 11:32:18.0868 3776 ================ Scan system memory ======================== 11:32:18.0868 3776 System memory - ok 11:32:18.0868 3776 ================ Scan services ============================= 11:32:19.0024 3776 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 11:32:19.0117 3776 1394ohci - ok 11:32:19.0164 3776 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys 11:32:19.0211 3776 acedrv11 - ok 11:32:19.0242 3776 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 11:32:19.0258 3776 ACPI - ok 11:32:19.0273 3776 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 11:32:19.0304 3776 AcpiPmi - ok 11:32:19.0336 3776 [ 5E813B11629007309E4FC0F0FD2B7C30 ] ACPIVPC C:\Windows\system32\DRIVERS\AcpiVpc.sys 11:32:19.0336 3776 ACPIVPC - ok 11:32:19.0492 3776 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 11:32:19.0507 3776 AdobeARMservice - ok 11:32:19.0616 3776 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 11:32:19.0648 3776 AdobeFlashPlayerUpdateSvc - ok 11:32:19.0710 3776 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 11:32:19.0741 3776 adp94xx - ok 11:32:19.0757 3776 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 11:32:19.0772 3776 adpahci - ok 11:32:19.0772 3776 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 11:32:19.0788 3776 adpu320 - ok 11:32:19.0804 3776 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 11:32:19.0944 3776 AeLookupSvc - ok 11:32:19.0991 3776 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 11:32:20.0053 3776 AFD - ok 11:32:20.0069 3776 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 11:32:20.0084 3776 agp440 - ok 11:32:20.0116 3776 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 11:32:20.0147 3776 ALG - ok 11:32:20.0162 3776 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 11:32:20.0178 3776 aliide - ok 11:32:20.0209 3776 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 11:32:20.0225 3776 amdide - ok 11:32:20.0256 3776 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 11:32:20.0287 3776 AmdK8 - ok 11:32:20.0303 3776 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 11:32:20.0334 3776 AmdPPM - ok 11:32:20.0350 3776 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 11:32:20.0350 3776 amdsata - ok 11:32:20.0365 3776 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 11:32:20.0381 3776 amdsbs - ok 11:32:20.0396 3776 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 11:32:20.0412 3776 amdxata - ok 11:32:20.0443 3776 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 11:32:20.0459 3776 AppID - ok 11:32:20.0474 3776 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 11:32:20.0506 3776 AppIDSvc - ok 11:32:20.0521 3776 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 11:32:20.0552 3776 Appinfo - ok 11:32:20.0630 3776 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:32:20.0646 3776 Apple Mobile Device - ok 11:32:20.0662 3776 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 11:32:20.0677 3776 arc - ok 11:32:20.0708 3776 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 11:32:20.0724 3776 arcsas - ok 11:32:20.0740 3776 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 11:32:20.0786 3776 AsyncMac - ok 11:32:20.0818 3776 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 11:32:20.0818 3776 atapi - ok 11:32:20.0849 3776 [ 78B183A794A08978EA0A8D017054352B ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys 11:32:20.0849 3776 AthBTPort - ok 11:32:20.0880 3776 [ 42EF52D591A53CBE43D82C6C96F50A59 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 11:32:20.0896 3776 AtherosSvc - ok 11:32:20.0974 3776 [ 6C496450404ABDC887E56DF462B34255 ] athr C:\Windows\system32\DRIVERS\athrx.sys 11:32:21.0020 3776 athr - ok 11:32:21.0083 3776 [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys 11:32:21.0098 3776 atksgt - ok 11:32:21.0130 3776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 11:32:21.0176 3776 AudioEndpointBuilder - ok 11:32:21.0208 3776 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 11:32:21.0223 3776 AudioSrv - ok 11:32:21.0254 3776 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 11:32:21.0348 3776 AxInstSV - ok 11:32:21.0410 3776 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 11:32:21.0442 3776 b06bdrv - ok 11:32:21.0488 3776 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 11:32:21.0535 3776 b57nd60a - ok 11:32:21.0566 3776 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 11:32:21.0598 3776 BDESVC - ok 11:32:21.0629 3776 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 11:32:21.0691 3776 Beep - ok 11:32:21.0754 3776 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 11:32:21.0800 3776 BFE - ok 11:32:22.0190 3776 [ E92A3DA47BED7CC65D264235617ED46E ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys 11:32:22.0253 3776 BHDrvx64 - ok 11:32:22.0284 3776 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 11:32:22.0346 3776 BITS - ok 11:32:22.0362 3776 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 11:32:22.0393 3776 blbdrive - ok 11:32:22.0487 3776 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 11:32:22.0502 3776 Bonjour Service - ok 11:32:22.0518 3776 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 11:32:22.0549 3776 bowser - ok 11:32:22.0674 3776 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\Windows\system32\drivers\BPntDrv.sys 11:32:22.0690 3776 BPntDrv - ok 11:32:22.0721 3776 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 11:32:22.0768 3776 BrFiltLo - ok 11:32:22.0768 3776 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 11:32:22.0799 3776 BrFiltUp - ok 11:32:22.0830 3776 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 11:32:22.0846 3776 Browser - ok 11:32:22.0861 3776 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 11:32:22.0877 3776 Brserid - ok 11:32:22.0892 3776 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 11:32:22.0908 3776 BrSerWdm - ok 11:32:22.0924 3776 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 11:32:22.0955 3776 BrUsbMdm - ok 11:32:23.0189 3776 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 11:32:23.0251 3776 BrUsbSer - ok 11:32:23.0298 3776 [ EDEBD26DF631A78483707C3F7429027F ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys 11:32:23.0298 3776 BTATH_A2DP - ok 11:32:23.0314 3776 [ 2F22177BFEA75326DC0C535D71985A4E ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys 11:32:23.0329 3776 btath_avdt - ok 11:32:23.0360 3776 [ D438A33D568C76C24E8D7394981F42DC ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys 11:32:23.0376 3776 BTATH_BUS - ok 11:32:23.0376 3776 [ 6EFA8C93009E0BE0886C2422C7D20BC5 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys 11:32:23.0392 3776 BTATH_HCRP - ok 11:32:23.0407 3776 [ 168506D0F0C8DF588F8A7E25C58A2DE6 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys 11:32:23.0407 3776 BTATH_LWFLT - ok 11:32:23.0423 3776 [ 7C8FB1D73BD279DD914CCA6ED0F4F62B ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys 11:32:23.0423 3776 BTATH_RCP - ok 11:32:23.0470 3776 [ 58D67C18894F96E89C076150BB76AD40 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys 11:32:23.0470 3776 BtFilter - ok 11:32:23.0516 3776 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 11:32:23.0532 3776 BthEnum - ok 11:32:23.0548 3776 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 11:32:23.0579 3776 BTHMODEM - ok 11:32:23.0688 3776 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 11:32:23.0719 3776 BthPan - ok 11:32:23.0735 3776 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 11:32:23.0750 3776 BTHPORT - ok 11:32:23.0797 3776 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 11:32:23.0844 3776 bthserv - ok 11:32:23.0875 3776 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 11:32:23.0906 3776 BTHUSB - ok 11:32:23.0984 3776 [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys 11:32:24.0000 3776 ccSet_NIS - ok 11:32:24.0000 3776 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 11:32:24.0062 3776 cdfs - ok 11:32:24.0109 3776 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 11:32:24.0140 3776 cdrom - ok 11:32:24.0172 3776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 11:32:24.0234 3776 CertPropSvc - ok 11:32:24.0250 3776 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 11:32:24.0281 3776 circlass - ok 11:32:24.0296 3776 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 11:32:24.0312 3776 CLFS - ok 11:32:24.0374 3776 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:32:24.0390 3776 clr_optimization_v2.0.50727_32 - ok 11:32:24.0452 3776 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:32:24.0484 3776 clr_optimization_v2.0.50727_64 - ok 11:32:24.0546 3776 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:32:24.0562 3776 clr_optimization_v4.0.30319_32 - ok 11:32:24.0593 3776 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:32:24.0608 3776 clr_optimization_v4.0.30319_64 - ok 11:32:24.0640 3776 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys 11:32:24.0655 3776 clwvd - ok 11:32:24.0671 3776 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 11:32:24.0702 3776 CmBatt - ok 11:32:24.0718 3776 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 11:32:24.0718 3776 cmdide - ok 11:32:24.0764 3776 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 11:32:24.0780 3776 CNG - ok 11:32:24.0842 3776 [ 9F6DE1995A188615CEEE908E750A34ED ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 11:32:24.0889 3776 CnxtHdAudService - ok 11:32:24.0905 3776 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 11:32:24.0920 3776 Compbatt - ok 11:32:24.0936 3776 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 11:32:24.0967 3776 CompositeBus - ok 11:32:24.0983 3776 COMSysApp - ok 11:32:25.0123 3776 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 11:32:25.0154 3776 cphs - ok 11:32:25.0186 3776 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 11:32:25.0186 3776 crcdisk - ok 11:32:25.0248 3776 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 11:32:25.0295 3776 CryptSvc - ok 11:32:25.0357 3776 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 11:32:25.0388 3776 cvhsvc - ok 11:32:25.0466 3776 [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe 11:32:25.0482 3776 CxAudMsg - ok 11:32:25.0529 3776 [ 56F4750B7F0CE969E43DE2A76DDA5A5F ] DamageGuard C:\Windows\system32\DRIVERS\DamageGuardX64.sys 11:32:25.0544 3776 DamageGuard - ok 11:32:25.0622 3776 [ 75974DA59BA3D2E3DCE9386493A31F54 ] DamageGuardSvc