| |
| |||||||
Log-Analyse und Auswertung: Avast free Blockiert bei jedem Systemstart MalewareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.05.2013, 12:45
| #1 |
 |  Avast free Blockiert bei jedem Systemstart Maleware Hallo Zusammen, seit ein paar Tagen Meldet mein Avast free bei jedem Sytemstart "Maleware Blockiert, Dateischutz hat eine Bedrohung blockiert. Keine Aktion erforderlich. Objekt ist immer im Verzeichniss c:\Users\*****\AppData\Local\Temp\......... .dll Infektion: Win32:Maleware-gen Aktion: In Container verschoben Prozess: c:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe Quick Scann mit Avast kein Ergebnis Full Scann mit Avast kein Ergebnis Scann mit Malewarebyts kein Ergebniss Startzeit Überprüfung mit Avast 7 Infizierte Dateien Erneute Startzeit Überprüfung 0 Infizierte Dateien Bei jedem System Start wird weiter die oben genannte Wanrung angezeigt. Log Avast: Code:
ATTFilter 05/11/2013 09:06
Prüfung aller lokalen Laufwerke
Datei C:\Users\********\AppData\LocalLow\Google\GoogleEarth\webdata\f_000037|>sk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\********\AppData\LocalLow\Google\GoogleEarth\webdata\f_000091|>th.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\********\AppData\LocalLow\Google\GoogleEarth\webdata\f_00013b|>uk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\********\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\290998b-25bb8581|>hw.class ist infiziert von Java:Agent-DCL [Trj], In Container verschoben
Datei C:\Users\********\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\290998b-25bb8581|>Suburb02.class ist infiziert von Java:Agent-DOB [Trj], In Container verschoben
Datei C:\Users\********\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\290998b-25bb8581|>Suburb04.class ist infiziert von Java:Agent-DFP [Trj], In Container verschoben
Datei C:\Users\********\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\46b81dbd-5a04177a|>Float010.class ist infiziert von Java:Malware-gen [Trj], In Container verschoben
Datei C:\Users\********\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\46b81dbd-5a04177a|>Float02.class ist infiziert von Java:Agent-DOB [Trj], In Container verschoben
Datei C:\Users\********\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\46b81dbd-5a04177a|>Float04.class ist infiziert von Java:Agent-DFP [Trj], In Container verschoben
Datei C:\Users\********\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\46b81dbd-5a04177a|>Float05.class ist infiziert von Java:Agent-DNQ [Trj], In Container verschoben
Anzahl durchsuchter Ordner: 27103
Anzahl der geprüften Dateien: 686802
Anzahl infizierter Dateien: 7
----------------------------------------
05/11/2013 10:23
Prüfung aller lokalen Laufwerke
Datei C:\Users\********\AppData\LocalLow\Google\GoogleEarth\webdata\f_000037|>sk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\********\AppData\LocalLow\Google\GoogleEarth\webdata\f_000091|>th.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Users\********\AppData\LocalLow\Google\GoogleEarth\webdata\f_00013b|>uk.kml Fehler 42125 {ZIP-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 27104
Anzahl der geprüften Dateien: 686815
Anzahl infizierter Dateien: 0
Log Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:47 on 11/05/2013 (*******)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 11.05.2013 11:52:23 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*********\Desktop\Vierus 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,66% Memory free 7,89 Gb Paging File | 6,34 Gb Available in Paging File | 80,39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 654,69 Gb Total Space | 597,10 Gb Free Space | 91,20% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,47 Gb Free Space | 91,29% Space Free | Partition Type: NTFS Computer Name: ******* | User Name: ********** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.11 11:51:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**********\Desktop\Vierus\OTL.exe PRC - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.02.07 19:37:03 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.05.04 07:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.08.25 13:38:43 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe PRC - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.02.18 10:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.14 20:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2007.08.31 20:49:58 | 000,498,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2007.08.31 19:43:32 | 000,907,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll MOD - [2013.02.15 17:39:15 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.15 17:17:31 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll MOD - [2013.01.21 22:18:03 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll MOD - [2013.01.21 21:50:28 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll MOD - [2013.01.21 21:50:22 | 001,812,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.21 10:53:19 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7b0ad24d45e2a3f5f54f5f71748d8545\IAStorUtil.ni.dll MOD - [2013.01.21 10:53:19 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8c4058d017d39a61458f635112f4e394\IAStorCommon.ni.dll MOD - [2013.01.21 10:05:51 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.21 10:05:27 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.21 10:05:17 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.21 10:05:13 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.21 10:05:11 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.21 10:05:10 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.21 10:05:06 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.21 09:43:58 | 018,022,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.21 09:43:47 | 011,522,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.21 09:43:40 | 007,070,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.21 09:43:39 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.21 09:43:36 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.21 09:43:35 | 003,883,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.21 09:43:32 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.01.21 09:43:32 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll MOD - [2013.01.21 09:43:31 | 009,095,168 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.21 09:43:26 | 014,416,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.05.08 18:48:06 | 000,115,137 | ---- | M] () -- C:\Users\*********\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll MOD - [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.08.25 13:38:42 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2011.08.25 04:40:13 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.08.31 18:13:50 | 001,336,600 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.03.25 04:53:28 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.04.12 17:26:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.22 16:09:37 | 002,787,280 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.14 20:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 16:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.08.31 20:49:58 | 000,498,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007.08.31 19:38:24 | 000,599,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.12.20 20:49:21 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011.12.20 20:49:21 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2011.12.20 20:49:21 | 000,229,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011.12.20 20:49:21 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.08.25 13:48:01 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2011.08.25 13:48:00 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2011.08.25 13:45:24 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2011.08.25 13:45:24 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2011.08.25 04:51:53 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.08.25 04:51:53 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.04.08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.26 00:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.25 07:34:40 | 008,284,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.03.25 04:17:36 | 000,296,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.02.14 06:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.12.15 05:13:31 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2010.12.15 05:13:09 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.12.15 05:13:08 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.12.15 05:13:07 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.12.15 05:13:06 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.28 12:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.10.21 08:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.30 10:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=121562&tt=gc_&babsrc=HP_ss&mntrId=7AE13859F9B4C880 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/?rlz=1W4CHBA_deDE534 IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss&mntrId=7AE13859F9B4C880 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2013.05.04 12:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 32 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll File not found O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung) O16 - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab (TS4WCtrl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05064740-15A5-4F0C-A964-9BE85A249434}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8BB9AA0-17CE-44B4-8493-50B3E732CE9C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.11 11:32:39 | 000,000,000 | ---D | C] -- C:\Users\**********\Desktop\Vierus [2013.05.10 19:09:09 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Malwarebytes [2013.05.10 19:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.04 12:50:48 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\searchplugins [2013.05.04 12:50:48 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Extensions [2013.05.04 12:50:48 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013.05.04 12:50:45 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect [2013.05.04 12:50:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.05.04 12:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.04 12:50:24 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Babylon [2013.05.04 12:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.04 12:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.05.04 12:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.04.29 21:32:23 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Wasser [2013.04.23 19:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.11 11:47:32 | 000,000,000 | ---- | M] () -- C:\Users\********\defogger_reenable [2013.05.11 11:46:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.05.11 11:42:01 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.11 11:34:10 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.11 11:34:10 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.11 11:31:17 | 001,507,406 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.05.11 11:31:17 | 000,657,910 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.05.11 11:31:17 | 000,619,146 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.05.11 11:31:17 | 000,131,250 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.05.11 11:31:17 | 000,107,466 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.05.11 11:26:53 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.11 11:26:27 | 000,422,141 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.05.11 11:25:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.05.04 12:50:33 | 000,001,405 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013.05.04 12:50:33 | 000,001,246 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.04.16 20:41:35 | 000,121,163 | ---- | M] () -- C:\Users\***********\Desktop\gw_lh_20130416_2041.pdf [2013.04.16 20:37:44 | 000,110,703 | ---- | M] () -- C:\Users\***********\Desktop\file_download.pdf [2013.04.11 18:35:51 | 000,429,456 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.11 11:47:32 | 000,000,000 | ---- | C] () -- C:\Users\**********\defogger_reenable [2013.04.16 20:41:35 | 000,121,163 | ---- | C] () -- C:\Users\**********\Desktop\gw_lh_20130416_2041.pdf [2013.04.16 20:37:44 | 000,110,703 | ---- | C] () -- C:\Users\**********\Desktop\file_download.pdf [2013.04.14 17:21:03 | 000,001,246 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2012.04.30 12:20:47 | 000,000,071 | ---- | C] () -- C:\windows\KTEL.INI [2012.02.01 20:21:32 | 000,000,017 | ---- | C] () -- C:\Users\**********\AppData\Local\resmon.resmoncfg [2011.12.22 20:35:46 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011.08.25 13:53:59 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin [2011.08.25 13:53:59 | 000,000,512 | ---- | C] () -- C:\windows\current.bin [2011.08.25 13:38:46 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2011.08.25 13:38:46 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2011.08.25 13:38:46 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2011.08.25 13:38:46 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2011.08.25 