|
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner eingefangen...Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.05.2013, 23:38 | #16 |
| GVU Trojaner eingefangen... Hallo, TDSSKILLER ist gelaufen. Hier das Log: 00:35:04.0243 2644 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 00:35:04.0373 2644 ============================================================ 00:35:04.0373 2644 Current date / time: 2013/05/15 00:35:04.0373 00:35:04.0373 2644 SystemInfo: 00:35:04.0373 2644 00:35:04.0373 2644 OS Version: 6.1.7601 ServicePack: 1.0 00:35:04.0373 2644 Product type: Workstation 00:35:04.0373 2644 ComputerName: CE05278 00:35:04.0373 2644 UserName: ****** 00:35:04.0373 2644 Windows directory: C:\WINDOWS 00:35:04.0373 2644 System windows directory: C:\WINDOWS 00:35:04.0373 2644 Processor architecture: Intel x86 00:35:04.0373 2644 Number of processors: 4 00:35:04.0373 2644 Page size: 0x1000 00:35:04.0373 2644 Boot type: Normal boot 00:35:04.0373 2644 ============================================================ 00:35:04.0870 2644 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050 00:35:04.0872 2644 ============================================================ 00:35:04.0872 2644 \Device\Harddisk0\DR0: 00:35:04.0872 2644 MBR partitions: 00:35:04.0872 2644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800 00:35:04.0872 2644 ============================================================ 00:35:04.0898 2644 C: <-> \Device\Harddisk0\DR0\Partition1 00:35:04.0899 2644 ============================================================ 00:35:04.0899 2644 Initialize success 00:35:04.0899 2644 ============================================================ 00:35:51.0144 2720 ============================================================ 00:35:51.0144 2720 Scan started 00:35:51.0144 2720 Mode: Manual; SigCheck; TDLFS; 00:35:51.0144 2720 ============================================================ 00:35:51.0823 2720 ================ Scan system memory ======================== 00:35:51.0823 2720 System memory - ok 00:35:51.0823 2720 ================ Scan services ============================= 00:35:51.0987 2720 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\WINDOWS\system32\drivers\1394ohci.sys 00:35:52.0083 2720 1394ohci - ok 00:35:52.0117 2720 [ A3AC25D2C9EEB18384A88DEB392C355D ] 5U877 C:\WINDOWS\system32\DRIVERS\5U877.sys 00:35:52.0145 2720 5U877 - ok 00:35:52.0187 2720 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys 00:35:52.0203 2720 ACPI - ok 00:35:52.0235 2720 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\WINDOWS\system32\drivers\acpipmi.sys 00:35:52.0272 2720 AcpiPmi - ok 00:35:52.0312 2720 [ 8C729FF9B5C47730EA54E841E2D8B617 ] acsock C:\WINDOWS\system32\DRIVERS\acsock.sys 00:35:52.0336 2720 acsock - ok 00:35:52.0463 2720 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 00:35:52.0473 2720 AdobeARMservice - ok 00:35:52.0514 2720 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\WINDOWS\system32\DRIVERS\adp94xx.sys 00:35:52.0553 2720 adp94xx - ok 00:35:52.0570 2720 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\WINDOWS\system32\DRIVERS\adpahci.sys 00:35:52.0635 2720 adpahci - ok 00:35:52.0668 2720 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys 00:35:52.0689 2720 adpu320 - ok 00:35:52.0714 2720 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll 00:35:52.0746 2720 AeLookupSvc - ok 00:35:52.0794 2720 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\WINDOWS\system32\drivers\afd.sys 00:35:52.0853 2720 AFD - ok 00:35:53.0002 2720 [ 530772AAD100461044E8B3B304AB7A5D ] AgentService C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe 00:35:53.0184 2720 AgentService - ok 00:35:53.0229 2720 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\WINDOWS\system32\drivers\agp440.sys 00:35:53.0246 2720 agp440 - ok 00:35:53.0313 2720 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\WINDOWS\system32\DRIVERS\djsvs.sys 00:35:53.0332 2720 aic78xx - ok 00:35:53.0371 2720 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\WINDOWS\System32\alg.exe 00:35:53.0409 2720 ALG - ok 00:35:53.0455 2720 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\WINDOWS\system32\drivers\aliide.sys 00:35:53.0472 2720 aliide - ok 00:35:53.0517 2720 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\WINDOWS\system32\drivers\amdagp.sys 00:35:53.0537 2720 amdagp - ok 00:35:53.0571 2720 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\WINDOWS\system32\drivers\amdide.sys 00:35:53.0588 2720 amdide - ok 00:35:53.0614 2720 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\WINDOWS\system32\DRIVERS\amdk8.sys 00:35:53.0648 2720 AmdK8 - ok 00:35:53.0665 2720 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\WINDOWS\system32\DRIVERS\amdppm.sys 00:35:53.0717 2720 AmdPPM - ok 00:35:53.0771 2720 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys 00:35:53.0789 2720 amdsata - ok 00:35:53.0811 2720 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\WINDOWS\system32\DRIVERS\amdsbs.sys 00:35:53.0832 2720 amdsbs - ok 00:35:53.0848 2720 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys 00:35:53.0859 2720 amdxata - ok 00:35:53.0895 2720 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\WINDOWS\system32\drivers\appid.sys 00:35:53.0931 2720 AppID - ok 00:35:53.0948 2720 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll 00:35:53.0993 2720 AppIDSvc - ok 00:35:54.0034 2720 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\WINDOWS\System32\appinfo.dll 00:35:54.0075 2720 Appinfo - ok 00:35:54.0176 2720 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:35:54.0186 2720 Apple Mobile Device - ok 00:35:54.0233 2720 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 00:35:54.0263 2720 AppMgmt - ok 00:35:54.0302 2720 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\WINDOWS\system32\DRIVERS\arc.sys 00:35:54.0321 2720 arc - ok 00:35:54.0331 2720 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\WINDOWS\system32\DRIVERS\arcsas.sys 00:35:54.0378 2720 arcsas - ok 00:35:54.0455 2720 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 00:35:54.0492 2720 aspnet_state - ok 00:35:54.0508 2720 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 00:35:54.0556 2720 AsyncMac - ok 00:35:54.0603 2720 [ 338C86357871C167A96AB976519BF59E ] atapi C:\WINDOWS\system32\drivers\atapi.sys 00:35:54.0621 2720 atapi - ok 00:35:54.0659 2720 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\WINDOWS\System32\Audiosrv.dll 00:35:54.0697 2720 AudioEndpointBuilder - ok 00:35:54.0704 2720 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll 00:35:54.0731 2720 Audiosrv - ok 00:35:54.0766 2720 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll 00:35:54.0795 2720 AxInstSV - ok 00:35:54.0828 2720 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\WINDOWS\system32\DRIVERS\bxvbdx.sys 00:35:54.0871 2720 b06bdrv - ok 00:35:54.0888 2720 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\WINDOWS\system32\DRIVERS\b57nd60x.sys 00:35:54.0930 2720 b57nd60x - ok 00:35:54.0981 2720 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\WINDOWS\System32\bdesvc.dll 00:35:55.0023 2720 BDESVC - ok 00:35:55.0035 2720 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 00:35:55.0070 2720 Beep - ok 00:35:55.0121 2720 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\WINDOWS\System32\bfe.dll 00:35:55.0158 2720 BFE - ok 00:35:55.0194 2720 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\WINDOWS\System32\qmgr.dll 00:35:55.0243 2720 BITS - ok 00:35:55.0263 2720 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\WINDOWS\system32\DRIVERS\blbdrive.sys 00:35:55.0287 2720 blbdrive - ok 00:35:55.0351 2720 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 00:35:55.0365 2720 Bonjour Service - ok 00:35:55.0397 2720 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys 00:35:55.0410 2720 bowser - ok 00:35:55.0433 2720 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\WINDOWS\system32\DRIVERS\BrFiltLo.sys 00:35:55.0479 2720 BrFiltLo - ok 00:35:55.0489 2720 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\WINDOWS\system32\DRIVERS\BrFiltUp.sys 00:35:55.0532 2720 BrFiltUp - ok 00:35:55.0567 2720 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\WINDOWS\System32\browser.dll 00:35:55.0589 2720 Browser - ok 00:35:55.0604 2720 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\WINDOWS\System32\Drivers\Brserid.sys 00:35:55.0637 2720 Brserid - ok 00:35:55.0649 2720 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\WINDOWS\System32\Drivers\BrSerWdm.sys 00:35:55.0683 2720 BrSerWdm - ok 00:35:55.0705 2720 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\WINDOWS\System32\Drivers\BrUsbMdm.sys 00:35:55.0734 2720 BrUsbMdm - ok 00:35:55.0749 2720 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\WINDOWS\System32\Drivers\BrUsbSer.sys 00:35:55.0795 2720 BrUsbSer - ok 00:35:55.0835 2720 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\WINDOWS\system32\drivers\BthEnum.sys 00:35:55.0880 2720 BthEnum - ok 00:35:55.0904 2720 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys 00:35:55.0935 2720 BTHMODEM - ok 00:35:55.0953 2720 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys 00:35:55.0990 2720 BthPan - ok 00:35:56.0010 2720 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys 00:35:56.0046 2720 BTHPORT - ok 00:35:56.0082 2720 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\WINDOWS\system32\bthserv.dll 00:35:56.0131 2720 bthserv - ok 00:35:56.0159 2720 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys 00:35:56.0185 2720 