C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe 11:32:25.0654 3776 DamageGuardSvc - ok 11:32:25.0700 3776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 11:32:25.0747 3776 DcomLaunch - ok 11:32:25.0778 3776 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 11:32:25.0810 3776 defragsvc - ok 11:32:25.0841 3776 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 11:32:25.0872 3776 DfsC - ok 11:32:25.0888 3776 [ 5014042B07FE6CBE0E6C737AA3F1EBFC ] dgFltr C:\Windows\system32\drivers\dgFltrX64.sys 11:32:25.0888 3776 dgFltr - ok 11:32:25.0934 3776 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 11:32:25.0966 3776 Dhcp - ok 11:32:25.0997 3776 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 11:32:26.0028 3776 discache - ok 11:32:26.0059 3776 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 11:32:26.0075 3776 Disk - ok 11:32:26.0122 3776 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 11:32:26.0153 3776 Dnscache - ok 11:32:26.0168 3776 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 11:32:26.0231 3776 dot3svc - ok 11:32:26.0278 3776 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 11:32:26.0340 3776 DPS - ok 11:32:26.0371 3776 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 11:32:26.0387 3776 drmkaud - ok 11:32:26.0418 3776 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 11:32:26.0449 3776 DXGKrnl - ok 11:32:26.0465 3776 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 11:32:26.0496 3776 EapHost - ok 11:32:26.0574 3776 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 11:32:26.0636 3776 ebdrv - ok 11:32:26.0714 3776 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 11:32:26.0730 3776 eeCtrl - ok 11:32:26.0761 3776 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 11:32:26.0777 3776 EFS - ok 11:32:26.0855 3776 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 11:32:26.0917 3776 ehRecvr - ok 11:32:26.0933 3776 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 11:32:26.0948 3776 ehSched - ok 11:32:27.0011 3776 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 11:32:27.0026 3776 elxstor - ok 11:32:27.0073 3776 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 11:32:27.0073 3776 EraserUtilRebootDrv - ok 11:32:27.0089 3776 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 11:32:27.0104 3776 ErrDev - ok 11:32:27.0167 3776 [ 4B18C33EEDD15BD2AAF99807D36555B3 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 11:32:27.0182 3776 ETD - ok 11:32:27.0214 3776 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 11:32:27.0245 3776 EventSystem - ok 11:32:27.0276 3776 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 11:32:27.0307 3776 exfat - ok 11:32:27.0323 3776 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 11:32:27.0370 3776 fastfat - ok 11:32:27.0479 3776 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 11:32:27.0526 3776 Fax - ok 11:32:27.0557 3776 [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon C:\Windows\system32\drivers\fbfmon.sys 11:32:27.0572 3776 fbfmon - ok 11:32:27.0588 3776 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 11:32:27.0619 3776 fdc - ok 11:32:27.0666 3776 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 11:32:27.0697 3776 fdPHost - ok 11:32:27.0713 3776 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 11:32:27.0744 3776 FDResPub - ok 11:32:27.0760 3776 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 11:32:27.0775 3776 FileInfo - ok 11:32:27.0791 3776 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 11:32:27.0822 3776 Filetrace - ok 11:32:27.0838 3776 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 11:32:27.0853 3776 flpydisk - ok 11:32:27.0884 3776 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 11:32:27.0884 3776 FltMgr - ok 11:32:27.0947 3776 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 11:32:28.0009 3776 FontCache - ok 11:32:28.0056 3776 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:32:28.0072 3776 FontCache3.0.0.0 - ok 11:32:28.0087 3776 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 11:32:28.0103 3776 FsDepends - ok 11:32:28.0134 3776 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 11:32:28.0150 3776 fssfltr - ok 11:32:28.0212 3776 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 11:32:28.0290 3776 fsssvc - ok 11:32:28.0337 3776 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 11:32:28.0337 3776 Fs_Rec - ok 11:32:28.0384 3776 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 11:32:28.0399 3776 fvevol - ok 11:32:28.0415 3776 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 11:32:28.0430 3776 gagp30kx - ok 11:32:28.0477 3776 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:32:28.0493 3776 GEARAspiWDM - ok 11:32:28.0540 3776 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 11:32:28.0618 3776 gpsvc - ok 11:32:28.0664 3776 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:32:28.0664 3776 gupdate - ok 11:32:28.0680 3776 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:32:28.0696 3776 gupdatem - ok 11:32:28.0711 3776 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 11:32:28.0727 3776 gusvc - ok 11:32:28.0742 3776 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 11:32:28.0758 3776 hcw85cir - ok 11:32:28.0789 3776 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 11:32:28.0836 3776 HdAudAddService - ok 11:32:28.0883 3776 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 11:32:28.0914 3776 HDAudBus - ok 11:32:28.0945 3776 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 11:32:28.0961 3776 HidBatt - ok 11:32:28.0992 3776 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 11:32:29.0023 3776 HidBth - ok 11:32:29.0070 3776 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 11:32:29.0086 3776 HidIr - ok 11:32:29.0101 3776 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 11:32:29.0148 3776 hidserv - ok 11:32:29.0164 3776 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 11:32:29.0179 3776 HidUsb - ok 11:32:29.0210 3776 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 11:32:29.0273 3776 hkmsvc - ok 11:32:29.0320 3776 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 11:32:29.0351 3776 HomeGroupListener - ok 11:32:29.0366 3776 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 11:32:29.0398 3776 HomeGroupProvider - ok 11:32:29.0429 3776 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 11:32:29.0444 3776 HpSAMD - ok 11:32:29.0476 3776 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 11:32:29.0554 3776 HTTP - ok 11:32:29.0569 3776 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 11:32:29.0569 3776 hwpolicy - ok 11:32:29.0616 3776 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 11:32:29.0632 3776 i8042prt - ok 11:32:29.0663 3776 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 11:32:29.0678 3776 iaStor - ok 11:32:29.0741 3776 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 11:32:29.0756 3776 IAStorDataMgrSvc - ok 11:32:29.0788 3776 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 11:32:29.0803 3776 iaStorV - ok 11:32:29.0897 3776 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:32:29.0944 3776 idsvc - ok 11:32:30.0146 3776 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130405.001\IDSvia64.sys 11:32:30.0162 3776 IDSVia64 - ok 11:32:30.0318 3776 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 11:32:30.0412 3776 igfx - ok 11:32:30.0443 3776 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 11:32:30.0458 3776 iirsp - ok 11:32:30.0490 3776 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 11:32:30.0521 3776 IKEEXT - ok 11:32:30.0568 3776 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 11:32:30.0630 3776 IntcDAud - ok 11:32:30.0692 3776 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 11:32:30.0739 3776 Intel(R) Capability Licensing Service Interface - ok 11:32:30.0739 3776 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 11:32:30.0755 3776 intelide - ok 11:32:30.0770 3776 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 11:32:30.0817 3776 intelppm - ok 11:32:30.0848 3776 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 11:32:30.0895 3776 IPBusEnum - ok 11:32:30.0926 3776 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:32:30.0989 3776 IpFilterDriver - ok 11:32:31.0036 3776 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 11:32:31.0067 3776 iphlpsvc - ok 11:32:31.0098 3776 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 11:32:31.0114 3776 IPMIDRV - ok 11:32:31.0129 3776 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 11:32:31.0160 3776 IPNAT - ok 11:32:31.0238 3776 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 11:32:31.0285 3776 iPod Service - ok 11:32:31.0332 3776 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 11:32:31.0379 3776 IRENUM - ok 11:32:31.0379 3776 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 11:32:31.0394 3776 isapnp - ok 11:32:31.0410 3776 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 11:32:31.0426 3776 iScsiPrt - ok 11:32:31.0472 3776 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 11:32:31.0488 3776 iusb3hcs - ok 11:32:31.0535 3776 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 11:32:31.0550 3776 iusb3hub - ok 11:32:31.0582 3776 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 11:32:31.0597 3776 iusb3xhc - ok 11:32:31.0644 3776 [ 09CA717536671E0896E07D239EE6740F ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 11:32:31.0675 3776 jhi_service - ok 11:32:31.0706 3776 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 11:32:31.0722 3776 kbdclass - ok 11:32:31.0753 3776 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 11:32:31.0784 3776 kbdhid - ok 11:32:31.0800 3776 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 11:32:31.0816 3776 KeyIso - ok 11:32:31.0878 3776 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 11:32:31.0894 3776 KSecDD - ok 11:32:31.0909 3776 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 11:32:31.0909 3776 KSecPkg - ok 11:32:31.0956 3776 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 11:32:31.0987 3776 ksthunk - ok 11:32:32.0018 3776 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 11:32:32.0050 3776 KtmRm - ok 11:32:32.0081 3776 [ FC741259B7C22379EE83257D7CF91151 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 11:32:32.0096 3776 L1C - ok 11:32:32.0128 3776 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 11:32:32.0174 3776 LanmanServer - ok 