13:38:41 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2011.08.25 13:28:48 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe [2011.08.25 13:28:48 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe [2011.08.25 13:28:48 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini [2011.08.25 13:28:48 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini [2011.08.25 13:28:48 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini [2011.08.25 13:28:48 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini [2011.08.25 13:24:03 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2011.08.25 13:15:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011.08.25 13:12:34 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2011.08.25 13:09:34 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.08.25 13:07:19 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.08.25 13:07:18 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.08.25 13:07:18 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.03 22:16:45 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Audacity [2013.05.04 12:50:24 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Babylon [2013.05.04 12:50:15 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DVDVideoSoft [2013.02.09 13:31:49 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\DVDVideoSoftIEHelpers [2011.12.19 20:20:52 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\FreePDF [2012.04.30 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\klickTel [2011.12.19 22:21:57 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Leadertech [2013.03.31 15:51:16 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\MyPhoneExplorer [2013.05.04 12:50:15 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\OpenCandy [2011.12.22 22:53:26 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\Samsung [2011.12.30 20:52:18 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\tradesignal [2012.11.12 21:44:26 | 000,000,000 | ---D | M] -- C:\Users\*********\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.05.2013 11:52:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*******\Desktop\Vierus
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,95 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,66% Memory free
7,89 Gb Paging File | 6,34 Gb Available in Paging File | 80,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 654,69 Gb Total Space | 597,10 Gb Free Space | 91,20% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,47 Gb Free Space | 91,29% Space Free | Partition Type: NTFS
Computer Name: ***** | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02291FD7-FAF5-4DAA-BFB3-51823EAE4478}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{065D0592-FB91-4B19-A546-CC39748060CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0BC001B7-E329-4982-9723-21DCAC0BBFF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{152CD893-6060-493C-8ECE-B9C83F14AC05}" = rport=138 | protocol=17 | dir=out | app=system |
"{251FC8E5-7C11-4365-8971-1F0CA3BE24A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2570688F-2EFD-4B3D-AC1B-2568FBD54AC2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2B27276B-DA23-415F-A503-5C2399FB4B2E}" = lport=139 | protocol=6 | dir=in | app=system |
"{32E93EAF-C4BC-4BC0-9B93-E8B7694BE1C9}" = lport=137 | protocol=17 | dir=in | app=system |
"{40C70F53-C93B-49B8-9C02-35DC443BA150}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4230145E-9AF6-483C-8FF0-4760EF1C7996}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AC273D6-8860-4C00-B7DD-7AF717626382}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{626F4C01-4DA3-4408-94A4-90AB879D5D91}" = lport=445 | protocol=6 | dir=in | app=system |
"{69A248A1-E834-46D2-B407-24236E55DBEE}" = lport=138 | protocol=17 | dir=in | app=system |
"{802A9771-F98D-4A7A-A2BB-A2984CCC1663}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{884E968E-5393-4957-ACB9-528F8BB9BC35}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B4EFFFB-21B5-4507-B0B2-F8560D0B43AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97A8D09F-CE4C-4D42-ABED-7CFBB9DA73D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A116CAF7-9D1C-4295-A297-C3407030D8B2}" = rport=445 | protocol=6 | dir=out | app=system |
"{AD0C4BAD-669D-402A-8859-116D9595D41B}" = rport=139 | protocol=6 | dir=out | app=system |
"{BD4F287A-12B4-4265-9C77-73D1C6220FCD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5CD22A0-89E0-4B36-864D-0179282E00AF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D5FE0911-DB45-477C-A3F1-475E604792DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D70DC563-9F60-475A-9B5D-52DD500D28C2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DAC7C608-ACCC-477E-9A97-1BC05C9648F2}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030853E1-E506-4BF5-AF38-D4B94F62AC28}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{15D03F07-DD2C-4D28-9BB7-A881F9E0CDED}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D90719D-AFB3-4B47-88A8-697381FD4C9D}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{2E96A2E7-0631-4F7B-9F4B-12E57D06A6BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{36D92A27-F9E1-4F66-A16A-228BB1BE946B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EB7B052-82AC-4AD9-8633-4E6E28066759}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66EAC6B7-DE0C-4F94-BD75-562470C5CED6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{693F0A8B-A1A3-45B3-A083-63A7E31A7FAB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{6B5C9BDD-B03F-4C8D-B269-4E490393E9C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7160365B-59E1-41DF-A63C-6408868E68C6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{72435825-283C-47AA-85E1-EE4BF187DB0F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F7540FF-5EF1-438F-8005-FA30A0E7F351}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{83D705CF-F255-401C-BC23-5B642FC5EE93}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F3C05CA-4118-451E-AA25-4883BCD06EE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{994B9A94-1117-492D-9F41-242A3C832FA4}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9D2203A0-5584-4E7A-9C3A-728FF2A500B8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9F3EF0F2-0BC1-442F-A8D1-CCCD818FF744}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1816B23-0B7B-4D5B-945D-2D8AF38E04A2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B74360AB-FA2D-496E-8EE8-338F3C76F1A7}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C108B59C-C5A4-4C68-8F7C-AF248F5E8A69}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C18E984A-2F08-44C8-904E-271FA0E409C6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D68FC73E-1106-405D-82D4-E0FCFAC24AF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA51230B-3849-473D-B5C7-6130C32E7497}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DEFCEF62-BDC3-491B-A99D-8492DB7E1592}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EA674F11-681B-4809-AD6B-3C055E6D6460}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0A3E98C-9891-471A-B45B-D3A5FD66A784}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F89DA47C-CFE9-4013-9A25-86C0FA59CD69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8D64205-5F46-4D7B-A0E4-CB83CE2D049E}" = protocol=6 | dir=out | app=system |
"TCP Query User{C9CAC886-97BB-4009-BC98-0B0AD623041A}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{DD94B77C-2A04-426A-BAFE-4F14C0D48B9C}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2A21DA0C-F50D-DF54-70AD-C0826158FBF2}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6502B973-9DB9-683F-2BE3-4B83F54F78FF}" = WMV9/VC-1 Video Playback
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C3E6E2B5-DEB5-235A-4999-4D424C11788B}" = ATI Catalyst Install Manager
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ATI Uninstaller" = ATI Uninstaller
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"GPL Ghostscript 9.04" = GPL Ghostscript
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{0389A677-241F-6EEC-54B0-2D07F620776E}" = Catalyst Control Center Localization All
"{03D98FB6-0E27-5614-864A-961248BD89E8}" = CCC Help Danish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{19555808-AF6B-9E99-366C-A2D8C6FB3D07}" = CCC Help English
"{19643FA2-3DDD-1C05-A474-E4FB28638F65}" = Catalyst Control Center InstallProxy
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{271B24E3-1505-B13A-BF3E-282CF0C54B68}" = PX Profile Update
"{2735AEFA-57A5-44AD-81B6-BE30CA07C066}" = Tradesignal Online Chart
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{29172463-C766-9812-F399-82380F03761A}" = CCC Help Korean
"{2E6D4F14-C94C-758B-46E4-9AD21852108F}" = CCC Help Portuguese
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3DBFE2A1-945C-9F14-17F6-1F74CB4F82A5}" = CCC Help Japanese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4504861F-2770-D8F2-F0B1-B723FADF315F}" = CCC Help Polish
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50210E48-FB67-0045-3853-C3FBEB470127}" = CCC Help French
"{5035C1F3-6147-3C83-3C39-37B6DBDAC163}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5F1DD61A-0C22-E924-3A81-DFFCC14A5A97}" = CCC Help Russian
"{612bfba6-b1b0-46fb-8c63-05f7a401e025}" = Nero 9
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A2BF2A-E7E5-BA48-7525-02BD5B7425C7}" = CCC Help Chinese Standard
"{744C5097-94C7-DE34-5B1F-43EDFDBD5E35}" = CCC Help Dutch
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{795062B9-1B7A-7ACA-1C7D-7B3D61F4116A}" = ccc-core-static
"{7D5B0DA2-9AAE-3ADF-B692-685EA3DC64C6}" = CCC Help Italian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CC173F3-DBEC-ED42-68EF-49BCB95FC49F}" = CCC Help Swedish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARD_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96A84750-A54D-C7C3-44AA-5C28C36C5640}" = CCC Help German
"{96B17AEC-9C54-0969-5613-4C9B33BFEAFF}" = CCC Help Chinese Traditional
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1751DF-188D-591B-3887-1825F597007A}" = CCC Help Spanish
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A44B2324-CB46-A9F9-7FDC-7FD087AEC7FC}" = Catalyst Control Center Profiles Mobile
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B34E1065-711C-7B9E-C77D-9E071DAAFC31}" = CCC Help Finnish
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BA0F92C2-2012-0AF0-A2CE-62E220A0AF06}" = CCC Help Hungarian
"{BCFC4789-7C5E-B050-CBB1-8C6CA46990A8}" = CCC Help Greek
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CCB6DF61-A144-02B4-EDC7-D7478AF7B27D}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis*True*Image*Home
"{E7FC3EAE-C6D8-92D1-B065-29DECFD5A8E7}" = Catalyst Control Center Graphics Previews Common
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8B2AA7F-956F-D943-F1C0-42843041B108}" = CCC Help Czech
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC2C6FBD-01DC-36D8-5F4B-7033B00C9963}" = CCC Help Turkish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"BURY_Update_Manager_is1" = BURY_Update_Manager 1.2.9
"delta" = Delta toolbar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.2.430
"FreePDF_XP" = FreePDF (Remove only)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"MPE" = MyPhoneExplorer
"Office14.STANDARD" = Microsoft Office Standard 2010
"VeriFace" = VeriFace
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2012 14:23:36 | Computer Name = ****** | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 14.11.2012 14:23:36 | Computer Name = ****** | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 14.11.2012 18:23:15 | Computer Name = ****** | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 14.11.2012 18:23:15 | Computer Name = ****** | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 15.11.2012 15:01:53 | Computer Name = ****** | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 15.11.2012 15:01:53 | Computer Name = ****** | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 15.11.2012 19:15:42 | Computer Name = ****** | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 15.11.2012 19:15:42 | Computer Name = ****** | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 16.11.2012 11:12:48 | Computer Name = ****** | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
Error - 16.11.2012 11:12:49 | Computer Name = ****** | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC
[ System Events ]
Error - 02.05.2013 13:07:55 | Computer Name = ****** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 02.05.2013 13:07:55 | Computer Name = ****** | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 02.05.2013 13:07:55 | Computer Name = ****** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 02.05.2013 13:07:55 | Computer Name = ****** | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 02.05.2013 13:07:55 | Computer Name = ****** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 02.05.2013 13:07:55 | Computer Name = ****** | Source = Schannel | ID = 36874
Description = Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung
übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung
unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error - 02.05.2013 13:07:55 | Computer Name = ****** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
lautet: 107.
Error - 03.05.2013 09:51:50 | Computer Name = ****** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.