BTHUSB - ok 00:35:56.0204 2720 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\WINDOWS\system32\DRIVERS\btwavdt.sys 00:35:56.0224 2720 btwavdt - ok 00:35:56.0235 2720 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\WINDOWS\system32\DRIVERS\btwrchid.sys 00:35:56.0250 2720 btwrchid - ok 00:35:56.0307 2720 [ 73F7E0619D6CE8480F3A575619FC974F ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 00:35:56.0317 2720 ccEvtMgr - ok 00:35:56.0390 2720 [ A454A9BAA25B8C8E76735DD86BD4B017 ] CcmExec C:\WINDOWS\system32\CCM\CcmExec.exe 00:35:56.0413 2720 CcmExec - ok 00:35:56.0431 2720 [ 73F7E0619D6CE8480F3A575619FC974F ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 00:35:56.0440 2720 ccSetMgr - ok 00:35:56.0469 2720 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys 00:35:56.0513 2720 cdfs - ok 00:35:56.0570 2720 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 00:35:56.0658 2720 cdrom - ok 00:35:56.0693 2720 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\WINDOWS\System32\certprop.dll 00:35:56.0732 2720 CertPropSvc - ok 00:35:56.0767 2720 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\WINDOWS\system32\DRIVERS\circlass.sys 00:35:56.0790 2720 circlass - ok 00:35:56.0814 2720 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\WINDOWS\system32\CLFS.sys 00:35:56.0830 2720 CLFS - ok 00:35:56.0855 2720 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:35:56.0890 2720 clr_optimization_v2.0.50727_32 - ok 00:35:56.0907 2720 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys 00:35:56.0920 2720 CmBatt - ok 00:35:56.0958 2720 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\WINDOWS\system32\drivers\cmdide.sys 00:35:56.0975 2720 cmdide - ok 00:35:57.0012 2720 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\WINDOWS\system32\Drivers\cng.sys 00:35:57.0035 2720 CNG - ok 00:35:57.0084 2720 [ A0CDCA3E0936081C796B3A2059CDC940 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT32.sys 00:35:57.0102 2720 CnxtHdAudService - ok 00:35:57.0114 2720 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys 00:35:57.0125 2720 Compbatt - ok 00:35:57.0172 2720 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\WINDOWS\system32\drivers\CompositeBus.sys 00:35:57.0199 2720 CompositeBus - ok 00:35:57.0212 2720 COMSysApp - ok 00:35:57.0285 2720 [ CD58FB9264F97BBB45C4154C61D9BDDD ] cpextender C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe 00:35:57.0302 2720 cpextender - ok 00:35:57.0319 2720 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\WINDOWS\system32\DRIVERS\crcdisk.sys 00:35:57.0336 2720 crcdisk - ok 00:35:57.0381 2720 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll 00:35:57.0403 2720 CryptSvc - ok 00:35:57.0436 2720 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\WINDOWS\system32\drivers\csc.sys 00:35:57.0468 2720 CSC - ok 00:35:57.0511 2720 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\WINDOWS\System32\cscsvc.dll 00:35:57.0532 2720 CscService - ok 00:35:57.0566 2720 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys 00:35:57.0599 2720 CVirtA - ok 00:35:57.0668 2720 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 00:35:57.0720 2720 CVPND - ok 00:35:57.0751 2720 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\WINDOWS\system32\Drivers\CVPNDRVA.sys 00:35:57.0771 2720 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 00:35:57.0771 2720 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 00:35:57.0811 2720 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 00:35:57.0854 2720 DcomLaunch - ok 00:35:57.0880 2720 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\WINDOWS\System32\defragsvc.dll 00:35:57.0931 2720 defragsvc - ok 00:35:57.0971 2720 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\WINDOWS\system32\Drivers\dfsc.sys 00:35:58.0007 2720 DfsC - ok 00:35:58.0073 2720 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll 00:35:58.0096 2720 Dhcp - ok 00:35:58.0113 2720 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\WINDOWS\system32\drivers\discache.sys 00:35:58.0150 2720 discache - ok 00:35:58.0175 2720 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 00:35:58.0187 2720 Disk - ok 00:35:58.0230 2720 [ 649B8029D3550C66E2DF09FFF4992705 ] DNE C:\WINDOWS\system32\DRIVERS\dnelwf.sys 00:35:58.0241 2720 DNE - ok 00:35:58.0268 2720 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 00:35:58.0300 2720 Dnscache - ok 00:35:58.0328 2720 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\WINDOWS\System32\dot3svc.dll 00:35:58.0370 2720 dot3svc - ok 00:35:58.0395 2720 [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD C:\WINDOWS\system32\DRIVERS\DozeHDD.sys 00:35:58.0404 2720 DozeHDD - ok 00:35:58.0431 2720 [ 092AE9D762B115A2A05BE187BC3FFAB7 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE 00:35:58.0491 2720 DozeSvc - ok 00:35:58.0527 2720 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\WINDOWS\system32\dps.dll 00:35:58.0570 2720 DPS - ok 00:35:58.0603 2720 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 00:35:58.0622 2720 drmkaud - ok 00:35:58.0653 2720 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys 00:35:58.0679 2720 DXGKrnl - ok 00:35:58.0698 2720 [ CF0A6015F437161698C5B2A0A12CF052 ] e1express C:\WINDOWS\system32\DRIVERS\e1e6032.sys 00:35:58.0735 2720 e1express - ok 00:35:58.0760 2720 [ A13F07A0422E4A04E7FF6F6F3B05E729 ] e1kexpress C:\WINDOWS\system32\DRIVERS\e1k6232.sys 00:35:58.0773 2720 e1kexpress - ok 00:35:58.0806 2720 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\WINDOWS\System32\eapsvc.dll 00:35:58.0842 2720 EapHost - ok 00:35:58.0904 2720 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\WINDOWS\system32\DRIVERS\evbdx.sys 00:35:59.0100 2720 ebdrv - ok 00:35:59.0142 2720 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 00:35:59.0156 2720 eeCtrl - ok 00:35:59.0181 2720 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\WINDOWS\System32\lsass.exe 00:35:59.0203 2720 EFS - ok 00:35:59.0255 2720 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\WINDOWS\ehome\ehRecvr.exe 00:35:59.0346 2720 ehRecvr - ok 00:35:59.0370 2720 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\WINDOWS\ehome\ehsched.exe 00:35:59.0418 2720 ehSched - ok 00:35:59.0456 2720 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\WINDOWS\system32\DRIVERS\elxstor.sys 00:35:59.0494 2720 elxstor - ok 00:35:59.0563 2720 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 00:35:59.0573 2720 EraserUtilRebootDrv - ok 00:35:59.0601 2720 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\WINDOWS\system32\drivers\errdev.sys 00:35:59.0630 2720 ErrDev - ok 00:35:59.0654 2720 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\WINDOWS\system32\es.dll 00:35:59.0693 2720 EventSystem - ok 00:35:59.0706 2720 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\WINDOWS\system32\drivers\exfat.sys 00:35:59.0750 2720 exfat - ok 00:35:59.0763 2720 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys 00:35:59.0794 2720 fastfat - ok 00:35:59.0845 2720 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\WINDOWS\system32\fxssvc.exe 00:35:59.0871 2720 Fax - ok 00:35:59.0893 2720 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 00:35:59.0913 2720 fdc - ok 00:35:59.0939 2720 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\WINDOWS\system32\fdPHost.dll 00:36:00.0015 2720 fdPHost - ok 00:36:00.0037 2720 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\WINDOWS\system32\fdrespub.dll 00:36:00.0080 2720 FDResPub - ok 00:36:00.0093 2720 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys 00:36:00.0105 2720 FileInfo - ok 00:36:00.0122 2720 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys 00:36:00.0154 2720 Filetrace - ok 00:36:00.0162 2720 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 00:36:00.0191 2720 flpydisk - ok 00:36:00.0215 2720 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 00:36:00.0229 2720 FltMgr - ok 00:36:00.0261 2720 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\WINDOWS\system32\FntCache.dll 00:36:00.0300 2720 FontCache - ok 00:36:00.0359 2720 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 00:36:00.0369 2720 FontCache3.0.0.0 - ok 00:36:00.0378 2720 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys 00:36:00.0397 2720 FsDepends - ok 00:36:00.0425 2720 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 00:36:00.0436 2720 Fs_Rec - ok 00:36:00.0472 2720 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys 00:36:00.0489 2720 fvevol - ok 00:36:00.0531 2720 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 00:36:00.0550 2720 gagp30kx - ok 00:36:00.0605 2720 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 00:36:00.0613 2720 GEARAspiWDM - ok 00:36:00.0652 2720 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\WINDOWS\System32\gpsvc.dll 00:36:00.0705 2720 gpsvc - ok 00:36:00.0793 2720 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 00:36:00.0804 2720 gupdate - ok 00:36:00.0815 2720 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 00:36:00.0824 2720 gupdatem - ok 00:36:00.0893 2720 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 00:36:00.0921 2720 gusvc - ok 00:36:00.0953 2720 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\WINDOWS\system32\drivers\hcw85cir.sys 00:36:00.0977 2720 hcw85cir - ok 00:36:01.0028 2720 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys 00:36:01.0075 2720 HdAudAddService - ok 00:36:01.0107 2720 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\WINDOWS\system32\drivers\HDAudBus.sys 00:36:01.0132 2720 HDAudBus - ok 00:36:01.0163 