11:32:32.0174 3776 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 11:32:32.0221 3776 LanmanWorkstation - ok 11:32:32.0237 3776 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\Windows\system32\DRIVERS\LhdX64.sys 11:32:32.0252 3776 LHDmgr - ok 11:32:32.0315 3776 [ 955982BF4421B77722196552B62E8DC2 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys 11:32:32.0330 3776 lirsgt - ok 11:32:32.0362 3776 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 11:32:32.0393 3776 lltdio - ok 11:32:32.0424 3776 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 11:32:32.0455 3776 lltdsvc - ok 11:32:32.0486 3776 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 11:32:32.0518 3776 lmhosts - ok 11:32:32.0549 3776 [ A60D56228FF3EE7EC1A56A908924680E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 11:32:32.0564 3776 LMS - ok 11:32:32.0611 3776 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 11:32:32.0611 3776 LSI_FC - ok 11:32:32.0642 3776 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 11:32:32.0642 3776 LSI_SAS - ok 11:32:32.0658 3776 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 11:32:32.0674 3776 LSI_SAS2 - ok 11:32:32.0689 3776 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 11:32:32.0705 3776 LSI_SCSI - ok 11:32:32.0939 3776 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 11:32:32.0970 3776 luafv - ok 11:32:32.0986 3776 lxcz_device - ok 11:32:33.0064 3776 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 11:32:33.0079 3776 Mcx2Svc - ok 11:32:33.0110 3776 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 11:32:33.0126 3776 megasas - ok 11:32:33.0173 3776 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 11:32:33.0188 3776 MegaSR - ok 11:32:33.0251 3776 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 11:32:33.0251 3776 MEIx64 - ok 11:32:33.0282 3776 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 11:32:33.0313 3776 MMCSS - ok 11:32:33.0329 3776 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 11:32:33.0376 3776 Modem - ok 11:32:33.0422 3776 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 11:32:33.0438 3776 monitor - ok 11:32:33.0454 3776 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 11:32:33.0469 3776 mouclass - ok 11:32:33.0516 3776 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 11:32:33.0532 3776 mouhid - ok 11:32:33.0547 3776 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 11:32:33.0563 3776 mountmgr - ok 11:32:33.0610 3776 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 11:32:33.0641 3776 MozillaMaintenance - ok 11:32:33.0688 3776 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 11:32:33.0688 3776 mpio - ok 11:32:33.0719 3776 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 11:32:33.0750 3776 mpsdrv - ok 11:32:33.0781 3776 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 11:32:33.0812 3776 MpsSvc - ok 11:32:33.0828 3776 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 11:32:33.0844 3776 MRxDAV - ok 11:32:33.0844 3776 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 11:32:33.0875 3776 mrxsmb - ok 11:32:33.0890 3776 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:32:33.0906 3776 mrxsmb10 - ok 11:32:33.0922 3776 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:32:33.0937 3776 mrxsmb20 - ok 11:32:33.0953 3776 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 11:32:33.0968 3776 msahci - ok 11:32:33.0984 3776 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 11:32:33.0984 3776 msdsm - ok 11:32:34.0000 3776 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 11:32:34.0031 3776 MSDTC - ok 11:32:34.0062 3776 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 11:32:34.0093 3776 Msfs - ok 11:32:34.0124 3776 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 11:32:34.0171 3776 mshidkmdf - ok 11:32:34.0202 3776 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 11:32:34.0218 3776 msisadrv - ok 11:32:34.0234 3776 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 11:32:34.0280 3776 MSiSCSI - ok 11:32:34.0280 3776 msiserver - ok 11:32:34.0312 3776 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 11:32:34.0343 3776 MSKSSRV - ok 11:32:34.0374 3776 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 11:32:34.0405 3776 MSPCLOCK - ok 11:32:34.0421 3776 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 11:32:34.0452 3776 MSPQM - ok 11:32:34.0483 3776 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 11:32:34.0483 3776 MsRPC - ok 11:32:34.0499 3776 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 11:32:34.0514 3776 mssmbios - ok 11:32:34.0530 3776 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 11:32:34.0561 3776 MSTEE - ok 11:32:34.0577 3776 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 11:32:34.0592 3776 MTConfig - ok 11:32:34.0608 3776 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 11:32:34.0624 3776 Mup - ok 11:32:34.0655 3776 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 11:32:34.0686 3776 napagent - ok 11:32:34.0733 3776 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 11:32:34.0764 3776 NativeWifiP - ok 11:32:34.0842 3776 [ 88A2F45CE66B904285978D6BB13AFEB2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130406.008\ENG64.SYS 11:32:34.0858 3776 NAVENG - ok 11:32:34.0936 3776 [ D2A545DA3A90BBFA40E020C23F1B7A48 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130406.008\EX64.SYS 11:32:35.0045 3776 NAVEX15 - ok 11:32:35.0076 3776 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 11:32:35.0107 3776 NDIS - ok 11:32:35.0138 3776 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 11:32:35.0201 3776 NdisCap - ok 11:32:35.0232 3776 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 11:32:35.0248 3776 NdisTapi - ok 11:32:35.0263 3776 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 11:32:35.0279 3776 Ndisuio - ok 11:32:35.0294 3776 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 11:32:35.0341 3776 NdisWan - ok 11:32:35.0357 3776 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 11:32:35.0388 3776 NDProxy - ok 11:32:35.0419 3776 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 11:32:35.0466 3776 NetBIOS - ok 11:32:35.0482 3776 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 11:32:35.0497 3776 NetBT - ok 11:32:35.0513 3776 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 11:32:35.0513 3776 Netlogon - ok 11:32:35.0544 3776 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 11:32:35.0575 3776 Netman - ok 11:32:35.0591 3776 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 11:32:35.0638 3776 netprofm - ok 11:32:35.0669 3776 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:32:35.0669 3776 NetTcpPortSharing - ok 11:32:35.0700 3776 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 11:32:35.0716 3776 nfrd960 - ok 11:32:35.0762 3776 [ 241BD3019FB31E812A51B31B06906335 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe 11:32:35.0794 3776 NIS - ok 11:32:35.0825 3776 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 11:32:35.0872 3776 NlaSvc - ok 11:32:35.0918 3776 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 11:32:35.0950 3776 Npfs - ok 11:32:35.0965 3776 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 11:32:35.0996 3776 nsi - ok 11:32:36.0012 3776 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 11:32:36.0028 3776 nsiproxy - ok 11:32:36.0074 3776 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 11:32:36.0106 3776 Ntfs - ok 11:32:36.0121 3776 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 11:32:36.0152 3776 Null - ok 11:32:36.0402 3776 [ FE2909F7DFB12B9A20AD207FE23B7E96 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 11:32:36.0527 3776 nvlddmkm - ok 11:32:36.0558 3776 [ 54C7D4E3A31888FA4BE822F506FE905B ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys 11:32:36.0558 3776 nvpciflt - ok 11:32:36.0589 3776 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 11:32:36.0605 3776 nvraid - ok 11:32:36.0636 3776 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 11:32:36.0636 3776 nvstor - ok 11:32:36.0683 3776 [ 3341D2C91989BC87C3C0BAA97C27253B ] nvsvc C:\Windows\system32\nvvsvc.exe 11:32:36.0714 3776 nvsvc - ok 11:32:36.0761 3776 [ 551CE34DAD2DFF0A480781E68B286E4D ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 11:32:36.0839 3776 nvUpdatusService - ok 11:32:36.0886 3776 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 11:32:36.0901 3776 nv_agp - ok 11:32:36.0932 3776 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 11:32:36.0964 3776 ohci1394 - ok 11:32:36.0979 3776 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:32:36.0995 3776 ose - ok 11:32:37.0135 3776 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 11:32:37.0276 3776 osppsvc - ok 11:32:37.0307 3776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 11:32:37.0322 3776 p2pimsvc - ok 11:32:37.0338 3776 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 11:32:37.0354 3776 p2psvc - ok 11:32:37.0385 3776 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 11:32:37.0385 3776 Parport - ok 11:32:37.0400 3776 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 11:32:37.0416 3776 partmgr - ok 11:32:37.0432 3776 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 11:32:37.0447 3776 PcaSvc - ok 11:32:37.0478 3776 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 11:32:37.0478 3776 pci - ok 11:32:37.0494 3776 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 11:32:37.0510 3776 pciide - ok 11:32:37.0525 3776 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 11:32:37.0541 3776 pcmcia - ok 11:32:37.0556 3776 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 11:32:37.0556 3776 pcw - ok 11:32:37.0572 3776 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 11:32:37.0603 3776 PEAUTH - ok 11:32:37.0681 3776 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 11:32:37.0697 3776 PerfHost - ok 11:32:37.0759 3776 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 11:32:37.0837 3776 pla - ok 11:32:37.0884 3776 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 11:32:37.0915 3776 PlugPlay - ok 11:32:37.0915 3776 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 11:32:37.0946 3776 PNRPAutoReg - ok 11:32:37.0962 3776 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 11:32:37.0962 3776 PNRPsvc - ok 11:32:37.0993 3776 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 11:32:38.0056 3776 PolicyAgent - ok 11:32:38.0087 3776 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 