Error - 03.05.2013 09:51:50 | Computer Name = ****** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 07.05.2013 11:47:25 | Computer Name = ****** | Source = DCOM | ID = 10010
Description =
< End of report >
Wurde Windows runtergefahren um eine Beschädigung am System zu verhindern, habe ich dann nicht nochmal versucht. Ich hoffe das die Informationen so weiterhelfen und vollständig sind. Leider muss ich jetzt zu einer Familienfeier und kann mich erst Morgen wieder Melden. Im Voraus vielen Dank an alle die sich mit meinem Problem befassen. |
|
11.05.2013, 12:53
| #2 |
| /// Malware-holic   | Avast free Blockiert bei jedem Systemstart Maleware Hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
11.05.2013, 18:19
| #3 |
| | Avast free Blockiert bei jedem Systemstart Maleware Hallo markusg
__________________Erst eimal vielen Dank das du Dir für mein Problem Zeit nimmst. Konnte mich mal kurz von der Feier abseilen. TDSS hat nichts gefunden. Log TDSS: Code:
ATTFilter 19:02:11.0624 5436 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:02:12.0014 5436 ============================================================
19:02:12.0014 5436 Current date / time: 2013/05/11 19:02:12.0014
19:02:12.0014 5436 SystemInfo:
19:02:12.0014 5436
19:02:12.0014 5436 OS Version: 6.1.7601 ServicePack: 1.0
19:02:12.0014 5436 Product type: Workstation
19:02:12.0014 5436 ComputerName: *****
19:02:12.0014 5436 UserName: ******
19:02:12.0014 5436 Windows directory: C:\windows
19:02:12.0014 5436 System windows directory: C:\windows
19:02:12.0014 5436 Running under WOW64
19:02:12.0014 5436 Processor architecture: Intel x64
19:02:12.0014 5436 Number of processors: 4
19:02:12.0014 5436 Page size: 0x1000
19:02:12.0014 5436 Boot type: Normal boot
19:02:12.0014 5436 ============================================================
19:02:12.0420 5436 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:02:12.0435 5436 ============================================================
19:02:12.0435 5436 \Device\Harddisk0\DR0:
19:02:12.0435 5436 MBR partitions:
19:02:12.0435 5436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
19:02:12.0435 5436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x51D61000
19:02:12.0466 5436 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51DC6000, BlocksNum 0x39FE000
19:02:12.0466 5436 ============================================================
19:02:12.0513 5436 C: <-> \Device\Harddisk0\DR0\Partition2
19:02:12.0560 5436 D: <-> \Device\Harddisk0\DR0\Partition3
19:02:12.0560 5436 ============================================================
19:02:12.0560 5436 Initialize success
19:02:12.0560 5436 ============================================================
19:03:29.0219 4048 ============================================================
19:03:29.0219 4048 Scan started
19:03:29.0219 4048 Mode: Manual; SigCheck; TDLFS;
19:03:29.0219 4048 ============================================================
19:03:29.0406 4048 ================ Scan system memory ========================
19:03:29.0406 4048 System memory - ok
19:03:29.0406 4048 ================ Scan services =============================
19:03:29.0655 4048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:03:29.0858 4048 1394ohci - ok
19:03:29.0905 4048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:03:29.0952 4048 ACPI - ok
19:03:29.0967 4048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:03:29.0999 4048 AcpiPmi - ok
19:03:30.0045 4048 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
19:03:30.0092 4048 ACPIVPC - ok
19:03:30.0186 4048 [ 4C096D550B6BC71D9D9A8716995C1879 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
19:03:30.0233 4048 AcrSch2Svc - ok
19:03:30.0326 4048 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:30.0357 4048 AdobeARMservice - ok
19:03:30.0513 4048 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:03:30.0560 4048 AdobeFlashPlayerUpdateSvc - ok
19:03:30.0607 4048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
19:03:30.0638 4048 adp94xx - ok
19:03:30.0701 4048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
19:03:30.0747 4048 adpahci - ok
19:03:30.0747 4048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
19:03:30.0763 4048 adpu320 - ok
19:03:30.0779 4048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:03:30.0872 4048 AeLookupSvc - ok
19:03:30.0919 4048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:03:31.0013 4048 AFD - ok
19:03:31.0044 4048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:03:31.0075 4048 agp440 - ok
19:03:31.0091 4048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:03:31.0122 4048 ALG - ok
19:03:31.0153 4048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:03:31.0169 4048 aliide - ok
19:03:31.0215 4048 [ A9141F9FE92E67A92B3948635E96CF77 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
19:03:31.0293 4048 AMD External Events Utility - ok
19:03:31.0325 4048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:03:31.0340 4048 amdide - ok
19:03:31.0356 4048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
19:03:31.0403 4048 AmdK8 - ok
19:03:31.0574 4048 [ 99A33223B2D67A5A8839E373490F8EBC ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
19:03:31.0777 4048 amdkmdag - ok
19:03:31.0808 4048 [ 73A3D07343773A4F0881A458D485BE11 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
19:03:31.0886 4048 amdkmdap - ok
19:03:31.0917 4048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
19:03:31.0949 4048 AmdPPM - ok
19:03:31.0980 4048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:03:31.0995 4048 amdsata - ok
19:03:31.0995 4048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
19:03:32.0011 4048 amdsbs - ok
19:03:32.0027 4048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:03:32.0042 4048 amdxata - ok
19:03:32.0058 4048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:03:32.0105 4048 AppID - ok
19:03:32.0136 4048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:03:32.0183 4048 AppIDSvc - ok
19:03:32.0198 4048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:03:32.0229 4048 Appinfo - ok
19:03:32.0245 4048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
19:03:32.0261 4048 arc - ok
19:03:32.0276 4048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
19:03:32.0292 4048 arcsas - ok
19:03:32.0323 4048 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
19:03:32.0354 4048 aswFsBlk - ok
19:03:32.0385 4048 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
19:03:32.0401 4048 aswMonFlt - ok
19:03:32.0432 4048 [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
19:03:32.0448 4048 aswRdr - ok
19:03:32.0479 4048 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
19:03:32.0495 4048 aswRvrt - ok
19:03:32.0526 4048 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
19:03:32.0541 4048 aswSnx - ok
19:03:32.0573 4048 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\windows\system32\drivers\aswSP.sys
19:03:32.0588 4048 aswSP - ok
19:03:32.0604 4048 [ D62C10D1829C65115111C160EA956260 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
19:03:32.0619 4048 aswTdi - ok
19:03:32.0651 4048 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\windows\system32\drivers\aswVmm.sys
19:03:32.0666 4048 aswVmm - ok
19:03:32.0682 4048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:03:32.0744 4048 AsyncMac - ok
19:03:32.0775 4048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:03:32.0807 4048 atapi - ok
19:03:32.0869 4048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:03:32.0931 4048 AudioEndpointBuilder - ok
19:03:32.0947 4048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:03:32.0978 4048 AudioSrv - ok
19:03:33.0072 4048 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:03:33.0103 4048 avast! Antivirus - ok
19:03:33.0134 4048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:03:33.0228 4048 AxInstSV - ok
19:03:33.0259 4048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
19:03:33.0306 4048 b06bdrv - ok
19:03:33.0321 4048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:03:33.0368 4048 b57nd60a - ok
19:03:33.0509 4048 [ B5D54119CE0BB77872C33A717CB76386 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
19:03:33.0571 4048 BCM43XX - ok
19:03:33.0602 4048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:03:33.0633 4048 BDESVC - ok
19:03:33.0649 4048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:03:33.0727 4048 Beep - ok
19:03:33.0789 4048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:03:33.0867 4048 BFE - ok
19:03:33.0899 4048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
19:03:33.0961 4048 BITS - ok
19:03:34.0008 4048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:03:34.0055 4048 blbdrive - ok
19:03:34.0086 4048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:03:34.0148 4048 bowser - ok
19:03:34.0195 4048 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
19:03:34.0226 4048 BPntDrv - ok
19:03:34.0257 4048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
19:03:34.0289 4048 BrFiltLo - ok
19:03:34.0289 4048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
19:03:34.0304 4048 BrFiltUp - ok
19:03:34.0351 4048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:03:34.0398 4048 Browser - ok
19:03:34.0538 4048 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
19:03:34.0585 4048 BrowserProtect - ok
19:03:34.0616 4048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:03:34.0663 4048 Brserid - ok
19:03:34.0663 4048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:03:34.0679 4048 BrSerWdm - ok
19:03:34.0710 4048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:03:34.0725 4048 BrUsbMdm - ok
19:03:34.0725 4048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:03:34.0741 4048 BrUsbSer - ok
19:03:34.0788 4048 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
19:03:34.0850 4048 BthEnum - ok
19:03:34.0866 4048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:03:34.0897 4048 BTHMODEM - ok
19:03:34.0913 4048 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:03:34.0928 4048 BthPan - ok
19:03:34.0959 4048 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
19:03:35.0022 4048 BTHPORT - ok
19:03:35.0069 4048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:03:35.0131 4048 bthserv - ok
19:03:35.0147 4048 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
19:03:35.0162 4048 BTHUSB - ok
19:03:35.0209 4048 [ 9DE56FA4533E485AE5409D3C11747143 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
19:03:35.0240 4048 BTWAMPFL - ok
19:03:35.0271 4048 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
19:03:35.0287 4048 btwaudio - ok
19:03:35.0349 4048 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
19:03:35.0365 4048 btwavdt - ok
19:03:35.0427 4048 [ 7987FFFDA812ABC69047D1B029D446A2 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
19:03:35.0490 4048 btwdins - ok
19:03:35.0490 4048 [ E8D2BCD080EA91E74775B9F5EA051F97 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
19:03:35.0505 4048 btwl2cap - ok
19:03:35.0537 4048 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
19:03:35.0552 4048 btwrchid - ok
19:03:35.0568 4048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:03:35.0615 4048 cdfs - ok
19:03:35.0661 4048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:03:35.0693 4048 cdrom - ok
19:03:35.0739 4048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:03:35.0786 4048 CertPropSvc - ok
19:03:35.0817 4048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
19:03:35.0833 4048 circlass - ok
19:03:35.0864 4048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:03:35.0880 4048 CLFS - ok
19:03:35.0942 4048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:35.0989 4048 clr_optimization_v2.0.50727_32 - ok
19:03:36.0020 4048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:03:36.0051 4048 clr_optimization_v2.0.50727_64 - ok
19:03:36.0145 4048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:36.0176 4048 clr_optimization_v4.0.30319_32 - ok
19:03:36.0207 4048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:03:36.0207 4048 clr_optimization_v4.0.30319_64 - ok
19:03:36.0254 4048 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\windows\system32\DRIVERS\clwvd.sys
19:03:36.0270 4048 clwvd - ok
19:03:36.0301 4048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:03:36.0348 4048 CmBatt - ok
19:03:36.0363 4048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:03:36.0379 4048 cmdide - ok
19:03:36.0410 4048 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
19:03:36.0441 4048 CNG - ok
19:03:36.0535 4048 [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
19:03:36.0582 4048 CnxtHdAudService - ok
19:03:36.0629 4048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
19:03:36.0644 4048 Compbatt - ok
19:03:36.0660 4048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
19:03:36.0707 4048 CompositeBus - ok
19:03:36.0722 4048 COMSysApp - ok
19:03:36.0722 4048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
19:03:36.0738 4048 crcdisk - ok