2720 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\WINDOWS\system32\DRIVERS\HECI.sys 00:36:01.0198 2720 HECI - ok 00:36:01.0232 2720 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\WINDOWS\system32\DRIVERS\HidBatt.sys 00:36:01.0250 2720 HidBatt - ok 00:36:01.0265 2720 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\WINDOWS\system32\DRIVERS\hidbth.sys 00:36:01.0299 2720 HidBth - ok 00:36:01.0321 2720 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\WINDOWS\system32\DRIVERS\hidir.sys 00:36:01.0351 2720 HidIr - ok 00:36:01.0374 2720 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\WINDOWS\system32\hidserv.dll 00:36:01.0423 2720 hidserv - ok 00:36:01.0475 2720 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\WINDOWS\system32\drivers\hidusb.sys 00:36:01.0492 2720 HidUsb - ok 00:36:01.0530 2720 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll 00:36:01.0593 2720 hkmsvc - ok 00:36:01.0635 2720 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll 00:36:01.0682 2720 HomeGroupListener - ok 00:36:01.0712 2720 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll 00:36:01.0738 2720 HomeGroupProvider - ok 00:36:01.0783 2720 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys 00:36:01.0850 2720 HpSAMD - ok 00:36:01.0900 2720 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\WINDOWS\system32\XAudio32.dll 00:36:01.0919 2720 HsfXAudioService - ok 00:36:01.0941 2720 [ C761B4A8391F5E47F7C51A691CE773F4 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 00:36:01.0986 2720 HSF_DPV - ok 00:36:02.0000 2720 [ 50B42EF358A2E5363BE6B77138A22391 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 00:36:02.0022 2720 HSXHWAZL - ok 00:36:02.0061 2720 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys 00:36:02.0091 2720 HTTP - ok 00:36:02.0108 2720 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys 00:36:02.0118 2720 hwpolicy - ok 00:36:02.0162 2720 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys 00:36:02.0191 2720 i8042prt - ok 00:36:02.0217 2720 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys 00:36:02.0232 2720 iaStor - ok 00:36:02.0276 2720 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys 00:36:02.0356 2720 iaStorV - ok 00:36:02.0385 2720 [ 400D7095D5AE08970F839BCAC1843106 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 00:36:02.0394 2720 IBMPMDRV - ok 00:36:02.0424 2720 [ 06AF18300C5B511A3D85C3E0B7909C10 ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe 00:36:02.0432 2720 IBMPMSVC - ok 00:36:02.0514 2720 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 00:36:02.0541 2720 IDriverT ( UnsignedFile.Multi.Generic ) - warning 00:36:02.0541 2720 IDriverT - detected UnsignedFile.Multi.Generic (1) 00:36:02.0588 2720 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 00:36:02.0648 2720 idsvc - ok 00:36:02.0798 2720 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd32.sys 00:36:02.0993 2720 igfx - ok 00:36:03.0027 2720 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\WINDOWS\system32\DRIVERS\iirsp.sys 00:36:03.0045 2720 iirsp - ok 00:36:03.0069 2720 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\WINDOWS\System32\ikeext.dll 00:36:03.0129 2720 IKEEXT - ok 00:36:03.0155 2720 [ E3C36AC5AE87EC970AE8EA2A93D59AE1 ] Impcd C:\WINDOWS\system32\DRIVERS\Impcd.sys 00:36:03.0182 2720 Impcd - ok 00:36:03.0207 2720 [ 07D73EC613B1D3F177B914DC7F5E879B ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys 00:36:03.0235 2720 IntcDAud - ok 00:36:03.0268 2720 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\WINDOWS\system32\drivers\intelide.sys 00:36:03.0285 2720 intelide - ok 00:36:03.0319 2720 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 00:36:03.0345 2720 intelppm - ok 00:36:03.0366 2720 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\WINDOWS\system32\ipbusenum.dll 00:36:03.0497 2720 IPBusEnum - ok 00:36:03.0516 2720 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 00:36:03.0563 2720 IpFilterDriver - ok 00:36:03.0601 2720 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll 00:36:03.0630 2720 iphlpsvc - ok 00:36:03.0662 2720 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\WINDOWS\system32\drivers\IPMIDrv.sys 00:36:03.0696 2720 IPMIDRV - ok 00:36:03.0717 2720 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys 00:36:03.0758 2720 IPNAT - ok 00:36:03.0818 2720 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 00:36:03.0835 2720 iPod Service - ok 00:36:03.0864 2720 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys 00:36:03.0894 2720 IRENUM - ok 00:36:03.0921 2720 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys 00:36:03.0939 2720 isapnp - ok 00:36:03.0973 2720 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\WINDOWS\system32\drivers\msiscsi.sys 00:36:04.0001 2720 iScsiPrt - ok 00:36:04.0031 2720 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe 00:36:04.0040 2720 IviRegMgr - ok 00:36:04.0080 2720 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\WINDOWS\system32\drivers\kbdclass.sys 00:36:04.0091 2720 kbdclass - ok 00:36:04.0122 2720 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\WINDOWS\system32\drivers\kbdhid.sys 00:36:04.0149 2720 kbdhid - ok 00:36:04.0165 2720 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\WINDOWS\system32\lsass.exe 00:36:04.0177 2720 KeyIso - ok 00:36:04.0206 2720 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys 00:36:04.0218 2720 KSecDD - ok 00:36:04.0249 2720 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys 00:36:04.0262 2720 KSecPkg - ok 00:36:04.0290 2720 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\WINDOWS\system32\msdtckrm.dll 00:36:04.0343 2720 KtmRm - ok 00:36:04.0393 2720 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\WINDOWS\system32\srvsvc.dll 00:36:04.0443 2720 LanmanServer - ok 00:36:04.0472 2720 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll 00:36:04.0505 2720 LanmanWorkstation - ok 00:36:04.0557 2720 [ 70481DABD9ADAB51A6933C5893B82925 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 00:36:04.0565 2720 LENOVO.CAMMUTE - ok 00:36:04.0594 2720 [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 00:36:04.0601 2720 LENOVO.MICMUTE - ok 00:36:04.0609 2720 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys 00:36:04.0618 2720 lenovo.smi - ok 00:36:04.0625 2720 [ D0DAF6A22037F6DEE706A095C647AA41 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 00:36:04.0633 2720 LENOVO.TPKNRSVC - ok 00:36:04.0647 2720 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 00:36:04.0656 2720 Lenovo.VIRTSCRLSVC - ok 00:36:04.0737 2720 [ 3AA70DCFB4ECB5FCFE6B9FF7CEC3A5EA ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 00:36:04.0785 2720 LiveUpdate - ok 00:36:04.0827 2720 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys 00:36:04.0862 2720 lltdio - ok 00:36:04.0892 2720 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll 00:36:04.0936 2720 lltdsvc - ok 00:36:04.0955 2720 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\WINDOWS\System32\lmhsvc.dll 00:36:04.0995 2720 lmhosts - ok 00:36:05.0017 2720 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\WINDOWS\system32\DRIVERS\lsi_fc.sys 00:36:05.0078 2720 LSI_FC - ok 00:36:05.0100 2720 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\WINDOWS\system32\DRIVERS\lsi_sas.sys 00:36:05.0188 2720 LSI_SAS - ok 00:36:05.0211 2720 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\WINDOWS\system32\DRIVERS\lsi_sas2.sys 00:36:05.0229 2720 LSI_SAS2 - ok 00:36:05.0239 2720 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\WINDOWS\system32\DRIVERS\lsi_scsi.sys 00:36:05.0258 2720 LSI_SCSI - ok 00:36:05.0270 2720 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\WINDOWS\system32\drivers\luafv.sys 00:36:05.0302 2720 luafv - ok 00:36:05.0342 2720 [ 35F6FF391C59BF8FAC3D0A5572FCB9EA ] LV_Tracker C:\WINDOWS\system32\DRIVERS\LV_Tracker.sys 00:36:05.0357 2720 LV_Tracker - ok 00:36:05.0388 2720 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\WINDOWS\system32\Mcx2Svc.dll 00:36:05.0408 2720 Mcx2Svc - ok 00:36:05.0476 2720 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 00:36:05.0497 2720 MDM ( UnsignedFile.Multi.Generic ) - warning 00:36:05.0497 2720 MDM - detected UnsignedFile.Multi.Generic (1) 00:36:05.0506 2720 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 00:36:05.0529 2720 mdmxsdk - ok 00:36:05.0554 2720 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\WINDOWS\system32\DRIVERS\megasas.sys 00:36:05.0571 2720 megasas - ok 00:36:05.0593 2720 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\WINDOWS\system32\DRIVERS\MegaSR.sys 00:36:05.0668 2720 MegaSR - ok 00:36:05.0703 2720 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\WINDOWS\system32\mmcss.dll 00:36:05.0741 2720 MMCSS - ok 00:36:05.0770 2720 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\WINDOWS\system32\drivers\modem.sys 00:36:05.0818 2720 Modem - ok 00:36:05.0856 2720 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\WINDOWS\system32\DRIVERS\monitor.sys 00:36:05.0882 2720 monitor - ok 00:36:05.0920 2720 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\WINDOWS\system32\drivers\mouclass.sys 00:36:05.0932 2720 mouclass - ok 00:36:05.0967 2720 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 00:36:05.0995 2720 mouhid - ok 00:36:06.0026 2720 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys 00:36:06.0038 2720 mountmgr - ok 00:36:06.0096 2720 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 00:36:06.0120 2720 MozillaMaintenance - ok 00:36:06.0158 2720 