11:32:38.0102 3776 Power - ok 11:32:38.0149 3776 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 11:32:38.0212 3776 PptpMiniport - ok 11:32:38.0227 3776 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 11:32:38.0227 3776 Processor - ok 11:32:38.0274 3776 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 11:32:38.0305 3776 ProfSvc - ok 11:32:38.0321 3776 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 11:32:38.0321 3776 ProtectedStorage - ok 11:32:38.0336 3776 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 11:32:38.0383 3776 Psched - ok 11:32:38.0430 3776 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 11:32:38.0492 3776 ql2300 - ok 11:32:38.0508 3776 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 11:32:38.0524 3776 ql40xx - ok 11:32:38.0539 3776 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 11:32:38.0555 3776 QWAVE - ok 11:32:38.0570 3776 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 11:32:38.0586 3776 QWAVEdrv - ok 11:32:38.0602 3776 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 11:32:38.0633 3776 RasAcd - ok 11:32:38.0664 3776 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 11:32:38.0726 3776 RasAgileVpn - ok 11:32:38.0773 3776 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 11:32:38.0836 3776 RasAuto - ok 11:32:38.0898 3776 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 11:32:38.0960 3776 Rasl2tp - ok 11:32:39.0007 3776 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 11:32:39.0038 3776 RasMan - ok 11:32:39.0054 3776 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 11:32:39.0085 3776 RasPppoe - ok 11:32:39.0101 3776 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 11:32:39.0148 3776 RasSstp - ok 11:32:39.0179 3776 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 11:32:39.0210 3776 rdbss - ok 11:32:39.0210 3776 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 11:32:39.0226 3776 rdpbus - ok 11:32:39.0257 3776 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 11:32:39.0319 3776 RDPCDD - ok 11:32:39.0335 3776 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 11:32:39.0366 3776 RDPENCDD - ok 11:32:39.0382 3776 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 11:32:39.0413 3776 RDPREFMP - ok 11:32:39.0428 3776 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 11:32:39.0460 3776 RDPWD - ok 11:32:39.0491 3776 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 11:32:39.0491 3776 rdyboost - ok 11:32:39.0522 3776 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 11:32:39.0553 3776 RemoteAccess - ok 11:32:39.0569 3776 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 11:32:39.0600 3776 RemoteRegistry - ok 11:32:39.0631 3776 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 11:32:39.0662 3776 RFCOMM - ok 11:32:39.0694 3776 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 11:32:39.0725 3776 RpcEptMapper - ok 11:32:39.0740 3776 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 11:32:39.0787 3776 RpcLocator - ok 11:32:39.0803 3776 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 11:32:39.0834 3776 RpcSs - ok 11:32:39.0881 3776 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 11:32:39.0912 3776 rspndr - ok 11:32:39.0974 3776 [ 88AB579F407A3D02918B8DCC4E6E34B3 ] RSUSBVSTOR C:\Windows\system32\Drivers\RtsUVStor.sys 11:32:39.0990 3776 RSUSBVSTOR - ok 11:32:40.0006 3776 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 11:32:40.0021 3776 SamSs - ok 11:32:40.0037 3776 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 11:32:40.0052 3776 sbp2port - ok 11:32:40.0084 3776 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 11:32:40.0146 3776 SCardSvr - ok 11:32:40.0162 3776 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 11:32:40.0193 3776 scfilter - ok 11:32:40.0224 3776 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 11:32:40.0271 3776 Schedule - ok 11:32:40.0286 3776 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 11:32:40.0318 3776 SCPolicySvc - ok 11:32:40.0333 3776 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 11:32:40.0349 3776 SDRSVC - ok 11:32:40.0380 3776 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 11:32:40.0411 3776 secdrv - ok 11:32:40.0411 3776 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 11:32:40.0442 3776 seclogon - ok 11:32:40.0458 3776 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 11:32:40.0489 3776 SENS - ok 11:32:40.0505 3776 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 11:32:40.0536 3776 SensrSvc - ok 11:32:40.0536 3776 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 11:32:40.0567 3776 Serenum - ok 11:32:40.0598 3776 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 11:32:40.0630 3776 Serial - ok 11:32:40.0661 3776 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 11:32:40.0692 3776 sermouse - ok 11:32:40.0723 3776 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 11:32:40.0770 3776 SessionEnv - ok 11:32:40.0786 3776 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 11:32:40.0801 3776 sffdisk - ok 11:32:40.0817 3776 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 11:32:40.0848 3776 sffp_mmc - ok 11:32:40.0864 3776 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 11:32:40.0879 3776 sffp_sd - ok 11:32:40.0879 3776 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 11:32:40.0895 3776 sfloppy - ok 11:32:40.0942 3776 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 11:32:40.0973 3776 Sftfs - ok 11:32:41.0035 3776 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 11:32:41.0066 3776 sftlist - ok 11:32:41.0098 3776 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 11:32:41.0129 3776 Sftplay - ok 11:32:41.0129 3776 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 11:32:41.0144 3776 Sftredir - ok 11:32:41.0144 3776 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 11:32:41.0160 3776 Sftvol - ok 11:32:41.0176 3776 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 11:32:41.0191 3776 sftvsa - ok 11:32:41.0222 3776 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 11:32:41.0269 3776 SharedAccess - ok 11:32:41.0285 3776 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 11:32:41.0332 3776 ShellHWDetection - ok 11:32:41.0363 3776 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 11:32:41.0363 3776 SiSRaid2 - ok 11:32:41.0394 3776 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 11:32:41.0394 3776 SiSRaid4 - ok 11:32:41.0425 3776 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 11:32:41.0441 3776 Smb - ok 11:32:41.0456 3776 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 11:32:41.0472 3776 SNMPTRAP - ok 11:32:41.0488 3776 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 11:32:41.0488 3776 spldr - ok 11:32:41.0534 3776 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 11:32:41.0550 3776 Spooler - ok 11:32:41.0628 3776 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 11:32:41.0753 3776 sppsvc - ok 11:32:41.0768 3776 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 11:32:41.0800 3776 sppuinotify - ok 11:32:41.0878 3776 [ 378A0748DE5ADF90BF9DB897DA8564E6 ] SRTSP C:\Windows\System32\Drivers\NISx64\1403000.024\SRTSP64.SYS 11:32:41.0909 3776 SRTSP - ok 11:32:41.0956 3776 [ 0E76CEF892C45734F7AED09FDDF35D4D ] SRTSPX C:\Windows\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS 11:32:41.0956 3776 SRTSPX - ok 11:32:41.0971 3776 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 11:32:42.0002 3776 srv - ok 11:32:42.0080 3776 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 11:32:42.0112 3776 srv2 - ok 11:32:42.0143 3776 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 11:32:42.0158 3776 srvnet - ok 11:32:42.0190 3776 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 11:32:42.0221 3776 SSDPSRV - ok 11:32:42.0252 3776 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 11:32:42.0268 3776 SstpSvc - ok 11:32:42.0283 3776 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 11:32:42.0299 3776 stexstor - ok 11:32:42.0314 3776 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 11:32:42.0346 3776 stisvc - ok 11:32:42.0361 3776 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 11:32:42.0377 3776 swenum - ok 11:32:42.0392 3776 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 11:32:42.0439 3776 swprv - ok 11:32:42.0486 3776 [ E174C8BC572E93AEEE1036DEDAC5F225 ] SymDS C:\Windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS 11:32:42.0502 3776 SymDS - ok 11:32:42.0548 3776 [ 599872BAD7CFB45C7CE47CDED4B726D8 ] SymEFA C:\Windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS 11:32:42.0580 3776 SymEFA - ok 11:32:42.0626 3776 [ F5D6D3B7468C46EA2DDC1D19D2A6DA0F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 11:32:42.0626 3776 SymEvent - ok 11:32:42.0907 3776 [ ADF37F1A715D6C56C8E065FD8569A9A4 ] SymIRON C:\Windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS 11:32:42.0907 3776 SymIRON - ok 11:32:42.0954 3776 [ 1605EBD8CB86AFC4430116065995279A ] SymNetS C:\Windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS 11:32:42.0970 3776 SymNetS - ok 11:32:43.0016 3776 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 11:32:43.0094 3776 SysMain - ok 11:32:43.0094 3776 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 11:32:43.0126 3776 TabletInputService - ok 11:32:43.0141 3776 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 11:32:43.0172 3776 TapiSrv - ok 11:32:43.0266 3776 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 11:32:43.0406 3776 TBS - ok 11:32:43.0484 3776 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 11:32:43.0516 3776 Tcpip - ok 11:32:43.0547 3776 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 11:32:43.0578 3776 TCPIP6 - ok 11:32:43.0594 3776 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 11:32:43.0625 3776 tcpipreg - ok 11:32:43.0656 3776 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 11:32:43.0687 3776 TDPIPE - ok 11:32:43.0703 3776 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 11:32:43.0718 3776 TDTCP - ok 11:32:43.0750 3776 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 11:32:43.0781 3776 tdx - ok 11:32:43.0796 3776 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 11:32:43.0812 3776 TermDD - ok 11:32:43.0843 3776 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 11:32:43.0890 3776 TermService - ok 11:32:43.0906 3776 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 11:32:43.0906 3776 Themes - ok 