19:03:36.0785 4048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:03:36.0816 4048 CryptSvc - ok
19:03:36.0831 4048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:03:36.0894 4048 DcomLaunch - ok
19:03:36.0909 4048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:03:36.0956 4048 defragsvc - ok
19:03:36.0987 4048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:03:37.0034 4048 DfsC - ok
19:03:37.0050 4048 dgderdrv - ok
19:03:37.0081 4048 [ 113212D25D0C9BB8901A9833774DA97F ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
19:03:37.0081 4048 dg_ssudbus - ok
19:03:37.0112 4048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:03:37.0143 4048 Dhcp - ok
19:03:37.0175 4048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:03:37.0221 4048 discache - ok
19:03:37.0253 4048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
19:03:37.0268 4048 Disk - ok
19:03:37.0284 4048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:03:37.0315 4048 Dnscache - ok
19:03:37.0346 4048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:03:37.0393 4048 dot3svc - ok
19:03:37.0409 4048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:03:37.0487 4048 DPS - ok
19:03:37.0533 4048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:03:37.0580 4048 drmkaud - ok
19:03:37.0627 4048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:03:37.0658 4048 DXGKrnl - ok
19:03:37.0705 4048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:03:37.0799 4048 EapHost - ok
19:03:37.0877 4048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
19:03:37.0986 4048 ebdrv - ok
19:03:38.0017 4048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:03:38.0048 4048 EFS - ok
19:03:38.0126 4048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:03:38.0189 4048 ehRecvr - ok
19:03:38.0189 4048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:03:38.0204 4048 ehSched - ok
19:03:38.0251 4048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
19:03:38.0267 4048 elxstor - ok
19:03:38.0267 4048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:03:38.0298 4048 ErrDev - ok
19:03:38.0345 4048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:03:38.0391 4048 EventSystem - ok
19:03:38.0407 4048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:03:38.0438 4048 exfat - ok
19:03:38.0469 4048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:03:38.0501 4048 fastfat - ok
19:03:38.0532 4048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:03:38.0563 4048 Fax - ok
19:03:38.0610 4048 [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon C:\windows\system32\drivers\fbfmon.sys
19:03:38.0625 4048 fbfmon - ok
19:03:38.0641 4048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
19:03:38.0672 4048 fdc - ok
19:03:38.0703 4048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:03:38.0735 4048 fdPHost - ok
19:03:38.0766 4048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:03:38.0813 4048 FDResPub - ok
19:03:38.0844 4048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:03:38.0859 4048 FileInfo - ok
19:03:38.0875 4048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:03:38.0906 4048 Filetrace - ok
19:03:38.0937 4048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
19:03:38.0953 4048 flpydisk - ok
19:03:38.0969 4048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:03:38.0984 4048 FltMgr - ok
19:03:39.0047 4048 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
19:03:39.0140 4048 FontCache - ok
19:03:39.0187 4048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:03:39.0218 4048 FontCache3.0.0.0 - ok
19:03:39.0249 4048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:03:39.0265 4048 FsDepends - ok
19:03:39.0312 4048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:03:39.0327 4048 Fs_Rec - ok
19:03:39.0374 4048 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:03:39.0405 4048 fvevol - ok
19:03:39.0437 4048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
19:03:39.0452 4048 gagp30kx - ok
19:03:39.0483 4048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:03:39.0530 4048 gpsvc - ok
19:03:39.0608 4048 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:03:39.0639 4048 gupdate - ok
19:03:39.0671 4048 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:03:39.0686 4048 gupdatem - ok
19:03:39.0717 4048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:03:39.0764 4048 hcw85cir - ok
19:03:39.0780 4048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:03:39.0827 4048 HdAudAddService - ok
19:03:39.0842 4048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
19:03:39.0873 4048 HDAudBus - ok
19:03:39.0873 4048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
19:03:39.0889 4048 HidBatt - ok
19:03:39.0905 4048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
19:03:39.0936 4048 HidBth - ok
19:03:39.0951 4048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
19:03:39.0967 4048 HidIr - ok
19:03:39.0998 4048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
19:03:40.0029 4048 hidserv - ok
19:03:40.0029 4048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:03:40.0045 4048 HidUsb - ok
19:03:40.0076 4048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:03:40.0154 4048 hkmsvc - ok
19:03:40.0170 4048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:03:40.0201 4048 HomeGroupListener - ok
19:03:40.0232 4048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:03:40.0263 4048 HomeGroupProvider - ok
19:03:40.0279 4048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:03:40.0279 4048 HpSAMD - ok
19:03:40.0326 4048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:03:40.0373 4048 HTTP - ok
19:03:40.0388 4048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:03:40.0404 4048 hwpolicy - ok
19:03:40.0435 4048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
19:03:40.0451 4048 i8042prt - ok
19:03:40.0482 4048 [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:03:40.0497 4048 iaStor - ok
19:03:40.0575 4048 [ F5C0317AF600F8C0D7E4202EB04232B1 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:03:40.0607 4048 IAStorDataMgrSvc - ok
19:03:40.0653 4048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:03:40.0669 4048 iaStorV - ok
19:03:40.0731 4048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:03:40.0809 4048 idsvc - ok
19:03:41.0028 4048 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:03:41.0324 4048 igfx - ok
19:03:41.0355 4048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
19:03:41.0371 4048 iirsp - ok
19:03:41.0402 4048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:03:41.0465 4048 IKEEXT - ok
19:03:41.0511 4048 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
19:03:41.0543 4048 IntcDAud - ok
19:03:41.0558 4048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:03:41.0574 4048 intelide - ok
19:03:41.0808 4048 [ 795C99DC4F574C97C03D0BB39CF099EE ] intelkmd C:\windows\system32\DRIVERS\igdpmd64.sys
19:03:42.0073 4048 intelkmd - ok
19:03:42.0104 4048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:03:42.0135 4048 intelppm - ok
19:03:42.0151 4048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:03:42.0213 4048 IPBusEnum - ok
19:03:42.0213 4048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:03:42.0245 4048 IpFilterDriver - ok
19:03:42.0307 4048 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:03:42.0369 4048 iphlpsvc - ok
19:03:42.0369 4048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:03:42.0385 4048 IPMIDRV - ok
19:03:42.0401 4048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:03:42.0447 4048 IPNAT - ok
19:03:42.0463 4048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:03:42.0479 4048 IRENUM - ok
19:03:42.0479 4048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:03:42.0494 4048 isapnp - ok
19:03:42.0510 4048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:03:42.0525 4048 iScsiPrt - ok
19:03:42.0557 4048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:03:42.0572 4048 kbdclass - ok
19:03:42.0572 4048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
19:03:42.0603 4048 kbdhid - ok
19:03:42.0603 4048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:03:42.0619 4048 KeyIso - ok
19:03:42.0666 4048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:03:42.0681 4048 KSecDD - ok
19:03:42.0697 4048 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:03:42.0713 4048 KSecPkg - ok
19:03:42.0744 4048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:03:42.0791 4048 ksthunk - ok
19:03:42.0806 4048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:03:42.0853 4048 KtmRm - ok
19:03:42.0869 4048 [ 95CA93FC12BE372BB952669F37FFF9C5 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
19:03:42.0884 4048 L1C - ok
19:03:42.0915 4048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
19:03:42.0962 4048 LanmanServer - ok
19:03:43.0009 4048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:03:43.0103 4048 LanmanWorkstation - ok
19:03:43.0196 4048 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:03:43.0243 4048 LBTServ - ok
19:03:43.0274 4048 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
19:03:43.0274 4048 LHDmgr - ok
19:03:43.0305 4048 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\windows\system32\DRIVERS\LHidFilt.Sys
19:03:43.0321 4048 LHidFilt - ok
19:03:43.0368 4048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:03:43.0446 4048 lltdio - ok
19:03:43.0477 4048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:03:43.0524 4048 lltdsvc - ok
19:03:43.0539 4048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:03:43.0571 4048 lmhosts - ok
19:03:43.0602 4048 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\windows\system32\DRIVERS\LMouFilt.Sys
19:03:43.0617 4048 LMouFilt - ok
19:03:43.0664 4048 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:03:43.0695 4048 LMS - ok
19:03:43.0742 4048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
19:03:43.0758 4048 LSI_FC - ok
19:03:43.0773 4048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
19:03:43.0789 4048 LSI_SAS - ok
19:03:43.0789 4048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
19:03:43.0805 4048 LSI_SAS2 - ok
19:03:43.0805 4048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
19:03:43.0820 4048 LSI_SCSI - ok
19:03:43.0836 4048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:03:43.0883 4048 luafv - ok
19:03:43.0914 4048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:03:43.0945 4048 Mcx2Svc - ok
19:03:43.0945 4048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
19:03:43.0961 4048 megasas - ok
19:03:43.0976 4048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
19:03:43.0992 4048 MegaSR - ok
19:03:44.0039 4048 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
19:03:44.0039 4048 MEIx64 - ok
19:03:44.0070 4048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:03:44.0101 4048 MMCSS - ok
19:03:44.0117 4048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:03:44.0163 4048 Modem - ok
19:03:44.0210 4048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:03:44.0257 4048 monitor - ok
19:03:44.0273 4048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:03:44.0288 4048 mouclass - ok
19:03:44.0304 4048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:03:44.0335 4048 mouhid - ok
19:03:44.0351 4048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:03:44.0366 4048 mountmgr - ok
19:03:44.0382 4048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:03:44.0397 4048 mpio - ok
19:03:44.0413 4048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:03:44.0444 4048 mpsdrv - ok
19:03:44.0491 4048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:03:44.0538 4048 MpsSvc - ok
19:03:44.0538 4048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:03:44.0569 4048 MRxDAV - ok
19:03:44.0600 4048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:03:44.0616 4048 mrxsmb - ok
19:03:44.0647 4048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:03:44.0663 4048 mrxsmb10 - ok
19:03:44.0678 4048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:03:44.0694 4048 mrxsmb20 - ok
19:03:44.0725 4048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:03:44.0725 4048 msahci - ok
19:03:44.0756 4048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:03:44.0756 4048 msdsm - ok
19:03:44.0803 4048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:03:44.0819 4048 MSDTC - ok
19:03:44.0850 4048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:03:44.0897 4048 Msfs - ok
19:03:44.0912 4048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:03:44.0943 4048 mshidkmdf - ok
19:03:44.0975 4048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:03:44.0975 4048 msisadrv - ok
19:03:45.0021 4048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:03:45.0084 4048 MSiSCSI - ok
19:03:45.0084 4048 msiserver - ok
19:03:45.0146 4048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:03:45.0193 4048 MSKSSRV - ok
19:03:45.0209 4048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:03:45.0240 4048 MSPCLOCK - ok