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\WINDOWS\system32\drivers\mpio.sys 00:36:06.0180 2720 mpio - ok 00:36:06.0197 2720 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys 00:36:06.0230 2720 mpsdrv - ok 00:36:06.0261 2720 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll 00:36:06.0311 2720 MpsSvc - ok 00:36:06.0345 2720 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys 00:36:06.0382 2720 MRxDAV - ok 00:36:06.0402 2720 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 00:36:06.0426 2720 mrxsmb - ok 00:36:06.0448 2720 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys 00:36:06.0463 2720 mrxsmb10 - ok 00:36:06.0475 2720 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys 00:36:06.0488 2720 mrxsmb20 - ok 00:36:06.0519 2720 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\WINDOWS\system32\drivers\msahci.sys 00:36:06.0538 2720 msahci - ok 00:36:06.0571 2720 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\WINDOWS\system32\drivers\msdsm.sys 00:36:06.0590 2720 msdsm - ok 00:36:06.0606 2720 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\WINDOWS\System32\msdtc.exe 00:36:06.0649 2720 MSDTC - ok 00:36:06.0677 2720 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 00:36:06.0702 2720 Msfs - ok 00:36:06.0719 2720 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys 00:36:06.0749 2720 mshidkmdf - ok 00:36:06.0779 2720 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys 00:36:06.0790 2720 msisadrv - ok 00:36:06.0834 2720 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll 00:36:06.0877 2720 MSiSCSI - ok 00:36:06.0881 2720 msiserver - ok 00:36:06.0908 2720 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 00:36:06.0947 2720 MSKSSRV - ok 00:36:06.0963 2720 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 00:36:06.0996 2720 MSPCLOCK - ok 00:36:07.0007 2720 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 00:36:07.0049 2720 MSPQM - ok 00:36:07.0068 2720 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys 00:36:07.0081 2720 MsRPC - ok 00:36:07.0115 2720 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\WINDOWS\system32\drivers\mssmbios.sys 00:36:07.0126 2720 mssmbios - ok 00:36:07.0144 2720 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 00:36:07.0175 2720 MSTEE - ok 00:36:07.0184 2720 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\WINDOWS\system32\DRIVERS\MTConfig.sys 00:36:07.0202 2720 MTConfig - ok 00:36:07.0212 2720 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\WINDOWS\system32\Drivers\mup.sys 00:36:07.0224 2720 Mup - ok 00:36:07.0262 2720 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\WINDOWS\system32\qagentRT.dll 00:36:07.0301 2720 napagent - ok 00:36:07.0320 2720 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys 00:36:07.0352 2720 NativeWifiP - ok 00:36:07.0480 2720 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130513.004\NAVENG.SYS 00:36:07.0490 2720 NAVENG - ok 00:36:07.0525 2720 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130513.004\NAVEX15.SYS 00:36:07.0560 2720 NAVEX15 - ok 00:36:07.0615 2720 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys 00:36:07.0641 2720 NDIS - ok 00:36:07.0662 2720 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys 00:36:07.0693 2720 NdisCap - ok 00:36:07.0706 2720 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 00:36:07.0739 2720 NdisTapi - ok 00:36:07.0770 2720 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 00:36:07.0794 2720 Ndisuio - ok 00:36:07.0822 2720 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 00:36:07.0856 2720 NdisWan - ok 00:36:07.0900 2720 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 00:36:07.0943 2720 NDProxy - ok 00:36:08.0000 2720 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll 00:36:08.0006 2720 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 00:36:08.0006 2720 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 00:36:08.0023 2720 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 00:36:08.0063 2720 NetBIOS - ok 00:36:08.0097 2720 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 00:36:08.0121 2720 NetBT - ok 00:36:08.0131 2720 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\WINDOWS\system32\lsass.exe 00:36:08.0143 2720 Netlogon - ok 00:36:08.0176 2720 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\WINDOWS\System32\netman.dll 00:36:08.0223 2720 Netman - ok 00:36:08.0240 2720 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\WINDOWS\System32\netprofm.dll 00:36:08.0269 2720 netprofm - ok 00:36:08.0299 2720 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:36:08.0317 2720 NetTcpPortSharing - ok 00:36:08.0432 2720 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\WINDOWS\system32\DRIVERS\NETw5s32.sys 00:36:08.0579 2720 NETw5s32 - ok 00:36:08.0677 2720 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\WINDOWS\system32\DRIVERS\netw5v32.sys 00:36:08.0822 2720 netw5v32 - ok 00:36:08.0848 2720 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\WINDOWS\system32\DRIVERS\nfrd960.sys 00:36:08.0867 2720 nfrd960 - ok 00:36:08.0899 2720 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\WINDOWS\System32\nlasvc.dll 00:36:08.0925 2720 NlaSvc - ok 00:36:08.0933 2720 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 00:36:08.0959 2720 Npfs - ok 00:36:08.0987 2720 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\WINDOWS\system32\nsisvc.dll 00:36:09.0012 2720 nsi - ok 00:36:09.0017 2720 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys 00:36:09.0058 2720 nsiproxy - ok 00:36:09.0114 2720 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 00:36:09.0161 2720 Ntfs - ok 00:36:09.0178 2720 [ F9756A98D69098DCA8945D62858A812C ] Null C:\WINDOWS\system32\drivers\Null.sys 00:36:09.0203 2720 Null - ok 00:36:09.0252 2720 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys 00:36:09.0271 2720 nvraid - ok 00:36:09.0299 2720 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys 00:36:09.0319 2720 nvstor - ok 00:36:09.0355 2720 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys 00:36:09.0375 2720 nv_agp - ok 00:36:09.0499 2720 [ 1A128004775CA3E04FDB315563459D3B ] NWSAPAutoWorkstationUpdateSvc C:\Program Files\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe 00:36:09.0508 2720 NWSAPAutoWorkstationUpdateSvc - ok 00:36:09.0574 2720 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 00:36:09.0617 2720 odserv - ok 00:36:09.0643 2720 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\WINDOWS\system32\drivers\ohci1394.sys 00:36:09.0672 2720 ohci1394 - ok 00:36:09.0689 2720 [ 99BF0B1BCADF83102CBBBEA4D0D22732 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:36:09.0739 2720 ose - ok 00:36:09.0782 2720 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll 00:36:09.0811 2720 p2pimsvc - ok 00:36:09.0852 2720 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\WINDOWS\system32\p2psvc.dll 00:36:09.0892 2720 p2psvc - ok 00:36:09.0912 2720 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 00:36:09.0926 2720 Parport - ok 00:36:09.0963 2720 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys 00:36:09.0975 2720 partmgr - ok 00:36:09.0993 2720 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\WINDOWS\system32\DRIVERS\parvdm.sys 00:36:10.0038 2720 Parvdm - ok 00:36:10.0052 2720 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll 00:36:10.0068 2720 PcaSvc - ok 00:36:10.0118 2720 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 00:36:10.0143 2720 pccsmcfd - ok 00:36:10.0167 2720 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\WINDOWS\system32\drivers\pci.sys 00:36:10.0182 2720 pci - ok 00:36:10.0210 2720 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\WINDOWS\system32\drivers\pciide.sys 00:36:10.0228 2720 pciide - ok 00:36:10.0253 2720 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys 00:36:10.0277 2720 pcmcia - ok 00:36:10.0296 2720 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\WINDOWS\system32\drivers\pcw.sys 00:36:10.0307 2720 pcw - ok 00:36:10.0328 2720 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys 00:36:10.0376 2720 PEAUTH - ok 00:36:10.0410 2720 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll 00:36:10.0451 2720 PeerDistSvc - ok 00:36:10.0512 2720 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\WINDOWS\system32\pla.dll 00:36:10.0581 2720 pla - ok 00:36:10.0623 2720 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll 00:36:10.0665 2720 PlugPlay - ok 00:36:10.0689 2720 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll 00:36:10.0696 2720 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 00:36:10.0696 2720 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 00:36:10.0741 2720 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll 00:36:10.0781 2720 PNRPAutoReg - ok 00:36:10.0799 2720 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll 00:36:10.0812 2720 PNRPsvc - ok 00:36:10.0860 2720 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll 00:36:10.0896 2720 PolicyAgent - ok 00:36:10.0935 2720 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\WINDOWS\system32\umpo.dll 00:36:10.0968 2720 Power - ok 00:36:10.0987 2720 [ AF7186CF9909BEF0D86097175175178F ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE 00:36:11.0008 2720 Power Manager DBC Service - ok 00:36:11.0042 2720 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 00:36:11.0067 2720 PptpMiniport - ok 00:36:11.0141 2720 [ 2A4514A9233D35A355F569FF8B8F6240 ] prepdrvr C:\WINDOWS\system32\CCM\prepdrv.sys 00:36:11.0168 2720 prepdrvr - ok 00:36:11.0178 2720 