11:32:43.0937 3776 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 11:32:43.0952 3776 THREADORDER - ok 11:32:43.0968 3776 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys 11:32:43.0999 3776 TPM - ok 11:32:44.0030 3776 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 11:32:44.0062 3776 TrkWks - ok 11:32:44.0108 3776 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 11:32:44.0124 3776 TrustedInstaller - ok 11:32:44.0140 3776 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 11:32:44.0171 3776 tssecsrv - ok 11:32:44.0218 3776 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 11:32:44.0233 3776 TsUsbFlt - ok 11:32:44.0249 3776 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 11:32:44.0249 3776 TsUsbGD - ok 11:32:44.0264 3776 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 11:32:44.0311 3776 tunnel - ok 11:32:44.0327 3776 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 11:32:44.0327 3776 uagp35 - ok 11:32:44.0358 3776 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 11:32:44.0389 3776 udfs - ok 11:32:44.0420 3776 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 11:32:44.0467 3776 UI0Detect - ok 11:32:44.0498 3776 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 11:32:44.0514 3776 uliagpkx - ok 11:32:44.0530 3776 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 11:32:44.0561 3776 umbus - ok 11:32:44.0576 3776 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 11:32:44.0608 3776 UmPass - ok 11:32:44.0686 3776 [ A0153CC9D28568A10BDAEE5EC612CFC8 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 11:32:44.0717 3776 UNS - ok 11:32:44.0748 3776 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 11:32:44.0795 3776 upnphost - ok 11:32:44.0842 3776 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 11:32:44.0842 3776 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning 11:32:44.0842 3776 USBAAPL64 - detected UnsignedFile.Multi.Generic (1) 11:32:44.0873 3776 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 11:32:44.0904 3776 usbccgp - ok 11:32:44.0935 3776 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 11:32:44.0951 3776 usbcir - ok 11:32:44.0966 3776 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 11:32:44.0998 3776 usbehci - ok 11:32:45.0013 3776 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 11:32:45.0044 3776 usbhub - ok 11:32:45.0044 3776 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 11:32:45.0076 3776 usbohci - ok 11:32:45.0091 3776 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 11:32:45.0107 3776 usbprint - ok 11:32:45.0138 3776 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 11:32:45.0154 3776 usbscan - ok 11:32:45.0169 3776 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:32:45.0185 3776 USBSTOR - ok 11:32:45.0200 3776 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 11:32:45.0216 3776 usbuhci - ok 11:32:45.0232 3776 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 11:32:45.0247 3776 usbvideo - ok 11:32:45.0263 3776 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 11:32:45.0294 3776 UxSms - ok 11:32:45.0310 3776 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 11:32:45.0325 3776 VaultSvc - ok 11:32:45.0341 3776 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 11:32:45.0356 3776 vdrvroot - ok 11:32:45.0372 3776 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 11:32:45.0419 3776 vds - ok 11:32:45.0434 3776 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 11:32:45.0450 3776 vga - ok 11:32:45.0466 3776 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 11:32:45.0512 3776 VgaSave - ok 11:32:45.0528 3776 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 11:32:45.0544 3776 vhdmp - ok 11:32:45.0559 3776 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 11:32:45.0575 3776 viaide - ok 11:32:45.0606 3776 [ 8793B8146F58D54D07245CE5F722DA93 ] vm331avs C:\Windows\system32\Drivers\vm331avs.sys 11:32:45.0637 3776 vm331avs - ok 11:32:45.0668 3776 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 11:32:45.0668 3776 volmgr - ok 11:32:45.0700 3776 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 11:32:45.0700 3776 volmgrx - ok 11:32:45.0731 3776 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 11:32:45.0731 3776 volsnap - ok 11:32:45.0762 3776 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 11:32:45.0762 3776 vsmraid - ok 11:32:45.0824 3776 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 11:32:45.0918 3776 VSS - ok 11:32:45.0965 3776 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 11:32:46.0027 3776 vwifibus - ok 11:32:46.0043 3776 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 11:32:46.0074 3776 vwififlt - ok 11:32:46.0105 3776 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 11:32:46.0136 3776 W32Time - ok 11:32:46.0168 3776 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 11:32:46.0183 3776 WacomPen - ok 11:32:46.0214 3776 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 11:32:46.0277 3776 WANARP - ok 11:32:46.0277 3776 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 11:32:46.0308 3776 Wanarpv6 - ok 11:32:46.0355 3776 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 11:32:46.0433 3776 wbengine - ok 11:32:46.0448 3776 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 11:32:46.0464 3776 WbioSrvc - ok 11:32:46.0480 3776 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 11:32:46.0511 3776 wcncsvc - ok 11:32:46.0526 3776 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 11:32:46.0542 3776 WcsPlugInService - ok 11:32:46.0573 3776 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 11:32:46.0589 3776 Wd - ok 11:32:46.0604 3776 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 11:32:46.0620 3776 Wdf01000 - ok 11:32:46.0636 3776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 11:32:46.0651 3776 WdiServiceHost - ok 11:32:46.0667 3776 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 11:32:46.0667 3776 WdiSystemHost - ok 11:32:46.0698 3776 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 11:32:46.0745 3776 WebClient - ok 11:32:46.0760 3776 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 11:32:46.0792 3776 Wecsvc - ok 11:32:46.0807 3776 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 11:32:46.0838 3776 wercplsupport - ok 11:32:46.0870 3776 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 11:32:46.0901 3776 WerSvc - ok 11:32:46.0916 3776 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 11:32:46.0948 3776 WfpLwf - ok 11:32:46.0963 3776 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 11:32:46.0963 3776 WIMMount - ok 11:32:46.0994 3776 WinDefend - ok 11:32:46.0994 3776 WinHttpAutoProxySvc - ok 11:32:47.0057 3776 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 11:32:47.0104 3776 Winmgmt - ok 11:32:47.0166 3776 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 11:32:47.0260 3776 WinRM - ok 11:32:47.0306 3776 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 11:32:47.0353 3776 Wlansvc - ok 11:32:47.0416 3776 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 11:32:47.0431 3776 wlcrasvc - ok 11:32:47.0509 3776 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:32:47.0603 3776 wlidsvc - ok 11:32:47.0634 3776 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 11:32:47.0665 3776 WmiAcpi - ok 11:32:47.0696 3776 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 11:32:47.0712 3776 wmiApSrv - ok 11:32:47.0759 3776 WMPNetworkSvc - ok 11:32:47.0790 3776 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 11:32:47.0806 3776 WPCSvc - ok 11:32:47.0837 3776 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 11:32:47.0852 3776 WPDBusEnum - ok 11:32:47.0868 3776 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 11:32:47.0899 3776 ws2ifsl - ok 11:32:47.0946 3776 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 11:32:47.0993 3776 wscsvc - ok 11:32:47.0993 3776 WSearch - ok 11:32:48.0040 3776 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys 11:32:48.0040 3776 wsvd - ok 11:32:48.0118 3776 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 11:32:48.0180 3776 wuauserv - ok 11:32:48.0211 3776 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 11:32:48.0242 3776 WudfPf - ok 11:32:48.0274 3776 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 11:32:48.0320 3776 WUDFRd - ok 11:32:48.0336 3776 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 11:32:48.0367 3776 wudfsvc - ok 11:32:48.0383 3776 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 11:32:48.0414 3776 WwanSvc - ok 11:32:48.0445 3776 [ D65B42FBF19C676AA01AE95EC62F7764 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe 11:32:48.0461 3776 ZAtheros Bt&Wlan Coex Agent - ok 11:32:48.0476 3776 ================ Scan global =============================== 11:32:48.0508 3776 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 11:32:48.0523 3776 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 11:32:48.0539 3776 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 11:32:48.0554 3776 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 11:32:48.0570 3776 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 11:32:48.0586 3776 [Global] - ok 11:32:48.0586 3776 ================ Scan MBR ================================== 11:32:48.0586 3776 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 11:32:48.0913 3776 \Device\Harddisk0\DR0 - ok 11:32:48.0913 3776 ================ Scan VBR ================================== 11:32:48.0913 3776 [ 5D83D5E8A2497396C626210A37F970B9 ] \Device\Harddisk0\DR0\Partition1 11:32:48.0913 3776 \Device\Harddisk0\DR0\Partition1 - ok 11:32:48.0944 3776 [ 565826CEC92806259E0857FB1D561894 ] \Device\Harddisk0\DR0\Partition2 11:32:48.0944 3776 \Device\Harddisk0\DR0\Partition2 - ok 11:32:48.0991 3776 [ 7CDD9F6BAC63C58B4537645D2CF589FC ] \Device\Harddisk0\DR0\Partition3 11:32:48.0991 3776 \Device\Harddisk0\DR0\Partition3 - ok 11:32:48.0991 3776 ============================================================ 11:32:48.0991 3776 Scan finished 11:32:48.0991 3776 ============================================================ 11:32:49.0007 2596 Detected object count: 1 11:32:49.0007 2596 Actual detected object count: 1 11:33:14.0825 2596 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user 11:33:14.0825 2596 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 11:34:16.0461 1172 Deinitialize success Grüße, RayRay |