19:03:45.0255 4048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:03:45.0287 4048 MSPQM - ok
19:03:45.0318 4048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:03:45.0333 4048 MsRPC - ok
19:03:45.0349 4048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
19:03:45.0349 4048 mssmbios - ok
19:03:45.0365 4048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:03:45.0396 4048 MSTEE - ok
19:03:45.0411 4048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
19:03:45.0411 4048 MTConfig - ok
19:03:45.0443 4048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:03:45.0443 4048 Mup - ok
19:03:45.0474 4048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:03:45.0521 4048 napagent - ok
19:03:45.0552 4048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:03:45.0583 4048 NativeWifiP - ok
19:03:45.0661 4048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:03:45.0723 4048 NDIS - ok
19:03:45.0739 4048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:03:45.0786 4048 NdisCap - ok
19:03:45.0817 4048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:03:45.0848 4048 NdisTapi - ok
19:03:45.0848 4048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:03:45.0895 4048 Ndisuio - ok
19:03:45.0895 4048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:03:45.0942 4048 NdisWan - ok
19:03:45.0957 4048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:03:46.0004 4048 NDProxy - ok
19:03:46.0113 4048 [ 0FF3C6AA3E0FE0EB316DF5449B569463 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:03:46.0191 4048 Nero BackItUp Scheduler 4.0 - ok
19:03:46.0223 4048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:03:46.0285 4048 NetBIOS - ok
19:03:46.0316 4048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:03:46.0347 4048 NetBT - ok
19:03:46.0347 4048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:03:46.0363 4048 Netlogon - ok
19:03:46.0410 4048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:03:46.0488 4048 Netman - ok
19:03:46.0503 4048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:03:46.0550 4048 netprofm - ok
19:03:46.0566 4048 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:03:46.0581 4048 NetTcpPortSharing - ok
19:03:46.0628 4048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
19:03:46.0644 4048 nfrd960 - ok
19:03:46.0675 4048 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
19:03:46.0737 4048 NlaSvc - ok
19:03:46.0737 4048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:03:46.0769 4048 Npfs - ok
19:03:46.0800 4048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:03:46.0847 4048 nsi - ok
19:03:46.0862 4048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:03:46.0909 4048 nsiproxy - ok
19:03:46.0956 4048 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:03:47.0018 4048 Ntfs - ok
19:03:47.0018 4048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:03:47.0065 4048 Null - ok
19:03:47.0096 4048 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
19:03:47.0112 4048 nusb3hub - ok
19:03:47.0159 4048 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
19:03:47.0205 4048 nusb3xhc - ok
19:03:47.0252 4048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:03:47.0268 4048 nvraid - ok
19:03:47.0283 4048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:03:47.0299 4048 nvstor - ok
19:03:47.0315 4048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:03:47.0330 4048 nv_agp - ok
19:03:47.0346 4048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:03:47.0377 4048 ohci1394 - ok
19:03:47.0408 4048 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:03:47.0424 4048 ose - ok
19:03:47.0564 4048 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:03:47.0705 4048 osppsvc - ok
19:03:47.0751 4048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:03:47.0783 4048 p2pimsvc - ok
19:03:47.0798 4048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:03:47.0829 4048 p2psvc - ok
19:03:47.0845 4048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
19:03:47.0861 4048 Parport - ok
19:03:47.0876 4048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:03:47.0892 4048 partmgr - ok
19:03:47.0907 4048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:03:47.0939 4048 PcaSvc - ok
19:03:47.0970 4048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:03:47.0970 4048 pci - ok
19:03:47.0985 4048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:03:47.0985 4048 pciide - ok
19:03:48.0001 4048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
19:03:48.0017 4048 pcmcia - ok
19:03:48.0017 4048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:03:48.0032 4048 pcw - ok
19:03:48.0048 4048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:03:48.0110 4048 PEAUTH - ok
19:03:48.0235 4048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:03:48.0297 4048 PerfHost - ok
19:03:48.0344 4048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:03:48.0422 4048 pla - ok
19:03:48.0469 4048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:03:48.0547 4048 PlugPlay - ok
19:03:48.0563 4048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:03:48.0594 4048 PNRPAutoReg - ok
19:03:48.0609 4048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:03:48.0625 4048 PNRPsvc - ok
19:03:48.0672 4048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:03:48.0719 4048 PolicyAgent - ok
19:03:48.0734 4048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:03:48.0781 4048 Power - ok
19:03:48.0812 4048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:03:48.0890 4048 PptpMiniport - ok
19:03:48.0906 4048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
19:03:48.0937 4048 Processor - ok
19:03:48.0953 4048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:03:48.0984 4048 ProfSvc - ok
19:03:48.0999 4048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:03:49.0015 4048 ProtectedStorage - ok
19:03:49.0046 4048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:03:49.0124 4048 Psched - ok
19:03:49.0155 4048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
19:03:49.0202 4048 ql2300 - ok
19:03:49.0218 4048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
19:03:49.0233 4048 ql40xx - ok
19:03:49.0265 4048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:03:49.0280 4048 QWAVE - ok
19:03:49.0311 4048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:03:49.0327 4048 QWAVEdrv - ok
19:03:49.0327 4048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:03:49.0358 4048 RasAcd - ok
19:03:49.0389 4048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:03:49.0421 4048 RasAgileVpn - ok
19:03:49.0436 4048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:03:49.0483 4048 RasAuto - ok
19:03:49.0499 4048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:03:49.0577 4048 Rasl2tp - ok
19:03:49.0608 4048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:03:49.0639 4048 RasMan - ok
19:03:49.0670 4048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:03:49.0717 4048 RasPppoe - ok
19:03:49.0733 4048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:03:49.0779 4048 RasSstp - ok
19:03:49.0779 4048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:03:49.0826 4048 rdbss - ok
19:03:49.0842 4048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
19:03:49.0857 4048 rdpbus - ok
19:03:49.0889 4048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:03:49.0920 4048 RDPCDD - ok
19:03:49.0920 4048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:03:49.0967 4048 RDPENCDD - ok
19:03:49.0982 4048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:03:50.0013 4048 RDPREFMP - ok
19:03:50.0060 4048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:03:50.0107 4048 RDPWD - ok
19:03:50.0138 4048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:03:50.0169 4048 rdyboost - ok
19:03:50.0201 4048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:03:50.0232 4048 RemoteAccess - ok
19:03:50.0263 4048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:03:50.0341 4048 RemoteRegistry - ok
19:03:50.0372 4048 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:03:50.0403 4048 RFCOMM - ok
19:03:50.0435 4048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:03:50.0481 4048 RpcEptMapper - ok
19:03:50.0497 4048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:03:50.0528 4048 RpcLocator - ok
19:03:50.0544 4048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:03:50.0575 4048 RpcSs - ok
19:03:50.0622 4048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:03:50.0653 4048 rspndr - ok
19:03:50.0684 4048 [ 89DFB71B370D82DFE75183F677043CEE ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
19:03:50.0715 4048 RSUSBVSTOR - ok
19:03:50.0762 4048 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:03:50.0778 4048 RTL8167 - ok
19:03:50.0825 4048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:03:50.0840 4048 SamSs - ok
19:03:50.0840 4048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:03:50.0856 4048 sbp2port - ok
19:03:50.0871 4048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:03:50.0934 4048 SCardSvr - ok
19:03:50.0949 4048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:03:50.0981 4048 scfilter - ok
19:03:51.0012 4048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:03:51.0059 4048 Schedule - ok
19:03:51.0105 4048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:03:51.0152 4048 SCPolicySvc - ok
19:03:51.0168 4048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:03:51.0199 4048 SDRSVC - ok
19:03:51.0215 4048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:03:51.0261 4048 secdrv - ok
19:03:51.0277 4048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:03:51.0308 4048 seclogon - ok
19:03:51.0339 4048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
19:03:51.0371 4048 SENS - ok
19:03:51.0386 4048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:03:51.0402 4048 SensrSvc - ok
19:03:51.0433 4048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
19:03:51.0449 4048 Serenum - ok
19:03:51.0464 4048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
19:03:51.0495 4048 Serial - ok
19:03:51.0495 4048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
19:03:51.0527 4048 sermouse - ok
19:03:51.0542 4048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:03:51.0589 4048 SessionEnv - ok
19:03:51.0589 4048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:03:51.0605 4048 sffdisk - ok
19:03:51.0605 4048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:03:51.0620 4048 sffp_mmc - ok
19:03:51.0636 4048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:03:51.0651 4048 sffp_sd - ok
19:03:51.0651 4048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
19:03:51.0667 4048 sfloppy - ok
19:03:51.0714 4048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:03:51.0792 4048 SharedAccess - ok
19:03:51.0807 4048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:03:51.0870 4048 ShellHWDetection - ok
19:03:51.0901 4048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
19:03:51.0932 4048 SiSRaid2 - ok
19:03:51.0932 4048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
19:03:51.0948 4048 SiSRaid4 - ok
19:03:51.0963 4048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:03:52.0010 4048 Smb - ok
19:03:52.0057 4048 [ D33F37DD403741982DBE99C7B6B6FF63 ] snapman C:\windows\system32\DRIVERS\snapman.sys
19:03:52.0073 4048 snapman - ok
19:03:52.0088 4048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:03:52.0104 4048 SNMPTRAP - ok
19:03:52.0119 4048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:03:52.0135 4048 spldr - ok
19:03:52.0182 4048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:03:52.0197 4048 Spooler - ok
19:03:52.0291 4048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:03:52.0447 4048 sppsvc - ok
19:03:52.0463 4048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:03:52.0494 4048 sppuinotify - ok
19:03:52.0541 4048 [ 454800C2BC7F3927CE030141EE4F4C50 ] SPUVCbv C:\windows\system32\Drivers\usbvideo.sys
19:03:52.0556 4048 SPUVCbv - ok
19:03:52.0587 4048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:03:52.0619 4048 srv - ok
19:03:52.0634 4048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:03:52.0681 4048 srv2 - ok
19:03:52.0697 4048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:03:52.0712 4048 srvnet - ok
19:03:52.0743 4048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:03:52.0821 4048 SSDPSRV - ok
19:03:52.0821 4048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:03:52.0853 4048 SstpSvc - ok
19:03:52.0915 4048 [ 78CD64791F8634CF7B582FD085E57C4B ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
19:03:52.0946 4048 ssudmdm - ok
19:03:52.0977 4048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
19:03:53.0009 4048 stexstor - ok
19:03:53.0040 4048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:03:53.0102 4048 stisvc - ok
19:03:53.0118 4048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
19:03:53.0133 4048 swenum - ok
19:03:53.0149 4048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:03:53.0196 4048 swprv - ok