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys 00:36:11.0206 2720 Processor - ok 00:36:11.0253 2720 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\WINDOWS\system32\profsvc.dll 00:36:11.0282 2720 ProfSvc - ok 00:36:11.0289 2720 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 00:36:11.0302 2720 ProtectedStorage - ok 00:36:11.0335 2720 [ 651D3ABC1D82D61B6CFB40CB947B3DB3 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys 00:36:11.0344 2720 psadd - ok 00:36:11.0354 2720 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys 00:36:11.0391 2720 Psched - ok 00:36:11.0420 2720 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\WINDOWS\system32\DRIVERS\ql2300.sys 00:36:11.0484 2720 ql2300 - ok 00:36:11.0522 2720 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\WINDOWS\system32\DRIVERS\ql40xx.sys 00:36:11.0594 2720 ql40xx - ok 00:36:11.0632 2720 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\WINDOWS\system32\qwave.dll 00:36:11.0671 2720 QWAVE - ok 00:36:11.0687 2720 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys 00:36:11.0707 2720 QWAVEdrv - ok 00:36:11.0720 2720 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 00:36:11.0752 2720 RasAcd - ok 00:36:11.0769 2720 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys 00:36:11.0804 2720 RasAgileVpn - ok 00:36:11.0820 2720 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\WINDOWS\System32\rasauto.dll 00:36:11.0864 2720 RasAuto - ok 00:36:11.0883 2720 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 00:36:11.0919 2720 Rasl2tp - ok 00:36:11.0964 2720 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\WINDOWS\System32\rasmans.dll 00:36:12.0005 2720 RasMan - ok 00:36:12.0010 2720 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 00:36:12.0038 2720 RasPppoe - ok 00:36:12.0047 2720 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys 00:36:12.0085 2720 RasSstp - ok 00:36:12.0112 2720 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 00:36:12.0147 2720 rdbss - ok 00:36:12.0164 2720 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\WINDOWS\system32\DRIVERS\rdpbus.sys 00:36:12.0176 2720 rdpbus - ok 00:36:12.0205 2720 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 00:36:12.0248 2720 RDPCDD - ok 00:36:12.0276 2720 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys 00:36:12.0307 2720 RDPDR - ok 00:36:12.0332 2720 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\WINDOWS\system32\drivers\rdpencdd.sys 00:36:12.0364 2720 RDPENCDD - ok 00:36:12.0378 2720 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\WINDOWS\system32\drivers\rdprefmp.sys 00:36:12.0411 2720 RDPREFMP - ok 00:36:12.0440 2720 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 00:36:12.0475 2720 RDPWD - ok 00:36:12.0512 2720 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys 00:36:12.0526 2720 rdyboost - ok 00:36:12.0581 2720 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\WINDOWS\system32\drivers\regi.sys 00:36:12.0590 2720 regi - ok 00:36:12.0612 2720 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 00:36:12.0653 2720 RemoteAccess - ok 00:36:12.0672 2720 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 00:36:12.0717 2720 RemoteRegistry - ok 00:36:12.0741 2720 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys 00:36:12.0755 2720 RFCOMM - ok 00:36:12.0786 2720 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\WINDOWS\system32\DRIVERS\rimspe86.sys 00:36:12.0811 2720 rimspci - ok 00:36:12.0851 2720 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys 00:36:12.0882 2720 RimUsb - ok 00:36:12.0927 2720 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys 00:36:12.0946 2720 RimVSerPort - ok 00:36:12.0956 2720 [ 6A60626412129C713CC30C81870A8095 ] rixdpcie C:\WINDOWS\system32\DRIVERS\rixdpe86.sys 00:36:12.0988 2720 rixdpcie - ok 00:36:13.0020 2720 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys 00:36:13.0054 2720 ROOTMODEM - ok 00:36:13.0094 2720 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll 00:36:13.0131 2720 RpcEptMapper - ok 00:36:13.0158 2720 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\WINDOWS\system32\locator.exe 00:36:13.0193 2720 RpcLocator - ok 00:36:13.0228 2720 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\WINDOWS\system32\rpcss.dll 00:36:13.0254 2720 RpcSs - ok 00:36:13.0292 2720 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys 00:36:13.0318 2720 rspndr - ok 00:36:13.0350 2720 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\WINDOWS\system32\drivers\vms3cap.sys 00:36:13.0379 2720 s3cap - ok 00:36:13.0389 2720 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\WINDOWS\system32\lsass.exe 00:36:13.0400 2720 SamSs - ok 00:36:13.0486 2720 [ D574EEC31CF2B4DF5BD9B3C17CDB116D ] SAPSprint C:\Program Files\SAP\SAPSPrint\sapsprint.exe 00:36:13.0528 2720 SAPSprint ( UnsignedFile.Multi.Generic ) - warning 00:36:13.0528 2720 SAPSprint - detected UnsignedFile.Multi.Generic (1) 00:36:13.0572 2720 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys 00:36:13.0591 2720 sbp2port - ok 00:36:13.0619 2720 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll 00:36:13.0652 2720 SCardSvr - ok 00:36:13.0682 2720 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys 00:36:13.0712 2720 scfilter - ok 00:36:13.0748 2720 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\WINDOWS\system32\schedsvc.dll 00:36:13.0798 2720 Schedule - ok 00:36:13.0825 2720 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\WINDOWS\System32\certprop.dll 00:36:13.0847 2720 SCPolicySvc - ok 00:36:13.0897 2720 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\WINDOWS\system32\drivers\sdbus.sys 00:36:13.0918 2720 sdbus - ok 00:36:13.0946 2720 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll 00:36:13.0982 2720 SDRSVC - ok 00:36:14.0007 2720 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys 00:36:14.0049 2720 secdrv - ok 00:36:14.0076 2720 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\WINDOWS\system32\seclogon.dll 00:36:14.0115 2720 seclogon - ok 00:36:14.0138 2720 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\WINDOWS\System32\sens.dll 00:36:14.0163 2720 SENS - ok 00:36:14.0181 2720 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll 00:36:14.0211 2720 SensrSvc - ok 00:36:14.0230 2720 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 00:36:14.0241 2720 Serenum - ok 00:36:14.0254 2720 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 00:36:14.0274 2720 Serial - ok 00:36:14.0302 2720 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\WINDOWS\system32\DRIVERS\sermouse.sys 00:36:14.0319 2720 sermouse - ok 00:36:14.0418 2720 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 00:36:14.0440 2720 ServiceLayer - ok 00:36:14.0483 2720 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\WINDOWS\system32\sessenv.dll 00:36:14.0526 2720 SessionEnv - ok 00:36:14.0556 2720 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\WINDOWS\system32\DRIVERS\sffdisk.sys 00:36:14.0579 2720 sffdisk - ok 00:36:14.0597 2720 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\WINDOWS\system32\drivers\sffp_mmc.sys 00:36:14.0624 2720 sffp_mmc - ok 00:36:14.0655 2720 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 00:36:14.0669 2720 sffp_sd - ok 00:36:14.0689 2720 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys 00:36:14.0717 2720 sfloppy - ok 00:36:14.0754 2720 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 00:36:14.0809 2720 SharedAccess - ok 00:36:14.0846 2720 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 00:36:14.0874 2720 ShellHWDetection - ok 00:36:14.0918 2720 [ DF6A84DD19D3C0858D707B5E64938D60 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys 00:36:14.0930 2720 Shockprf - ok 00:36:14.0972 2720 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\WINDOWS\system32\drivers\sisagp.sys 00:36:14.0990 2720 sisagp - ok 00:36:15.0016 2720 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys 00:36:15.0036 2720 SiSRaid2 - ok 00:36:15.0047 2720 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\WINDOWS\system32\DRIVERS\sisraid4.sys 00:36:15.0098 2720 SiSRaid4 - ok 00:36:15.0119 2720 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\WINDOWS\system32\DRIVERS\smb.sys 00:36:15.0202 2720 Smb - ok 00:36:15.0280 2720 [ 9672E993C5F09BB15ADB757A8AF7765E ] SmcService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe 00:36:15.0331 2720 SmcService - ok 00:36:15.0335 2720 smstsmgr - ok 00:36:15.0354 2720 [ 229B0890AF1A54E2F57099542CD18642 ] SNAC C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE 00:36:15.0409 2720 SNAC - ok 00:36:15.0448 2720 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe 00:36:15.0460 2720 SNMPTRAP - ok 00:36:15.0516 2720 [ E87CF104F12C92401C4D33C50A3D5DC8 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 00:36:15.0533 2720 SPBBCDrv - ok 00:36:15.0548 2720 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\WINDOWS\system32\drivers\spldr.sys 00:36:15.0559 2720 spldr - ok 00:36:15.0589 2720 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\WINDOWS\System32\spoolsv.exe 00:36:15.0618 2720 Spooler - ok 00:36:15.0694 2720 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\WINDOWS\system32\sppsvc.exe 00:36:15.0765 2720 sppsvc - ok 00:36:15.0796 2720 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\WINDOWS\system32\sppuinotify.dll 00:36:15.0826 2720 sppuinotify - ok 00:36:15.0864 2720 [ 14389E87D0D2E25B12BF2CC74CFAEE07 ] SRTSP C:\WINDOWS\system32\Drivers\SRTSP.SYS 00:36:15.0891 2720 SRTSP - ok 00:36:15.0906 2720 [ AED0F68C185FE698A21CEFCD76F0B8A4 ] SRTSPL