07.04.2013, 22:14 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava entfernen Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2013, 09:05 | #8 |
| Trojan.Maljava entfernen Hallo cosinus, hier das logfile von Combofix: Code:
ATTFilter ComboFix 13-04-08.01 - Martin 08.04.2013 9:38.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6046.4471 [GMT 2:00] ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Setup.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-03-08 bis 2013-04-08 )))))))))))))))))))))))))))))) . . 2013-04-08 07:43 . 2013-04-08 07:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-04-08 07:43 . 2013-04-08 07:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-04 15:31 . 2013-04-04 15:31 -------- d-----w- c:\users\Martin\AppData\Roaming\Malwarebytes 2013-04-04 15:30 . 2013-04-04 15:30 -------- d-----w- c:\programdata\Malwarebytes 2013-04-04 15:30 . 2013-04-04 15:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-04-04 15:30 . 2012-12-14 14:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-28 11:03 . 2013-03-28 11:03 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-03-28 11:03 . 2013-03-28 11:03 -------- d-----w- c:\program files\iTunes 2013-03-28 11:03 . 2013-03-28 11:03 -------- d-----w- c:\program files (x86)\iTunes 2013-03-28 11:03 . 2013-03-28 11:03 -------- d-----w- c:\program files\iPod 2013-03-23 12:39 . 2013-03-23 12:39 -------- d-----w- c:\users\Martin\AppData\Local\Downloaded Installations 2013-03-13 11:26 . 2013-03-13 11:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-13 11:26 . 2013-03-13 11:26 -------- d-----w- c:\program files (x86)\Java . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 12:42 . 2012-09-05 18:31 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 12:42 . 2012-09-05 18:31 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 11:26 . 2012-09-13 09:01 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-13 11:26 . 2012-09-13 09:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-03-04 07:54 . 2013-03-01 20:33 88480 ----a-w- c:\windows\system32\drivers\atksgt.sys 2013-03-04 07:54 . 2013-03-01 20:33 46400 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2013-01-31 03:18 . 2013-02-27 14:20 432800 ----a-w- c:\windows\system32\drivers\NISx64\1403000.024\symnets.sys 2013-01-31 03:18 . 2013-02-27 14:20 1139800 ----a-w- c:\windows\system32\drivers\NISx64\1403000.024\symefa64.sys 2013-01-29 01:45 . 2013-02-27 14:20 796248 ----a-w- c:\windows\system32\drivers\NISx64\1403000.024\srtsp64.sys 2013-01-29 01:45 . 2013-02-27 14:20 36952 ----a-w- c:\windows\system32\drivers\NISx64\1403000.024\srtspx64.sys 2013-01-22 02:15 . 2013-02-27 14:20 493656 ----a-w- c:\windows\system32\drivers\NISx64\1403000.024\symds64.sys 2012-08-13 09:09 . 2012-08-13 09:09 3166208 ----a-w- c:\program files (x86)\openofficeorg341.msi . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-17 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-12-12 163000] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] . c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-11-15 313960] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840] R4 DamageGuard;DamageGuard;c:\windows\system32\DRIVERS\DamageGuardX64.sys [2012-02-10 217392] R4 DamageGuardSvc;Lenovo Instant Reset Service;c:\program files\Lenovo\Instant Reset\DamageGuardSvc.exe [2012-03-26 572976] R4 dgFltr;dgFltr;c:\windows\system32\drivers\dgFltrX64.sys [2011-12-13 23648] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2012-07-17 57952] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2012-07-17 39008] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-03 30056] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1403000.024\SYMDS64.SYS [2013-01-22 493656] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS [2013-01-31 1139800] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [2013-03-22 1387608] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2012-07-17 13408] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1403000.024\ccSetx64.sys [2012-11-16 168096] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130405.001\IDSvia64.sys [2012-11-20 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1403000.024\Ironx64.SYS [2012-11-16 224416] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS [2013-01-31 432800] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-04-28 119424] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-28 161560] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe [2012-12-24 144520] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800] S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-04-28 163456] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2012-07-17 30816] S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-04-28 36480] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-04-28 341120] S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-04-28 111232] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-04-28 30848] S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-04-28 168064] S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-04-28 68736] S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-04-28 281472] S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-04-28 550528] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-07 138912] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2012-01-15 208168] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-03-02 104048] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2011-12-06 952832] . . Inhalt des "geplante Tasks" Ordners . 2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-05 12:42] . 2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 10:51] . 2013-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-17 10:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2012-07-17 10:51 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "lxczbmgr.exe"="c:\program files (x86)\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.3.0.36\diMaster.dll\" /prefetch:1" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-04-08 09:44:51 ComboFix-quarantined-files.txt 2013-04-08 07:44 . Vor Suchlauf: 18 Verzeichnis(se), 384.564.162.560 Bytes frei Nach Suchlauf: 26 Verzeichnis(se), 385.553.440.768 Bytes frei . - - End Of File - - 0A5D4063A89E10797A084CB83E0F3A79 |
08.04.2013, 11:20 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava entfernen JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2013, 12:07 | #10 |
| Trojan.Maljava entfernen Hallo cosinus, bevor ich etwas falschmache, was meinst du mit Schutzsoftware beenden? NIS deaktivieren? |
08.04.2013, 13:01 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava entfernen Ja genau das
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2013, 15:10 | #12 |
| Trojan.Maljava entfernen Hier die Logs. JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.3 (04.05.2013:1) OS: Windows 7 Home Premium x64 Ran by Martin on 08.04.2013 at 14:59:53,65 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\softonic Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_current_user\software\pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files Successfully deleted: [File] C:\Windows\syswow64\shoFE2C.tmp ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\partner" Successfully deleted: [Folder] "C:\Users\Martin\AppData\Roaming\pdfforge" Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{0036C2C3-70AC-4ABB-BCB8-02B45CB0B425} Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{6F2B2263-6DB0-495D-9DB2-DE1F4F6A39F4} Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{86766BCB-2AE2-4DD6-A642-79B32537882B} Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{8760C4DC-A3E7-4A04-8000-87EAFB406DCB} Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{8A472A4F-B58D-488D-BA02-11053B7DA278} Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{CDE3B735-CFED-4F64-856E-D805CBDEA173} Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{F58D7247-6782-47ED-B4E2-50867ED7C493} ~~~ FireFox Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\pyknee2k.default\minidumps [769 files] Code:
ATTFilter # AdwCleaner v2.200 - Datei am 08/04/2013 um 15:15:46 erstellt # Aktualisiert am 02/04/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Martin - MARTIN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16455 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0.2 (de) Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [729 octets] - [08/04/2013 15:15:46] ########## EOF - C:\AdwCleaner[S1].txt - [788 octets] ########## Code:
ATTFilter OTL logfile created on: 08.04.2013 15:50:36 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,90 Gb Total Physical Memory | 4,46 Gb Available Physical Memory | 75,59% Memory free 11,81 Gb Paging File | 10,34 Gb Available in Paging File | 87,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 420,56 Gb Total Space | 358,64 Gb Free Space | 85,28% Space Free | Partition Type: NTFS Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,30% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Martin\Desktop\OTL(1).exe (OldTimer Tools) PRC - C:\Programme\Lenovo\Lenovo Solution Center\LSC.exe () PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe (Lexmark International, Inc.) PRC - C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe (Lexmark International, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Lenovo\Lenovo Solution Center\LSC.