19:03:53.0258 4048 [ 9643991B5CFD7A9BA68626B7A005F7E6 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
19:03:53.0305 4048 SynTP - ok
19:03:53.0336 4048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:03:53.0399 4048 SysMain - ok
19:03:53.0414 4048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:03:53.0445 4048 TabletInputService - ok
19:03:53.0461 4048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:03:53.0492 4048 TapiSrv - ok
19:03:53.0523 4048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:03:53.0555 4048 TBS - ok
19:03:53.0633 4048 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:03:53.0695 4048 Tcpip - ok
19:03:53.0773 4048 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:03:53.0804 4048 TCPIP6 - ok
19:03:53.0851 4048 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:03:53.0851 4048 tcpipreg - ok
19:03:53.0898 4048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:03:53.0913 4048 TDPIPE - ok
19:03:53.0945 4048 [ 0735948466EC4FD24AA4AD36448C6888 ] tdrpman C:\windows\system32\DRIVERS\tdrpman.sys
19:03:53.0960 4048 tdrpman - ok
19:03:53.0976 4048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:03:53.0991 4048 TDTCP - ok
19:03:54.0007 4048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:03:54.0038 4048 tdx - ok
19:03:54.0069 4048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
19:03:54.0069 4048 TermDD - ok
19:03:54.0116 4048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:03:54.0210 4048 TermService - ok
19:03:54.0225 4048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:03:54.0241 4048 Themes - ok
19:03:54.0257 4048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:03:54.0288 4048 THREADORDER - ok
19:03:54.0303 4048 [ 8FF7D3276F47938AD11FD15B4EB1ABF6 ] tifsfilter C:\windows\system32\DRIVERS\tifsfilt.sys
19:03:54.0319 4048 tifsfilter - ok
19:03:54.0335 4048 [ 5D21EC50C03387B9519E87A303D0850B ] timounter C:\windows\system32\DRIVERS\timntr.sys
19:03:54.0366 4048 timounter - ok
19:03:54.0381 4048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:03:54.0428 4048 TrkWks - ok
19:03:54.0475 4048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:03:54.0537 4048 TrustedInstaller - ok
19:03:54.0615 4048 [ 7C9159A4647AC97CFA106BFB38789FB8 ] TryAndDecideService C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
19:03:54.0647 4048 TryAndDecideService - ok
19:03:54.0678 4048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:03:54.0740 4048 tssecsrv - ok
19:03:54.0771 4048 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:03:54.0787 4048 TsUsbFlt - ok
19:03:54.0803 4048 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
19:03:54.0818 4048 TsUsbGD - ok
19:03:54.0865 4048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:03:54.0974 4048 tunnel - ok
19:03:54.0974 4048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
19:03:54.0990 4048 uagp35 - ok
19:03:54.0990 4048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:03:55.0037 4048 udfs - ok
19:03:55.0052 4048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:03:55.0083 4048 UI0Detect - ok
19:03:55.0099 4048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:03:55.0099 4048 uliagpkx - ok
19:03:55.0130 4048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
19:03:55.0161 4048 umbus - ok
19:03:55.0161 4048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
19:03:55.0193 4048 UmPass - ok
19:03:55.0317 4048 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:03:55.0395 4048 UNS - ok
19:03:55.0442 4048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:03:55.0489 4048 upnphost - ok
19:03:55.0520 4048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:03:55.0536 4048 usbccgp - ok
19:03:55.0583 4048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:03:55.0598 4048 usbcir - ok
19:03:55.0614 4048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:03:55.0629 4048 usbehci - ok
19:03:55.0676 4048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:03:55.0723 4048 usbhub - ok
19:03:55.0739 4048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
19:03:55.0817 4048 usbohci - ok
19:03:55.0863 4048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
19:03:55.0910 4048 usbprint - ok
19:03:55.0941 4048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:03:55.0973 4048 USBSTOR - ok
19:03:55.0988 4048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
19:03:56.0019 4048 usbuhci - ok
19:03:56.0051 4048 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
19:03:56.0066 4048 usbvideo - ok
19:03:56.0113 4048 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\windows\system32\DRIVERS\usb8023x.sys
19:03:56.0160 4048 usb_rndisx - ok
19:03:56.0191 4048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:03:56.0253 4048 UxSms - ok
19:03:56.0269 4048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:03:56.0285 4048 VaultSvc - ok
19:03:56.0316 4048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:03:56.0331 4048 vdrvroot - ok
19:03:56.0347 4048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:03:56.0394 4048 vds - ok
19:03:56.0425 4048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:03:56.0441 4048 vga - ok
19:03:56.0456 4048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:03:56.0503 4048 VgaSave - ok
19:03:56.0519 4048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:03:56.0534 4048 vhdmp - ok
19:03:56.0534 4048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:03:56.0550 4048 viaide - ok
19:03:56.0565 4048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:03:56.0565 4048 volmgr - ok
19:03:56.0581 4048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:03:56.0597 4048 volmgrx - ok
19:03:56.0612 4048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
19:03:56.0628 4048 volsnap - ok
19:03:56.0659 4048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
19:03:56.0675 4048 vsmraid - ok
19:03:56.0753 4048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:03:56.0846 4048 VSS - ok
19:03:56.0846 4048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:03:56.0877 4048 vwifibus - ok
19:03:56.0909 4048 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:03:56.0940 4048 vwififlt - ok
19:03:56.0971 4048 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
19:03:57.0002 4048 vwifimp - ok
19:03:57.0033 4048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:03:57.0080 4048 W32Time - ok
19:03:57.0080 4048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
19:03:57.0111 4048 WacomPen - ok
19:03:57.0143 4048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:03:57.0221 4048 WANARP - ok
19:03:57.0221 4048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:03:57.0252 4048 Wanarpv6 - ok
19:03:57.0299 4048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:03:57.0361 4048 wbengine - ok
19:03:57.0392 4048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:03:57.0408 4048 WbioSrvc - ok
19:03:57.0423 4048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:03:57.0455 4048 wcncsvc - ok
19:03:57.0470 4048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:03:57.0486 4048 WcsPlugInService - ok
19:03:57.0501 4048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
19:03:57.0517 4048 Wd - ok
19:03:57.0548 4048 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:03:57.0611 4048 Wdf01000 - ok
19:03:57.0626 4048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:03:57.0657 4048 WdiServiceHost - ok
19:03:57.0657 4048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:03:57.0673 4048 WdiSystemHost - ok
19:03:57.0689 4048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:03:57.0735 4048 WebClient - ok
19:03:57.0751 4048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:03:57.0798 4048 Wecsvc - ok
19:03:57.0813 4048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:03:57.0860 4048 wercplsupport - ok
19:03:57.0876 4048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:03:57.0923 4048 WerSvc - ok
19:03:57.0938 4048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:03:57.0969 4048 WfpLwf - ok
19:03:58.0016 4048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:03:58.0047 4048 WIMMount - ok
19:03:58.0079 4048 WinDefend - ok
19:03:58.0094 4048 WinHttpAutoProxySvc - ok
19:03:58.0125 4048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:03:58.0188 4048 Winmgmt - ok
19:03:58.0235 4048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:03:58.0344 4048 WinRM - ok
19:03:58.0406 4048 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:03:58.0469 4048 WinUsb - ok
19:03:58.0500 4048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:03:58.0547 4048 Wlansvc - ok
19:03:58.0593 4048 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:03:58.0625 4048 wlcrasvc - ok
19:03:58.0718 4048 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:03:58.0796 4048 wlidsvc - ok
19:03:58.0827 4048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:03:58.0843 4048 WmiAcpi - ok
19:03:58.0874 4048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:03:58.0905 4048 wmiApSrv - ok
19:03:58.0952 4048 WMPNetworkSvc - ok
19:03:58.0968 4048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:03:58.0999 4048 WPCSvc - ok
19:03:59.0030 4048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:03:59.0061 4048 WPDBusEnum - ok
19:03:59.0077 4048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:03:59.0108 4048 ws2ifsl - ok
19:03:59.0139 4048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
19:03:59.0171 4048 wscsvc - ok
19:03:59.0171 4048 WSearch - ok
19:03:59.0217 4048 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
19:03:59.0249 4048 wsvd - ok
19:03:59.0327 4048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:03:59.0405 4048 wuauserv - ok
19:03:59.0420 4048 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:03:59.0467 4048 WudfPf - ok
19:03:59.0498 4048 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:03:59.0529 4048 WUDFRd - ok
19:03:59.0561 4048 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:03:59.0592 4048 wudfsvc - ok
19:03:59.0623 4048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:03:59.0639 4048 WwanSvc - ok
19:03:59.0670 4048 ================ Scan global ===============================
19:03:59.0701 4048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:03:59.0748 4048 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:03:59.0779 4048 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
19:03:59.0810 4048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:03:59.0841 4048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:03:59.0857 4048 [Global] - ok
19:03:59.0857 4048 ================ Scan MBR ==================================
19:03:59.0873 4048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:04:00.0231 4048 \Device\Harddisk0\DR0 - ok
19:04:00.0231 4048 ================ Scan VBR ==================================
19:04:00.0247 4048 [ 0403376D77CD2A8FB3F38C81A780A4E4 ] \Device\Harddisk0\DR0\Partition1
19:04:00.0247 4048 \Device\Harddisk0\DR0\Partition1 - ok
19:04:00.0278 4048 [ 5E24A94565C29B69F68FFE1E06F2EC70 ] \Device\Harddisk0\DR0\Partition2
19:04:00.0278 4048 \Device\Harddisk0\DR0\Partition2 - ok
19:04:00.0309 4048 [ CF3CEB0BAE7B8F7306176C76EB388A37 ] \Device\Harddisk0\DR0\Partition3
19:04:00.0309 4048 \Device\Harddisk0\DR0\Partition3 - ok
19:04:00.0309 4048 ============================================================
19:04:00.0309 4048 Scan finished
19:04:00.0309 4048 ============================================================
19:04:00.0325 5688 Detected object count: 0
19:04:00.0325 5688 Actual detected object count: 0
19:05:34.0081 5552 Deinitialize success
|
|
11.05.2013, 18:20
| #4 |
| /// Malware-holic | Avast free Blockiert bei jedem Systemstart Maleware Hi, nimm dir einfach die Zeit, die du brauchst, musst nich deine Feier vernachlässigen :-) Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.05.2013, 19:02
| #5 |
| | Avast free Blockiert bei jedem Systemstart Maleware Hi Combofix ist durch gelaufen, hatte das Avast nur bis zum nächsten Neustart deaktiviert, wusste nicht das Combofix von alleine neustartet und dann noch weiter arbeitet, ich hoffe das macht nichts. Mir ist aufgefallen das in der 1. Zeile unter Weiter Löschungen der Benutzer anders ist in allen anderen Zeile: c:\Vorname Nachname\ in der Zeile: nur der Vorname alles groß geschrieben letzte Buchstabe fehlt und dann die Wellenliene1 c:\users\******~1\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll Code:
ATTFilter ComboFix 13-05-11.01 - ******* 11.05.2013 19:29:56.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4040.2472 [GMT 2:00]
ausgeführt von:: c:\users\******\Desktop\Vierus\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\******~1\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
c:\users\******\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll
c:\windows\s.bat
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\System32\MASetupCleaner.exe
c:\windows\SysWow64\System32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-11 bis 2013-05-11 ))))))))))))))))))))))))))))))
.
.