C:\WINDOWS\system32\Drivers\SRTSPL.SYS 00:36:15.0934 2720 SRTSPL - ok 00:36:15.0970 2720 [ 0E2CA6326726477FE29863808BBAD413 ] SRTSPX C:\WINDOWS\system32\Drivers\SRTSPX.SYS 00:36:15.0986 2720 SRTSPX - ok 00:36:16.0025 2720 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys 00:36:16.0056 2720 srv - ok 00:36:16.0077 2720 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys 00:36:16.0102 2720 srv2 - ok 00:36:16.0133 2720 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\WINDOWS\system32\DRIVERS\VSTAZL3.SYS 00:36:16.0163 2720 SrvHsfHDA - ok 00:36:16.0184 2720 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\WINDOWS\system32\DRIVERS\VSTDPV3.SYS 00:36:16.0224 2720 SrvHsfV92 - ok 00:36:16.0234 2720 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\WINDOWS\system32\DRIVERS\VSTCNXT3.SYS 00:36:16.0267 2720 SrvHsfWinac - ok 00:36:16.0279 2720 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys 00:36:16.0292 2720 srvnet - ok 00:36:16.0313 2720 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 00:36:16.0340 2720 SSDPSRV - ok 00:36:16.0355 2720 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll 00:36:16.0397 2720 SstpSvc - ok 00:36:16.0414 2720 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\WINDOWS\system32\DRIVERS\stexstor.sys 00:36:16.0431 2720 stexstor - ok 00:36:16.0467 2720 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\WINDOWS\System32\wiaservc.dll 00:36:16.0497 2720 StiSvc - ok 00:36:16.0533 2720 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\WINDOWS\system32\drivers\vmstorfl.sys 00:36:16.0545 2720 storflt - ok 00:36:16.0562 2720 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\WINDOWS\system32\storsvc.dll 00:36:16.0579 2720 StorSvc - ok 00:36:16.0609 2720 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys 00:36:16.0628 2720 storvsc - ok 00:36:16.0650 2720 [ 5E8261EDDFD7C1851B78E27705CD7F59 ] SUService C:\Program Files\Lenovo\System Update\SUService.exe 00:36:16.0653 2720 SUService ( UnsignedFile.Multi.Generic ) - warning 00:36:16.0653 2720 SUService - detected UnsignedFile.Multi.Generic (1) 00:36:16.0688 2720 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\WINDOWS\system32\drivers\swenum.sys 00:36:16.0699 2720 swenum - ok 00:36:16.0715 2720 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\WINDOWS\System32\swprv.dll 00:36:16.0794 2720 swprv - ok 00:36:16.0854 2720 [ 409EBED03F66E3941E33E412795E6C2C ] Symantec AntiVirus C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe 00:36:16.0891 2720 Symantec AntiVirus - ok 00:36:16.0927 2720 [ AB33C3B196197CA467CBDDA717860DBA ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 00:36:16.0946 2720 SymEvent - ok 00:36:16.0986 2720 [ 394B2368212114D538316812AF60FDDD ] SYMREDRV C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 00:36:16.0996 2720 SYMREDRV - ok 00:36:17.0009 2720 [ D46676BB414C7531BDFFE637A33F5033 ] SYMTDI C:\WINDOWS\System32\Drivers\SYMTDI.SYS 00:36:17.0021 2720 SYMTDI - ok 00:36:17.0063 2720 [ 2185CC5BE9922562108CF87F42E4BBAF ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys 00:36:17.0108 2720 SynTP - ok 00:36:17.0157 2720 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\WINDOWS\system32\sysmain.dll 00:36:17.0203 2720 SysMain - ok 00:36:17.0216 2720 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll 00:36:17.0265 2720 TabletInputService - ok 00:36:17.0304 2720 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 00:36:17.0352 2720 TapiSrv - ok 00:36:17.0382 2720 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\WINDOWS\System32\tbssvc.dll 00:36:17.0413 2720 TBS - ok 00:36:17.0464 2720 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys 00:36:17.0511 2720 Tcpip - ok 00:36:17.0539 2720 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys 00:36:17.0569 2720 TCPIP6 - ok 00:36:17.0603 2720 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys 00:36:17.0623 2720 tcpipreg - ok 00:36:17.0662 2720 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\WINDOWS\system32\drivers\tdpipe.sys 00:36:17.0684 2720 TDPIPE - ok 00:36:17.0715 2720 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\WINDOWS\system32\drivers\tdtcp.sys 00:36:17.0739 2720 TDTCP - ok 00:36:17.0767 2720 [ B459575348C20E8121D6039DA063C704 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys 00:36:17.0792 2720 tdx - ok 00:36:17.0819 2720 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\WINDOWS\system32\drivers\termdd.sys 00:36:17.0830 2720 TermDD - ok 00:36:17.0868 2720 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\WINDOWS\System32\termsrv.dll 00:36:17.0920 2720 TermService - ok 00:36:17.0947 2720 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\WINDOWS\system32\themeservice.dll 00:36:17.0962 2720 Themes - ok 00:36:17.0968 2720 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\WINDOWS\system32\mmcss.dll 00:36:17.0992 2720 THREADORDER - ok 00:36:18.0016 2720 [ 50B570E4209F6D401893720FC8DDCE46 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys 00:36:18.0024 2720 TPDIGIMN - ok 00:36:18.0035 2720 [ 1F98A2433555DD854CB4E2EDC819DEB4 ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe 00:36:18.0056 2720 TPHDEXLGSVC - ok 00:36:18.0071 2720 [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 00:36:18.0076 2720 TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning 00:36:18.0076 2720 TPHKLOAD - detected UnsignedFile.Multi.Generic (1) 00:36:18.0105 2720 [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 00:36:18.0113 2720 TPHKSVC - ok 00:36:18.0146 2720 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\WINDOWS\system32\drivers\tpm.sys 00:36:18.0157 2720 TPM - ok 00:36:18.0167 2720 [ C16EC6A5390904D3971179553852025B ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwr32v.sys 00:36:18.0175 2720 TPPWRIF - ok 00:36:18.0213 2720 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\WINDOWS\System32\trkwks.dll 00:36:18.0247 2720 TrkWks - ok 00:36:18.0292 2720 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe 00:36:18.0333 2720 TrustedInstaller - ok 00:36:18.0371 2720 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\WINDOWS\system32\DRIVERS\tssecsrv.sys 00:36:18.0402 2720 tssecsrv - ok 00:36:18.0426 2720 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys 00:36:18.0451 2720 TsUsbFlt - ok 00:36:18.0485 2720 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys 00:36:18.0509 2720 tunnel - ok 00:36:18.0540 2720 [ 8629F69817902D9D0F00EB3247AABA51 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 00:36:18.0571 2720 TurboBoost - ok 00:36:18.0592 2720 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\WINDOWS\system32\DRIVERS\uagp35.sys 00:36:18.0610 2720 uagp35 - ok 00:36:18.0625 2720 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys 00:36:18.0675 2720 udfs - ok 00:36:18.0696 2720 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe 00:36:18.0728 2720 UI0Detect - ok 00:36:18.0769 2720 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys 00:36:18.0787 2720 uliagpkx - ok 00:36:18.0818 2720 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\WINDOWS\system32\drivers\umbus.sys 00:36:18.0830 2720 umbus - ok 00:36:18.0851 2720 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\WINDOWS\system32\DRIVERS\umpass.sys 00:36:18.0876 2720 UmPass - ok 00:36:18.0904 2720 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\WINDOWS\System32\umrdp.dll 00:36:18.0935 2720 UmRdpService - ok 00:36:18.0961 2720 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\WINDOWS\System32\upnphost.dll 00:36:19.0002 2720 upnphost - ok 00:36:19.0045 2720 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys 00:36:19.0061 2720 USBAAPL ( UnsignedFile.Multi.Generic ) - warning 00:36:19.0061 2720 USBAAPL - detected UnsignedFile.Multi.Generic (1) 00:36:19.0089 2720 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 00:36:19.0121 2720 usbccgp - ok 00:36:19.0177 2720 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\WINDOWS\system32\drivers\usbcir.sys 00:36:19.0199 2720 usbcir - ok 00:36:19.0232 2720 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\WINDOWS\system32\drivers\usbehci.sys 00:36:19.0244 2720 usbehci - ok 00:36:19.0286 2720 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 00:36:19.0302 2720 usbhub - ok 00:36:19.0329 2720 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\WINDOWS\system32\drivers\usbohci.sys 00:36:19.0352 2720 usbohci - ok 00:36:19.0384 2720 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 00:36:19.0404 2720 usbprint - ok 00:36:19.0448 2720 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 00:36:19.0468 2720 usbscan - ok 00:36:19.0504 2720 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\WINDOWS\system32\drivers\usbser.sys 00:36:19.0524 2720 usbser - ok 00:36:19.0547 2720 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 00:36:19.0571 2720 USBSTOR - ok 00:36:19.0597 2720 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\WINDOWS\system32\drivers\usbuhci.sys 00:36:19.0615 2720 usbuhci - ok 00:36:19.0647 2720 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\WINDOWS\System32\uxsms.dll 00:36:19.0671 2720 UxSms - ok 00:36:19.0698 2720 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\WINDOWS\system32\lsass.exe 00:36:19.0711 2720 VaultSvc - ok 00:36:19.0759 2720 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys 00:36:19.0771 2720 vdrvroot - ok 00:36:19.0809 2720 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\WINDOWS\System32\vds.exe 00:36:19.0915 2720 vds - ok 00:36:19.0955 2720 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\WINDOWS\system32\DRIVERS\vgapnp.sys 