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.0.36\wincfi39.dll () ========== Services (SafeList) ========== SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.) SRV:64bit: - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (DamageGuardSvc) -- C:\Programme\Lenovo\Instant Reset\DamageGuardSvc.exe (Lenovo (Beijing) Limited) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxcz_device) -- C:\Windows\SysWOW64\lxczcoms.exe ( ) ========== Driver Services (SafeList) ========== DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (fbfmon) -- C:\Windows\SysNative\drivers\fbfmon.sys (Lenovo) DRV:64bit: - (BPntDrv) -- C:\Windows\SysNative\drivers\BPntDrv.sys (Lenovo) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (DamageGuard) -- C:\Windows\SysNative\drivers\DamageGuardX64.sys (Lenovo) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (dgFltr) -- C:\Windows\SysNative\drivers\dgfltrX64.sys (Lenovo) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (vm331avs) -- C:\Windows\SysNative\drivers\vm331avs.sys (Vimicro Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130407.007\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130407.007\eng64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130405.001\IDSviA64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3635778213-168865323-624169720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8 IE - HKU\S-1-5-21-3635778213-168865323-624169720-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3635778213-168865323-624169720-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_deDE500 IE - HKU\S-1-5-21-3635778213-168865323-624169720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3635778213-168865323-624169720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.08 15:19:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.11.21 17:37:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 20:22:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.11 20:22:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.07 10:36:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Extensions [2013.04.03 19:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\extensions [2013.04.03 19:33:57 | 000,492,403 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\pyknee2k.default\extensions\toolbar@gmx.net.xpi [2013.03.11 20:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.11 20:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions [2013.03.11 20:22:45 | 000,000,000 | ---D | M] (GMX MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net [2013.03.11 20:22:48 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.25 00:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.25 00:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.25 00:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.25 00:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.25 00:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.25 00:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.08 09:43:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3635778213-168865323-624169720-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3635778213-168865323-624169720-1000..\Run: [Power2GoExpress] NA File not found O4 - HKU\S-1-5-21-3635778213-168865323-624169720-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3635778213-168865323-624169720-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3635778213-168865323-624169720-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3635778213-168865323-624169720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3635778213-168865323-624169720-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3635778213-168865323-624169720-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B87CAA2-CB41-4A54-8349-FA671B455907}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC8E8541-F012-4A4C-AB3E-F0818F7FFBDD}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.08 15:47:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL(1).exe [2013.04.08 14:59:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.08 14:59:40 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.08 14:54:43 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Martin\Desktop\JRT.exe [2013.04.08 09:49:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.08 09:44:53 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.08 09:36:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.08 09:36:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.08 09:36:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.08 09:29:26 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.08 09:28:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.08 09:23:17 | 005,048,507 | R--- | C] (Swearware) -- C:\Users\Martin\Desktop\ComboFix.exe [2013.04.07 11:25:46 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Martin\Desktop\tdsskiller.exe [2013.04.07 11:01:10 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Martin\Desktop\aswMBR.exe [2013.04.07 10:41:49 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\mbar [2013.04.05 17:44:51 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.04.04 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes [2013.04.04 17:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.04 17:30:36 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.04 17:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.04 17:26:03 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Martin\Desktop\mbam-setup-1-70-0-1100.exe [2013.03.28 13:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.03.28 13:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.03.23 14:39:43 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Downloaded Installations [2013.03.13 13:26:40 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.13 13:26:13 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.13 13:26:13 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.13 13:26:13 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.13 13:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.11 20:22:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.08 15:47:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL(1).exe [2013.04.08 15:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.08 15:26:10 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.08 15:25:10 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.08 15:25:10 | 000,031,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.08 15:23:55 | 000,170,028 | ---- | M] () -- C:\Windows\SysNative\fastboot.set [2013.04.08 15:23:25 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.08 15:21:59 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.08 15:21:59 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.08 15:21:59 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.08 15:21:59 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.08 15:21:59 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.08 15:17:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.08 15:17:32 | 460,079,103 | -HS- | M] () -- C:\hiberfil.sys [2013.04.08 15:13:23 | 000,613,083 | ---- | M] () -- C:\Users\Martin\Desktop\adwcleaner.exe [2013.04.08 14:54:43 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Martin\Desktop\JRT.exe [2013.04.08 09:43:11 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.08 09:23:46 | 005,048,507 | R--- | M] (Swearware) -- C:\Users\Martin\Desktop\ComboFix.exe [2013.04.07 11:25:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Martin\Desktop\tdsskiller.exe [2013.04.07 11:23:36 | 000,000,512 | ---- | M] () -- C:\Users\Martin\Desktop\MBR.dat [2013.04.07 11:02:34 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Martin\Desktop\aswMBR.exe [2013.04.05 17:44:33 | 1126,695,803 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.05 17:15:44 | 000,377,856 | ---- | M] () -- C:\Users\Martin\Desktop\gmer_2.1.19163.exe [2013.04.05 16:54:04 | 000,000,000 | ---- | M] () -- C:\Users\Martin\defogger_reenable [2013.04.04 17:26:31 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Martin\Desktop\mbam-setup-1-70-0-1100.exe [2013.03.30 14:08:22 | 000,002,726 | ---- | M] () -- C:\Users\Martin\AppData\Local\recently-used.xbel [2013.03.28 13:03:50 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.19 11:45:40 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk [2013.03.13 14:42:07 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 14:42:07 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.13 13:26:07 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.13 13:26:06 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.13 13:26:06 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.13 13:26:06 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.13 13:26:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.13 13:26:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.08 15:13:18 | 000,613,083 | ---- | C] () -- C:\Users\Martin\Desktop\adwcleaner.exe [2013.04.08 09:36:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.08 09:36:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.08 09:36:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.08 09:36:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.08 09:36:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.07 11:23:36 | 000,000,512 | ---- | C] () -- C:\Users\Martin\Desktop\MBR.dat [2013.04.05 17:44:33 | 1126,695,803 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.05 17:15:43 | 000,377,856 | ---- | C] () -- C:\Users\Martin\Desktop\gmer_2.1.19163.exe [2013.04.05 16:54:04 | 000,000,000 | ---- | C] () -- C:\Users\Martin\defogger_reenable [2013.03.30 14:08:22 | 000,002,726 | ---- | C] () -- C:\Users\Martin\AppData\Local\recently-used.xbel [2013.03.28 13:03:50 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.19 11:45:40 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk [2012.10.10 03:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 03:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 03:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.09.18 15:01:10 | 000,000,100 | ---- | C] () -- C:\Windows\Lexstat.ini [2012.09.18 15:00:27 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll [2012.09.18 15:00:27 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll [2012.09.18 15:00:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll [2012.09.18 15:00:27 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll [2012.09.18 15:00:27 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll [2012.09.18 15:00:27 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll [2012.09.18 15:00:27 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll [2012.09.18 15:00:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe [2012.09.18 15:00:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll [2012.09.18 15:00:26 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll [2012.09.18 15:00:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll [2012.09.18 15:00:26 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll [2012.09.18 15:00:26 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe [2012.09.18 15:00:26 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll [2012.09.18 15:00:26 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe [2012.09.18 15:00:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe [2012.09.18 15:00:26 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll [2012.09.18 13:43:31 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\LXCZhcp.dll [2012.09.18 12:53:00 | 000,014,355 | ---- | C] () -- C:\Users\Martin\Ihre+Retourenmarke.pdf [2012.09.05 19:43:56 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.09.05 19:39:21 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.08.13 11:11:02 | 141,421,187 | ---- | C] () -- C:\Program Files (x86)\openofficeorg1.cab [2012.08.13 11:09:30 | 003,166,208 | ---- | C] () -- C:\Program Files (x86)\openofficeorg341.msi [2012.08.13 11:09:30 | 000,000,294 | ---- | C] () -- C:\Program Files (x86)\setup.ini [2012.07.17 12:51:27 | 002,086,240 | ---- | C] () -- C:\Windows\SysWow64\LenovoVeriface.Interface.dll [2012.07.17 12:51:27 | 001,500,512 | ---- | C] () -- C:\Windows\SysWow64\Apblend.dll [2012.07.17 12:51:27 | 001,171,456 | ---- | C] () -- C:\Windows\SysWow64\PicNotify.dll [2012.07.17 12:51:27 | 000,472,416 | ---- | C] () -- C:\Windows\SysWow64\Lenovo.VerifaceStub.dll [2012.07.17 12:51:13 | 001,044,480 | ---- | C] () -- C:\Windows\SysWow64\3DImageRenderer.dll [2012.07.17 12:38:04 | 000,001,822 | ---- | C] () -- C:\Windows\vm331Rmv.ini [2012.07.17 12:38:04 | 000,001,822 | ---- | C] () -- C:\Windows\SysWow64\vm331Rmv.ini [2012.05.16 07:26:34 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.05.16 07:26:21 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.04.2013 15:50:36 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,90 Gb Total Physical Memory | 4,46 Gb Available Physical Memory | 75,59% Memory free 11,81 Gb Paging File | 10,34 Gb Available in Paging File | 87,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 420,56 Gb Total Space | 358,64 Gb Free Space | 85,28% Space Free | Partition Type: NTFS Drive D: | 25,47 Gb Total Space | 22,23 Gb Free Space | 87,30% Space Free | Partition Type: NTFS Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-3635778213-168865323-624169720-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{10E951EE-1A4C-45A7-8E3B-BB575D0D5BC8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1D611797-E240-472F-A726-9B5946CA5AB4}" = rport=10243 | protocol=6 | dir=out | app=system | "{203B2945-828F-43B7-AA70-85B401A2F877}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{28FA5232-67DC-4E21-BF71-11972EFD560E}" = lport=137 | protocol=17 | dir=in | app=system | "{2C466446-62AD-4664-B045-AA06814C5033}" = lport=138 | protocol=17 | dir=in | app=system | "{334186AD-6648-4F0B-8F89-EB9132C0224D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{3A1AF9C7-0042-4B30-92EB-1AE214D26F5A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{3F154DF7-8C0A-4B82-9109-426B3DF3C901}" = lport=445 | protocol=6 | dir=in | app=system | "{4ACF28BC-79E3-4A05-8AC9-1D74E43DFA77}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4DD4B301-8B5C-4ADF-8C2E-A78678623F73}" = lport=2869 | protocol=6 | dir=in | app=system | "{4EA44185-E73F-4232-939D-C8793ADDB080}" = rport=137 | protocol=17 | dir=out | app=system | "{5518F040-CD4A-4852-B766-B7FBB5014484}" = lport=139 | protocol=6 | dir=in | app=system | "{6C1C5B9E-976D-44C1-9779-2CF462096F8A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E5D6A6E-C027-4478-A73A-6CC1A501F0C6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{741621B8-1607-403A-942B-A8DED66E97EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7B040E3F-586C-4272-9226-E9674A7FCB57}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8B5B31A1-B3DA-46B0-AF5F-618C1C031CA2}" = rport=445 | protocol=6 | dir=out | app=system | "{925E65CC-3B6E-4387-8B28-1F0A19E12C9D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9EFD0C8C-145F-448F-BBC4-2F7E66E6224E}" = rport=139 | protocol=6 | dir=out | app=system | "{A056F21F-AA69-4032-BABA-CC3C89D64D71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A4BEF393-8290-474A-A484-D9AE19ADCC82}" = rport=138 | protocol=17 | dir=out | app=system | "{BE576647-1775-42D3-B1DF-19E4C9510882}" = lport=10243 | protocol=6 | dir=in | app=system | "{ECFEA22A-065E-4B50-B509-6483148FC81B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{027C69BC-935C-4832-A0B1-40A4B7C4FDF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{16837B5B-BEDE-434A-8355-215E3DFA08D6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2506B921-FB5F-4A6B-8742-EC65DD4EE4A6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{2642E0A8-5575-41A5-86B9-91F2A2788A79}" = protocol=6 | dir=out | app=system | "{2C59C436-EB0D-4C11-B397-9F9B94F1F11C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2F6230D5-F6E1-4CD6-BE4F-C3C33F49F425}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{36E6A2EC-576F-47FA-AE68-103F14B2FFCB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{376EEE4A-8DE4-4790-B3C1-DA142159E957}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | "{3C342F44-7151-4544-A185-8257AD0CA3E3}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{41BCE86A-5B6F-4C66-AA8F-843F1FDE72B2}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxczcoms.exe | "{4D46AB94-9CA4-4F4A-9E7D-D8394578668D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5000343C-4F9F-416D-B142-7185D4372E07}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5DB19B99-0CC9-431F-AEB1-1F416D7F661D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7933D7F9-1602-478C-A4CD-34C3410D0E8C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe | "{895F9FE4-0EF5-4EA2-81CB-79850C12F57A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{92F84294-87CD-47E1-83C9-92B1E189F8C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9640BA75-9A3B-4256-97FE-AA4B81BFDFD3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{995E25AB-22B3-48DA-8703-8511BB4C97E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9F462710-9973-49CB-BC79-FB232D32E256}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A1103C22-7BCF-4C17-9231-85296DA26A0B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AFCA3A04-FB81-4827-8F0F-C796CC1F1590}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B2BFE2FF-D43F-46B2-B241-EF724C732C54}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | "{B78138EA-0700-487D-A0BA-A2EC451C687B}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxczcoms.exe | "{B9D2F344-FC79-4C82-AD58-4E9F4A5213EF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C1FB643F-1798-489B-A99B-33F0AE480695}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CA303667-69DB-43FE-A8B6-2835852380F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CF350A99-6F22-44F2-8B45-00FD23BC6192}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D648074F-1062-4EA7-A55A-DDD67510AA77}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D90F181B-0669-4E51-A4B1-A9CA0CA55CC0}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxczpswx.exe | "{E5C5B5D4-78D1-46A0-939D-0FF164AF3620}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E92028CE-D54D-411C-81E1-94B496E21E90}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F08BD6FE-1D70-4980-8A78-71C19E152C4E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F73014D9-F302-48DF-BF18-7205AD200668}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FEADC0B0-5282-4683-AB46-0B6FF509C91F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64) "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "{5DEFFC02-063C-4781-A371-077729F869B4}" = Lenovo Solution Center "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "99841829BE839365AA67B2AD0E50D371F59F8A1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) "CNXT_AUDIO_HDA" = Conexant HD Audio "Elantech" = Lenovo pointing device "GIMP-2_is1" = GIMP 2.8.2 "Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer "Lexmark 1200 Series" = Lexmark 1200 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN Client Installation Program "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{39C4C6DE-641B-483F-B875-2AEDF0FB85CA}_is1" = Rampant Logic Postscript Viewer 1.1 "{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Geheimakte Tunguska "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR "{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}" = Lenovo EasyCamera "{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2 "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Deponia" = Deponia "FormatFactory" = FormatFactory 3.0.1 "Google Chrome" = Google Chrome "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery "InstallShield_{AF192694-4B15-4AC1-92F3-1B02E98C08BD}" = LockKey "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Qt Eclipse Integration 1.6.1 - C:_Users_Martin_Documents_eclipse-cpp-juno-SR1-win32" = Qt Eclipse Integration 1.6.1 "Qt OpenSource 4.8.3 - C:_Qt_4.8.3" = Qt OpenSource 4.8.3 "VeriFace" = VeriFace "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 08.04.2013 09:09:30 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 08.04.2013 09:19:22 | Computer Name = Martin-PC | Source = WinMgmt | ID = 10 Description = Error - 08.04.2013 09:27:53 | Computer Name = Martin-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt. [ System Events ] Error - 08.04.2013 09:10:13 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 08.04.2013 09:10:13 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error - 08.04.2013 09:20:03 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7038 Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error - 08.04.2013 09:20:03 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 < End of report > |
08.04.2013, 15:50 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava entfernen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2013, 18:30 | #14 |
| Trojan.Maljava entfernen Und hier die logs: malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.08.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Martin :: MARTIN-PC [Administrator] 08.04.2013 17:17:00 mbam-log-2013-04-08 (17-17-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 235052 Laufzeit: 2 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=5ea406b88a9feb4586758e9969a8a2af # engine=13575 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-04-08 05:22:05 # local_time=2013-04-08 07:22:05 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=3591 16777213 100 91 466533 128038310 0 0 # compatibility_mode=5893 16776574 100 94 18409099 117071575 0 0 # scanned=192888 # found=0 # cleaned=0 # scan_time=6801 |
08.04.2013, 21:22 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojan.Maljava entfernen Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Trojan.Maljava entfernen |
compu, computer, entdeck, entdeckt, entferne, entfernen, entgültig, gültig, hänge, maljava, norton, schonmal, schädling, troja, trojan.maljava, trojaner, zu lang, zusammen |