2013-05-10 17:09 . 2013-05-10 17:09 -------- d-----w- c:\users\******\AppData\Roaming\Malwarebytes
2013-05-10 17:08 . 2013-05-10 17:08 -------- d-----w- c:\programdata\Malwarebytes
2013-05-04 10:50 . 2013-05-04 10:50 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-05-04 10:50 . 2013-05-04 10:50 -------- d-----w- c:\windows\SysWow64\Extensions
2013-05-04 10:50 . 2013-05-04 10:50 -------- d-----w- c:\programdata\BrowserProtect
2013-05-04 10:50 . 2013-05-04 10:50 -------- d-----w- c:\program files (x86)\Delta
2013-05-04 10:50 . 2013-05-04 10:50 -------- d-----w- c:\users\******\AppData\Roaming\Babylon
2013-05-04 10:50 . 2013-05-04 10:50 -------- d-----w- c:\programdata\Babylon
2013-05-04 10:50 . 2013-05-04 10:50 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2013-05-04 10:50 . 2013-05-04 10:50 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2013-04-24 16:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 17:07 . 2013-04-23 17:07 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-09 12:30 . 2010-06-24 11:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-12 15:26 . 2012-04-01 11:22 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 15:26 . 2011-12-19 18:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 16:32 . 2011-12-19 18:32 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 03:35 . 2013-03-20 18:38 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-20 18:38 . 2013-03-20 18:38 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-20 18:38 . 2013-03-20 18:38 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 16:23 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 16:23 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 16:23 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 16:23 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 16:23 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 16:23 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-06 23:33 . 2013-03-13 20:34 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-06 23:33 . 2013-03-13 20:34 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-06 23:33 . 2012-02-25 08:50 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-06 23:33 . 2011-12-19 18:22 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-06 23:33 . 2011-12-19 18:21 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-06 23:33 . 2011-12-19 18:21 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33 . 2011-12-19 18:22 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-06 23:33 . 2011-12-19 18:21 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32 . 2011-12-19 18:21 41664 ----a-w- c:\windows\avastSS.scr
2013-03-06 23:32 . 2011-12-19 18:21 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-01 03:36 . 2013-04-10 16:23 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 06:57 . 2013-04-11 16:30 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-11 16:30 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-11 16:30 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-11 16:30 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-11 16:30 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-11 16:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-11 16:30 237056 ----a-w- c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-11 16:30 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-11 16:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-11 16:30 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-11 16:30 816640 ----a-w- c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-11 16:30 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-11 16:30 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-11 16:30 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-11 16:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-11 16:30 248320 ----a-w- c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-11 16:30 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-11 16:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-11 16:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-11 16:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-11 16:30 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-11 16:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-15 06:08 . 2013-04-10 16:23 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 16:23 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 16:23 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 16:23 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 16:23 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 16:23 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-02-12 05:45 . 2013-03-15 16:21 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-15 16:21 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-15 16:21 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-15 16:21 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-15 16:21 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-15 16:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:47 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-03-13 11:00 251288 ----a-w- c:\program files (x86)\Delta\delta\1.8.16.16\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll" [2013-03-13 325016]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]
"YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488]
"VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-08-25 329056]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-24 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-02-18 283160]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-08-31 907040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 32 (0x20)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261249~1.132\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TrueImageMonitor.exe"=c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 aswVmm;aswVmm; [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-09-30 299520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswRvrt;aswRvrt; [x]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-25 57952]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-25 39008]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-25 13408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-25 203776]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-03-22 2787280]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-25 29792]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-15 349224]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-15 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-01-28 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-10-21 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [2010-11-21 184960]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 15:26]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 11:31]
.
2013-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 11:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-08-25 11:38 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-25 418840]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-25 114688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-25 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-25 391704]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-08-25 5908928]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-08-25 9753024]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/?rlz=1W4CHBA_deDE534
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} - hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Toolbar-Locked - (no file)
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\schtasks.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-05-11 19:42:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-05-11 17:42
.
Vor Suchlauf: 8 Verzeichnis(se), 641.754.329.088 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 645.083.078.656 Bytes frei
.
- - End Of File - - 50D72C86ACC25FE2F07FC205782A71AE
|
|
11.05.2013, 19:20
| #6 |
| /// Malware-holic | Avast free Blockiert bei jedem Systemstart Maleware hi evtl. 2 nutzerkonten auf dem PC? malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Avast free Blockiert bei jedem Systemstart Maleware |
|
12.05.2013, 11:06
| #7 |
| | Avast free Blockiert bei jedem Systemstart Maleware Hallo Malewarebytes hat nichts gefunden. Ein zweites Benutzerkonto habe ich nicht auf dem Rechner, ich hatte vor ca. 2 Jahren mal ein Gastkonto angelegt Neu ist, wenn ich von einer auf eine andere Internetseite wechsel eine Warnug kommt: "Sie sind im Begriff eine Seite über eine sichere Verbindung anzeigen zu lassen....." wenn ich die mit x schließe kommt die noch zwei oder drei mal wieder. Log Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.12.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ****** :: ****** [Administrator] Schutz: Deaktiviert 12.05.2013 11:07:24 mbam-log-2013-05-12 (11-07-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 387547 Laufzeit: 35 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.05.2013, 13:02
| #8 |
| /// Malware-holic | Avast free Blockiert bei jedem Systemstart Maleware Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.05.2013, 17:15
| #9 |
| | Avast free Blockiert bei jedem Systemstart Maleware Hallo, Code:
ATTFilter Acronis*True*Image*Home Acronis 20.12.2011 291MB 11.0.8010 unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.04.2013 6,00MB 11.7.700.169 notwendig Adobe Reader X (10.1.6) - Deutsch Adobe Systems Incorporated 18.03.2013 121MB 10.1.6 notwendig Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 25.08.2011 1.0.0.36 unbekannt ATI Catalyst Install Manager ATI Technologies, Inc. 25.08.2011 22,4MB 3.0.808.0 unbekannt ATI Uninstaller ATI Technologies, Inc. 25.08.2011 8.813.3.2-110324a-116588C-Lenovo unbekannt Audacity 2.0.3 Audacity Team 25.02.2013 44,1MB 2.0.3 notwendig avast! Free Antivirus AVAST Software 13.03.2013 8.0.1483.0 notwendig BrowserProtect Bit89 Inc 04.05.2013 unbekant BURY_Update_Manager 1.2.9 BURY Gmbh & Co. KG, Inc. 08.03.2012 unnötig CCleaner Piriform 23.04.2013 4.01 notwendig Conexant HD Audio Conexant 25.08.2011 8.54.1.0 unbekannt Delta toolbar Delta 04.05.2013 1.8.16.16 unbekannt Energy Management Lenovo 25.08.2011 16,8MB 6.0.2.0 unbekannt Free YouTube to MP3 Converter version 3.12.2.430 DVDVideoSoft Ltd. 04.05.2013 78,7MB 3.12.2.430 notwendig FreePDF (Remove only) 19.12.2011 unbekant Google Earth Google 28.03.2013 173MB 7.0.3.8542 notwendig GPL Ghostscript Artifex Software Inc. 19.12.2011 9.04 unbekannt Intel(R) Control Center Intel Corporation 20.12.2011 1.2.1.1007 unbekannt Intel(R) Display Audio Driver Intel Corporation 20.12.2011 6.14.00.3074 unbekannt Intel(R) Management Engine Components Intel Corporation 20.12.2011 7.0.0.1144 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 20.12.2011 10.1.5.1001 unbekannt IZArc 4.1.6 Ivan Zahariev 19.12.2011 13,3MB 4.1.6 unbekannt Java 7 Update 21 Oracle 20.03.2013 129MB 7.0.210 notwendig Lenovo Bluetooth with Enhanced Data Rate Software Broadcom Corporation 25.08.2011 183MB 6.3.0.7400 unbekannt Lenovo EasyCamera Lenovo EasyCamera 25.08.2011 1,92MB 1.10.1209.1 unbekannt Lenovo EE Boot Optimizer Lenovo 25.08.2011 0.0.1.6 unbekannt Lenovo Games Console Oberon Media Inc. 25.08.2011 1.2.6.436 unbekannt Lenovo OneKey Recovery CyberLink Corp. 25.08.2011 7.0.1628 unbekannt Lenovo YouCam CyberLink Corp. 25.08.2011 135MB 3.1.3728 unbekannt Lenovo_Wireless_Driver Lenovo 25.08.2011 1.02.01 unbekannt Logitech SetPoint 6.32 Logitech 19.12.2011 39,0MB 6.32.20 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 12.05.2013 19,2MB 1.75.0.1300 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 30.12.2011 38,8MB 4.0.30320 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 30.12.2011 2,93MB 4.0.30320 unbekannt Microsoft Office Standard 2010 Microsoft Corporation 15.02.2012 14.0.6029.1000 notwendig Microsoft Silverlight Microsoft Corporation 15.03.2013 100MB 5.1.20125.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 25.08.2011 1,69MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 250KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.12.2011 300KB 8.0.61001 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 19.12.2011 788KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 30.12.2011 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 19.12.2011 592KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 19.12.2011 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 19.12.2011 13,7MB 10.0.30319 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 19.12.2011 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 19.12.2011 1,33MB 4.20.9876.0 unbekannt MyPhoneExplorer F.J. Wechselberger 11.02.2013 1.8.4 notwendig Nero 9 Nero AG 19.12.2011 notwendig OneKey Recovery CyberLink Corp. 20.12.2011 7.0.1628 unbekannt Power2Go CyberLink Corp. 25.08.2011 5.6.0.7303 unbekannt Realtek USB 2.0 Reader Driver Realtek Semiconductor Corp. 25.08.2011 6.1.7600.10003 unbekannt RedMon - Redirection Port Monitor 19.12.2011 unbekannt Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 25.08.2011 1,00MB 2.0.32.0 unbekannt Samsung Kies Samsung Electronics Co., Ltd. 22.12.2011 203MB 2.1.0.11112_41 notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 08.05.2012 42,9MB 1.5.4.0 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 25.08.2011 46,4MB 15.3.0.0 unbekannt Tradesignal Online Chart Tradesignal GmbH 16.04.2012 11,0MB 6.3.7.117 notwendig UserGuide Lenovo 25.08.2011 51,3MB 1.0.0.6 unbekannt VeriFace Lenovo 25.08.2011 4.0.0.1224 unbekannt Windows Live Essentials Microsoft Corporation 25.08.2011 15.4.3508.1109 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 25.08.2011 5,57MB 15.4.5722.2 unbekannt Windows-Treiberpaket - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) Lenovo 25.08.2011 12/02/2010 6.1.0.1 unbekannt YTD Video Downloader 3.9.6 GreenTree Applications SRL 18.02.2013 3.9.6 notwendig |
|
13.05.2013, 17:20
| #10 |
| /// Malware-holic | Avast free Blockiert bei jedem Systemstart Maleware b deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: BrowserProtect BURY_Update_Manager Delta FreePDF Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Windows Live : alle von dir nicht benötigten. Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.05.2013, 18:24
| #11 |
| | Avast free Blockiert bei jedem Systemstart Maleware Hallo, wie gewünscht Programme deinstaliert Adobe Flaschplayer Adobe Reader und Java wieder installiert danach den PC neu gestartet es kam keine Warnung von Avast anschließend CCleaner gestartet und Neustart wieder keine Warnung von Avast Dann ADWCleaner runtergeladen da kam beim wechsel der Internetseiten wieder die Meldung: Sie sind im Begriff eine Seite über eine Sichere Verbindung........... Nach dem ADWCleaner durchgelaufen ist kommt auch die Meldung nicht mehr Log Code:
ATTFilter # AdwCleaner v2.300 - Datei am 13/05/2013 um 19:08:44 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : ********* - ********
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\********\Desktop\Vierus\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\********\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\********\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\********\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5c578bd8b33fe847
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [2357 octets] - [13/05/2013 19:08:44]
########## EOF - C:\AdwCleaner[S1].txt - [2417 octets] ##########
|
|
13.05.2013, 18:26
| #12 |
| /// Malware-holic | Avast free Blockiert bei jedem Systemstart Maleware Sieht doch schon mal gut aus. neustarten. HitmanPro - Download - Filepony Hitmanpro laden, doppelklicken, Scan. Nichts löschen. Auf weiter, Log als xml exportieren und posten, bzw packen und anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.05.2013, 18:56
| #13 |