00:36:19.0989 2720 vga - ok 00:36:20.0002 2720 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 00:36:20.0030 2720 VgaSave - ok 00:36:20.0075 2720 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\WINDOWS\system32\drivers\vhdmp.sys 00:36:20.0097 2720 vhdmp - ok 00:36:20.0142 2720 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\WINDOWS\system32\drivers\viaagp.sys 00:36:20.0160 2720 viaagp - ok 00:36:20.0171 2720 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\WINDOWS\system32\DRIVERS\viac7.sys 00:36:20.0196 2720 ViaC7 - ok 00:36:20.0222 2720 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\WINDOWS\system32\drivers\viaide.sys 00:36:20.0238 2720 viaide - ok 00:36:20.0270 2720 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys 00:36:20.0284 2720 vmbus - ok 00:36:20.0318 2720 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\WINDOWS\system32\drivers\VMBusHID.sys 00:36:20.0335 2720 VMBusHID - ok 00:36:20.0383 2720 [ 48007916B1D0DAB3E6C0D701DE7C4AFB ] VNA C:\WINDOWS\system32\DRIVERS\vna.sys 00:36:20.0394 2720 VNA - ok 00:36:20.0419 2720 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys 00:36:20.0432 2720 volmgr - ok 00:36:20.0447 2720 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys 00:36:20.0464 2720 volmgrx - ok 00:36:20.0504 2720 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys 00:36:20.0519 2720 volsnap - ok 00:36:20.0562 2720 [ D9CC6202D8A3EC84F1516F6CC3E2E6ED ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 00:36:20.0578 2720 vpnagent - ok 00:36:20.0613 2720 [ 0D8DF4058901616A4E716AB67D472581 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys 00:36:20.0659 2720 vpnva - ok 00:36:20.0688 2720 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\WINDOWS\system32\DRIVERS\vsmraid.sys 00:36:20.0710 2720 vsmraid - ok 00:36:20.0754 2720 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\WINDOWS\system32\vssvc.exe 00:36:20.0831 2720 VSS - ok 00:36:20.0843 2720 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\WINDOWS\system32\DRIVERS\vwifibus.sys 00:36:20.0864 2720 vwifibus - ok 00:36:20.0882 2720 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys 00:36:20.0896 2720 vwififlt - ok 00:36:20.0936 2720 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys 00:36:20.0949 2720 vwifimp - ok 00:36:20.0979 2720 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\WINDOWS\system32\w32time.dll 00:36:21.0009 2720 W32Time - ok 00:36:21.0022 2720 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\WINDOWS\system32\DRIVERS\wacompen.sys 00:36:21.0040 2720 WacomPen - ok 00:36:21.0078 2720 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\WINDOWS\system32\DRIVERS\wanarp.sys 00:36:21.0115 2720 WANARP - ok 00:36:21.0118 2720 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys 00:36:21.0141 2720 Wanarpv6 - ok 00:36:21.0191 2720 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\WINDOWS\system32\wbengine.exe 00:36:21.0257 2720 wbengine - ok 00:36:21.0274 2720 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll 00:36:21.0298 2720 WbioSrvc - ok 00:36:21.0331 2720 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll 00:36:21.0367 2720 wcncsvc - ok 00:36:21.0381 2720 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll 00:36:21.0473 2720 WcsPlugInService - ok 00:36:21.0494 2720 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\WINDOWS\system32\DRIVERS\wd.sys 00:36:21.0511 2720 Wd - ok 00:36:21.0535 2720 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys 00:36:21.0554 2720 Wdf01000 - ok 00:36:21.0566 2720 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll 00:36:21.0596 2720 WdiServiceHost - ok 00:36:21.0599 2720 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll 00:36:21.0614 2720 WdiSystemHost - ok 00:36:21.0657 2720 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\WINDOWS\System32\webclnt.dll 00:36:21.0695 2720 WebClient - ok 00:36:21.0718 2720 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll 00:36:21.0754 2720 Wecsvc - ok 00:36:21.0765 2720 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll 00:36:21.0790 2720 wercplsupport - ok 00:36:21.0807 2720 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\WINDOWS\System32\WerSvc.dll 00:36:21.0901 2720 WerSvc - ok 00:36:21.0930 2720 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\WINDOWS\system32\DRIVERS\wfplwf.sys 00:36:21.0955 2720 WfpLwf - ok 00:36:21.0972 2720 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys 00:36:21.0989 2720 WIMMount - ok 00:36:22.0016 2720 [ 253A9C2DF9A2A7B3B23146014959F2CD ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 00:36:22.0050 2720 winachsf - ok 00:36:22.0104 2720 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 00:36:22.0135 2720 WinDefend - ok 00:36:22.0140 2720 WinHttpAutoProxySvc - ok 00:36:22.0191 2720 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 00:36:22.0216 2720 Winmgmt - ok 00:36:22.0265 2720 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\WINDOWS\system32\WsmSvc.dll 00:36:22.0334 2720 WinRM - ok 00:36:22.0383 2720 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys 00:36:22.0413 2720 WinUsb - ok 00:36:22.0439 2720 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\WINDOWS\System32\wlansvc.dll 00:36:22.0466 2720 Wlansvc - ok 00:36:22.0504 2720 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\WINDOWS\system32\drivers\wmiacpi.sys 00:36:22.0522 2720 WmiAcpi - ok 00:36:22.0562 2720 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe 00:36:22.0599 2720 wmiApSrv - ok 00:36:22.0667 2720 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 00:36:22.0720 2720 WMPNetworkSvc - ok 00:36:22.0732 2720 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll 00:36:22.0764 2720 WPCSvc - ok 00:36:22.0797 2720 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll 00:36:22.0828 2720 WPDBusEnum - ok 00:36:22.0848 2720 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys 00:36:22.0886 2720 ws2ifsl - ok 00:36:22.0897 2720 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\WINDOWS\System32\wscsvc.dll 00:36:22.0933 2720 wscsvc - ok 00:36:22.0936 2720 WSearch - ok 00:36:22.0999 2720 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\WINDOWS\system32\wuaueng.dll 00:36:23.0063 2720 wuauserv - ok 00:36:23.0072 2720 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys 00:36:23.0100 2720 WudfPf - ok 00:36:23.0131 2720 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 00:36:23.0155 2720 WUDFRd - ok 00:36:23.0169 2720 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll 00:36:23.0203 2720 wudfsvc - ok 00:36:23.0228 2720 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll 00:36:23.0276 2720 WwanSvc - ok 00:36:23.0309 2720 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\WINDOWS\system32\DRIVERS\XAudio32.sys 00:36:23.0319 2720 XAudio - ok 00:36:23.0340 2720 ================ Scan global =============================== 00:36:23.0376 2720 [ DAB748AE0439955ED2FA22357533DDDB ] C:\WINDOWS\system32\basesrv.dll 00:36:23.0405 2720 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\WINDOWS\system32\winsrv.dll 00:36:23.0413 2720 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\WINDOWS\system32\winsrv.dll 00:36:23.0438 2720 [ 364455805E64882844EE9ACB72522830 ] C:\WINDOWS\system32\sxssrv.dll 00:36:23.0472 2720 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\WINDOWS\system32\services.exe 00:36:23.0475 2720 [Global] - ok 00:36:23.0475 2720 ================ Scan MBR ================================== 00:36:23.0482 2720 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 00:36:23.0840 2720 \Device\Harddisk0\DR0 - ok 00:36:23.0841 2720 ================ Scan VBR ================================== 00:36:23.0843 2720 [ AB067BA801D6D37D3CC9E941D574DB4F ] \Device\Harddisk0\DR0\Partition1 00:36:23.0844 2720 \Device\Harddisk0\DR0\Partition1 - ok 00:36:23.0845 2720 ============================================================ 00:36:23.0845 2720 Scan finished 00:36:23.0845 2720 ============================================================ 00:36:23.0852 4220 Detected object count: 9 00:36:23.0853 4220 Actual detected object count: 9 00:37:07.0565 4220 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 00:37:07.0565 4220 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:37:07.0565 4220 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 00:37:07.0565 4220 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:37:07.0567 4220 MDM ( UnsignedFile.Multi.Generic ) - skipped by user 00:37:07.0567 4220 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:37:07.0568 4220 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 00:37:07.0568 4220 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:37:07.0570 4220 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 00:37:07.0570 4220 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:37:07.0572 4220 SAPSprint ( UnsignedFile.Multi.Generic ) - skipped by user 00:37:07.0572 4220 SAPSprint ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:37:07.0573 4220 SUService ( UnsignedFile.Multi.Generic ) - skipped by user 00:37:07.0573 4220 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:37:07.0574 4220 TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user 00:37:07.0574 4220 TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:37:07.0576 4220 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user 00:37:07.0576 4220 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip |
14.05.2013, 23:41 | #17 |
/// Malware-holic | GVU Trojaner eingefangen... Passt.