| | Avast free Blockiert bei jedem Systemstart Maleware Hallo, als ich auf den Download link für Hitmanpro geklickt habe kam wieder die Warnung "Sichere Verbindung....." die habe ich mit OK bestätigt und dann kam die Meldung "Sie wollen eine sichere Verbindung verlassen........" Das sind immer Meldungen vom Internetexplorer nicht von Avast Log Code:
ATTFilter
|
|
13.05.2013, 18:59
| #14 |
| /// Malware-holic | Avast free Blockiert bei jedem Systemstart Maleware hi da müsste doch ein haken sein, nicht mehr anzeigen. lösche mal alle hitmanpro funde, und starte neu, dann neues otl log bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.05.2013, 19:59
| #15 |
| | Avast free Blockiert bei jedem Systemstart Maleware Hallo, weiß grade nicht was verkehrt läuft OTL müssten doch 2 Logs sein. Habe das jetzt schon 3 mal durchlaufen lassen und bekomme immer nur ein Log. Code:
ATTFilter OTL logfile created on: 13.05.2013 20:42:04 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*********\Desktop\Vierus 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,95 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 60,25% Memory free 7,89 Gb Paging File | 6,15 Gb Available in Paging File | 78,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 654,69 Gb Total Space | 603,48 Gb Free Space | 92,18% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 26,47 Gb Free Space | 91,29% Space Free | Partition Type: NTFS Computer Name: ******** | User Name: ******** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.13 17:42:44 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013.05.11 11:51:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\********\Desktop\Vierus\OTL.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.03.07 01:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.05.04 07:37:00 | 003,521,424 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2011.08.25 13:38:43 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.02.18 10:20:50 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.01.29 01:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.14 20:04:58 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2007.08.31 20:49:58 | 000,498,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe PRC - [2007.08.31 19:43:32 | 000,907,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.05.11 19:37:16 | 000,115,137 | ---- | M] () -- C:\Users\*******\AppData\Local\Temp\c25e8b3d-33a7-42bf-85e6-6880c6753136\CliSecureRT.dll MOD - [2013.02.15 17:39:15 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.02.15 17:17:31 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e963e9f51746f8e23837be7760e187c6\System.Windows.Forms.ni.dll MOD - [2013.01.21 22:18:03 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\5d5b1b0c6e8a714de39a06e3b61f35fe\System.Management.ni.dll MOD - [2013.01.21 21:50:28 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b454f5723ec86048063fe19d4267d9e8\System.Runtime.Remoting.ni.dll MOD - [2013.01.21 21:50:22 | 001,812,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.21 10:53:19 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7b0ad24d45e2a3f5f54f5f71748d8545\IAStorUtil.ni.dll MOD - [2013.01.21 10:53:19 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8c4058d017d39a61458f635112f4e394\IAStorCommon.ni.dll MOD - [2013.01.21 10:05:51 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.21 10:05:27 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.21 10:05:17 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.21 10:05:13 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.21 10:05:11 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.21 10:05:10 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.21 10:05:06 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.01.21 09:43:58 | 018,022,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.21 09:43:47 | 011,522,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.21 09:43:40 | 007,070,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.21 09:43:39 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.21 09:43:36 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.21 09:43:35 | 003,883,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.21 09:43:32 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\78ecbee4a7444353dce52afb9d9d795c\System.Drawing.ni.dll MOD - [2013.01.21 09:43:32 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\60674dde4b56087c189f576f36f6720f\PresentationFramework.Aero.ni.dll MOD - [2013.01.21 09:43:31 | 009,095,168 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.21 09:43:26 | 014,416,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.05.04 07:37:10 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2011.08.25 13:38:42 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2011.08.25 04:40:13 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.08.31 18:13:50 | 001,336,600 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\fox.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.03.25 04:53:28 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.05.13 18:41:52 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.07 01:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.02.18 10:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.12.21 04:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 04:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.14 20:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.05.18 16:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.08.31 20:49:58 | 000,498,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007.08.31 19:38:24 | 000,599,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2013.03.07 01:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.03.07 01:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.03.07 01:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.03.07 01:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.03.07 01:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.03.07 01:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.03.07 01:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.03.07 01:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2011.12.20 20:49:21 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011.12.20 20:49:21 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2011.12.20 20:49:21 | 000,229,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2011.12.20 20:49:21 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.08.25 13:48:01 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2011.08.25 13:48:00 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2011.08.25 13:45:24 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2011.08.25 13:45:24 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2011.08.25 04:51:53 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.08.25 04:51:53 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.04.08 03:59:58 | 001,430,576 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.26 00:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2011.03.25 12:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.25 07:34:40 | 008,284,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.03.25 04:17:36 | 000,296,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.02.14 06:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.01.29 01:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.12.15 05:13:31 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2010.12.15 05:13:09 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.12.15 05:13:08 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.12.15 05:13:07 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.12.15 05:13:06 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.12.10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.28 12:16:24 | 004,716,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.10.21 08:57:30 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.30 10:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/?rlz=1W4CHBA_deDE534 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2013.05.04 12:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2013.05.11 19:36:58 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 32 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll File not found O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung) O16 - DPF: {439B6D3C-A359-4D73-8515-2AFE8CF90C08} hxxp://www.tradesignalonline.com/charts/bin/axts5we.cab (TS4WCtrl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05064740-15A5-4F0C-A964-9BE85A249434}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8BB9AA0-17CE-44B4-8493-50B3E732CE9C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browserprotect.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.13 19:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.05.13 18:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.05.13 18:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.05.13 18:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.05.13 18:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.05.13 17:46:32 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.05.12 11:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.12 11:05:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.05.12 11:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.11 19:37:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.11 19:35:14 | 000,000,000 | ---D | C] -- C:\windows\temp [2013.05.11 19:28:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013.05.11 19:28:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013.05.11 19:28:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013.05.11 19:28:04 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.11 19:27:49 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013.05.11 11:32:39 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Vierus [2013.05.10 19:09:09 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Malwarebytes [2013.05.10 19:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.04 12:50:48 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\searchplugins [2013.05.04 12:50:48 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Extensions [2013.05.04 12:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.04 12:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.05.04 12:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.04.29 21:32:23 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Wasser [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.13 20:25:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.05.13 20:09:37 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 20:09:37 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 20:08:55 | 001,507,406 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.05.13 20:08:55 | 000,657,910 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.05.13 20:08:55 | 000,619,146 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.05.13 20:08:55 | 000,131,250 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.05.13 20:08:55 | 000,107,466 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.05.13 20:02:24 | 000,147,101 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2013.05.13 20:01:56 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.13 20:01:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.05.13 19:47:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.13 18:45:13 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.13 17:46:33 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.12 11:05:23 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.11 19:36:58 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013.05.11 11:47:32 | 000,000,000 | ---- | M] () -- C:\Users\*******\defogger_reenable [2013.05.04 12:50:33 | 000,001,405 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013.05.04 12:50:33 | 000,001,246 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2013.04.16 20:41:35 | 000,121,163 | ---- | M] () -- C:\Users\*********\Desktop\gw_lh_20130416_2041.pdf [2013.04.16 20:37:44 | 000,110,703 | ---- | M] () -- C:\Users\*********\Desktop\file_download.pdf [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.13 18:45:13 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.05.13 18:45:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.05.13 18:41:53 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.05.13 17:46:33 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.05.12 11:05:23 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.11 19:28:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013.05.11 19:28:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013.05.11 19:28:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013.05.11 19:28:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013.05.11 19:28:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013.05.11 11:47:32 | 000,000,000 | ---- | C] () -- C:\Users\*******\defogger_reenable [2013.04.16 20:41:35 | 000,121,163 | ---- | C] () -- C:\Users\*******\Desktop\gw_lh_20130416_2041.pdf [2013.04.16 20:37:44 | 000,110,703 | ---- | C] () -- C:\Users\*******\Desktop\file_download.pdf [2013.04.14 17:21:03 | 000,001,246 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk [2012.04.30 12:20:47 | 000,000,071 | ---- | C] () -- C:\windows\KTEL.INI [2012.02.01 20:21:32 | 000,000,017 | ---- | C] () -- C:\Users\********\AppData\Local\resmon.resmoncfg [2011.12.22 20:35:46 | 001,526,948 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011.08.25 13:53:59 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin [2011.08.25 13:53:59 | 000,000,512 | ---- | C] () -- C:\windows\current.bin [2011.08.25 13:38:46 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2011.08.25 13:38:46 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2011.08.25 13:38:46 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2011.08.25 13:38:46 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2011.08.25 13:38:41 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2011.08.25 13:28:48 | 000,089,328 | ---- | C] () -- C:\windows\un_dext.exe [2011.08.25 13:28:48 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe [2011.08.25 13:28:48 | 000,003,566 | ---- | C] () -- C:\windows\Dext_09.ini [2011.08.25 13:28:48 | 000,002,998 | ---- | C] () -- C:\windows\Dext_04.ini [2011.08.25 13:28:48 | 000,002,790 | ---- | C] () -- C:\windows\Dext_2052.ini [2011.08.25 13:28:48 | 000,002,507 | ---- | C] () -- C:\windows\Remove.ini [2011.08.25 13:24:03 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll [2011.08.25 13:15:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011.08.25 13:12:34 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2011.08.25 13:09:34 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011.08.25 13:07:19 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.08.25 13:07:18 | 000,216,876 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.08.25 13:07:18 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.03 22:16:45 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Audacity [2013.05.04 12:50:15 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\DVDVideoSoft [2013.05.13 18:34:38 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\FreePDF [2012.04.30 12:20:30 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\klickTel [2011.12.19 22:21:57 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Leadertech [2013.03.31 15:51:16 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\MyPhoneExplorer [2011.12.22 22:53:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\Samsung [2011.12.30 20:52:18 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\tradesignal [2012.11.12 21:44:26 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > |
|
| Themen zu Avast free Blockiert bei jedem Systemstart Maleware |
| antivirus, aswrvrt.sys, beschädigung, bho, blockiert, converter, desktop, error, failed, firefox, flash player, google, helper, home, igdpmd64.sys, install.exe, intranet, logfile, maleware, mp3, object, plug-in, problem, realtek, registry, scan, security, software, svchost.exe, system, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