__________________Scan mit Combofix
__________________ |
14.05.2013, 23:47 | #18 |
| GVU Trojaner eingefangen... Hallo,
__________________auf meinem Rechner läuf Symantec Endpoint Protection und ich kann sie nich deaktivieren. Kann ich ComboFix trotzdem starten? Gruß, S2k13 |
14.05.2013, 23:53 | #19 |
/// Malware-holic | GVU Trojaner eingefangen... Kannnst du
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
14.05.2013, 23:57 | #20 |
| GVU Trojaner eingefangen... ComboFix mahnt das schließen von Symantec Enduser Protection an. Gibt es ein erhebliches Risiko, wenn ich das Fortführen des Suchlaufs mit OK bestätige? Danke vorab. |
14.05.2013, 23:59 | #21 |
/// Malware-holic | GVU Trojaner eingefangen... bestätige es bitte
__________________ --> GVU Trojaner eingefangen... |
15.05.2013, 00:24 | #22 |
| GVU Trojaner eingefangen... Hallo, endlich ist auch das Tool durch... Hier das Log: Code:
ATTFilter ComboFix 13-05-14.01 - ****** 15.05.2013 1:02.1.4 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1033.18.2932.1524 [GMT 2:00] ausgeführt von:: c:\users\******\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files\Yammer\Yammer.exe c:\users\******\1508452.dll c:\users\******\4.0 c:\users\******\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk c:\users\******\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((( Dateien erstellt von 2013-04-14 bis 2013-05-14 )))))))))))))))))))))))))))))) . . 2013-05-14 22:03 . 2013-05-14 22:23 -------- d-----w- C:\_OTL 2013-04-18 08:50 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-18 08:49 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-18 08:49 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-18 08:49 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-18 08:49 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe 2013-04-18 08:49 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll 2013-04-18 08:49 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-18 08:49 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-07 15:01 . 2012-03-30 05:50 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-05-07 15:01 . 2011-10-20 19:22 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-05 15:22 . 2013-03-09 15:06 57344 ----a-r- c:\users\******\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2013-04-02 10:44 . 2011-11-08 09:17 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-04-02 10:43 . 2011-11-08 09:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-04-02 10:43 . 2011-11-08 09:17 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2013-03-27 15:25 . 2011-11-22 07:45 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-03-27 15:25 . 2011-11-22 07:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-03-27 15:14 . 2011-12-16 09:23 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-03-22 14:27 . 2013-03-22 14:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-22 14:27 . 2012-12-04 19:55 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-22 14:27 . 2011-09-19 09:37 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-04-20 16:17 . 2013-04-20 16:17 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-04 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-04 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-04 170520] "PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-03-24 1254760] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352] "TpShocks"="TpShocks.exe" [2011-01-14 337256] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-04-20 62312] "Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-08-03 115624] "AgentUiRunKey"="c:\program files\Iron Mountain\Connected BackupPC\Agent.exe" [2012-05-17 299856] "SAP_WUS_UNT"="c:\program files\SAP\SAPsetup\Setup\Updater\NwSapSetupUserNotificationTool.exe" [2011-06-20 115568] "FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] "Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-01-13 527312] . c:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Yammer.lnk - c:\program files\Yammer\Yammer.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 795936] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "FilterAdministratorToken"= 1 (0x1) "disablecad"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [x] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [x] R3 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [x] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x] R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x] S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [x] S2 cpextender;Check Point SSL Network Extender;c:\program files\CheckPoint\SSL Network Extender\slimsvc.exe [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x] S2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [x] S2 regi;regi;c:\windows\system32\drivers\regi.sys [x] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [x] S2 SAPSprint;SAPSprint;c:\program files\SAP\SAPSPrint\sapsprint.exe [x] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] S3 VNA;Check Point Virtual Network Adapter;c:\windows\system32\DRIVERS\vna.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Communicator_Anpassung_UBA] 2010-06-22 15:32 175140 ----a-w- c:\program files\Microsoft Office Communicator\Communicator-uba-ActiveSetup.EXE . Inhalt des "geplante Tasks" Ordners . 2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 17:11] . 2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 17:11] . 2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727Core.job - c:\users\******\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 21:01] . 2013-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1531082355-734649621-3782574898-1190727UA.job - c:\users\******\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-20 21:01] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = https://sso.********.com/authent/authent_form.asp uInternet Settings,ProxyOverride = *.local;<local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: libri.biz\mayersche Trusted Zone: mercateo.com\www Trusted Zone: bcdtravel-portal.net\www TCP: DhcpNameServer = 217.237.150.97 194.145.226.26 10.44.24.10 DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} - hxxps://sslgw1.beiersdorfgroup.com/CSHELL/extender.cab DPF: {CC679CB8-DC4B-458B-B817-D447B3B6AC31} - vpnweb.cab FF - ProfilePath - c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ffld4oo5.default\ FF - prefs.js: browser.startup.homepage - about:home . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe SafeBoot-Symantec Antvirus HKLM_ActiveSetup-{0009FEDA-0005-0409-0000-1111CAB70015} - msiexec HKLM_ActiveSetup-{0009FEDA-0006-0409-0000-1111CAB70015} - msiexec HKLM_ActiveSetup-{0009FEDA-0007-0409-0000-1111CAB70015} - msiexec HKLM_ActiveSetup-{BB26BFF5-5BB1-43D1-8D04-83A536D2EDD9} - msiexec . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(4520) c:\program files\ThinkPad\Bluetooth Software\btmmhook.dll c:\program files\ThinkPad\Utilities\PWMTR32V.DLL c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Cisco Systems\VPN Client\cvpnd.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE c:\windows\system32\sppsvc.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\CCM\CcmExec.exe c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe c:\windows\system32\taskhost.exe c:\program files\LENOVO\HOTKEY\tposdsvc.exe c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\windows\system32\msiexec.exe c:\windows\system32\conhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\igfxsrvc.exe c:\windows\System32\rundll32.exe c:\windows\System32\TpShocks.exe c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe c:\program files\Synaptics\SynTP\SynTPLpr.exe c:\windows\system32\igfxext.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\iPod\bin\iPodService.exe c:\program files\PC Connectivity Solution\ServiceLayer.exe c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe c:\windows\system32\wbem\WmiApSrv.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Lenovo\System Update\SUService.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-05-15 01:16:54 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-05-14 23:16 . Vor Suchlauf: 248.222.674.944 bytes free Nach Suchlauf: 248.061.083.648 bytes free . - - End Of File - - 9AF72EF69D7773EE2BE8B598B10DA85D |
15.05.2013, 00:28 | #23 |
/// Malware-holic | GVU Trojaner eingefangen... siehg gut aus. malwarebytes: Downloade Dir bitte Malwarebytes
lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert ist, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.05.2013, 00:48 | #24 |
| GVU Trojaner eingefangen... Hi, MalWarebytes Anti-Malware läuft noch... Die Liste aus CCleaner habe ich bearbeitet. Hier stehen allerdings auch Infos drin, die ich mit ***** unkenntlich gemacht habe. Code:
ATTFilter 7-Zip 4.65 19.09.2011 [verify-U]_AVS_IE_Add-on cybits AG 23.03.2013 1.0.0.3 notwendig Adobe AIR Adobe Systems Incorporated 18.04.2013 3.7.0.1530 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 23.04.2013 6,00MB 11.7.700.169 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 07.05.2013 6,00MB 11.7.700.197 notwendig Adobe Reader X (10.1.6) - Deutsch Adobe Systems Incorporated 25.02.2013 122MB 10.1.6 notwendig Apple Application Support Apple Inc. 26.02.2013 62,7MB 2.3.3 notwendig Apple Mobile Device Support Apple Inc. 26.02.2013 24,6MB 6.1.0.13 notwendig Apple Software Update Apple Inc. 12.02.2012 2,38MB 2.1.3.127 notwendig ARIS Express 2.3 Software AG 25.01.2012 notwendig Audacity 1.3.14 (Unicode) Audacity Team 13.01.2012 40,4MB notwendig BlackBerry Desktop Software 7.1 Research In Motion Ltd. 09.01.2013 7.1.0.37 notwendig Bonjour Apple Inc. 12.02.2012 1,02MB 3.0.0.10 notwendig Capexpenses Classic 2.0 ***** 14.01.2013 1,73MB 2.00.0000 notwendig Capexpenses_Core_V1.0 ***** 27.09.2011 88,1MB 1.00.0000 notwendig ***** Flags Template for PowerPoint 2007 7.03 ***** 27.09.2011 5,32MB 7.030 (10/09/02) notwendig ***** Maps Template for PowerPoint 2007 7.03 ***** 27.09.2011 16,5MB 7.030 (10/09/02) notwendig CCleaner Piriform 23.04.2013 4.01 notwendig CE Templates & Tools ***** 14.01.2013 27,5MB 7.5.4.0 notwendig CE Templates & Tools 7.5.2 ***** 02.03.2012 34,9MB 7.5.2.0 notwendig CGShortcuts ***** 27.09.2011 388KB 1.0.0.0 notwendig Check Point SSL Network Extender CheckPoint 29.11.2012 1,10MB 7.01.0000 notwendig Cisco AnyConnect Secure Mobility Client Cisco Systems, Inc. 12.04.2013 3.0.5080 notwendig Cisco Systems VPN Client 5.0.07.0290 Cisco Systems, Inc. 19.09.2011 11,5MB 5.0.6 notwendig Cisco WebEx Meetings Cisco WebEx LLC 07.12.2012 notwendig Conexant 20585 SmartAudio HD Conexant 19.09.2011 4.95.43.50 notwendig Connected Backup/PC Agent Autonomy Corporation plc 18.04.2013 120MB 8.6.2 notwendig DHTML Editing Component Microsoft Corporation 19.10.2011 554KB 6.02.0001 notwendig Dienstprogramm "ThinkPad UltraNav" Lenovo 19.09.2011 2.13.0 notwendig DNE Update Deterministic Networks, Inc. 19.09.2011 777KB 4.0.6.18274 unbekannt ExplorerSettings ***** 19.09.2011 400KB 1.0.0.1 notwendig Free M4a to MP3 Converter 7.2 ManiacTools.com 05.01.2013 4,02MB notwendig FreeCommander 2009.02b Marek Jasinski 31.12.2011 2009.02 notwendig FreeMind 02.08.2012 16,0MB 0.9.0 notwendig FreePDF (Remove only) 20.10.2011 notwendig Ghostscript GPL 19.09.2011 33,7MB 8.71 notwendig Google Chrome Google Inc. 20.11.2011 26.0.1410.64 notwendig Google Earth Plug-in Google 22.03.2013 80,7MB 7.0.3.8542 notwendig Google Toolbar for Internet Explorer Google Inc. 12.01.2013 7.4.3607.2246 notwendig iCloud Apple Inc. 16.04.2013 48,3MB 2.1.2.8 notwendig Image Resizer Powertoy Clone for Windows Brice Lambson 16.10.2012 132KB 2.1 notwendig internal_ss-1280x1024-sta_loc_pla Screen Saver 27.09.2011 notwendig InterVideo WinDVD 8 InterVideo Inc. 19.09.2011 158MB 8.0.20.178 notwendig iTunes Apple Inc. 26.02.2013 186MB 11.0.2.26 notwendig Java 7 Update 17 Oracle 22.03.2013 130MB 7.0.170 notwendig Java(TM) 6 Update 29 Oracle 19.09.2011 97,0MB 6.0.290 notwendig Lenovo Auto Scroll Utility 19.09.2011 1.00 notwendig Lenovo System Interface Driver 19.09.2011 1.05 notwendig LiveUpdate 3.3 (Symantec Corporation) Symantec Corporation 21.05.2012 3.3.0.102 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 15.05.2013 19,2MB 1.75.0.1300 notwendig Microsoft .NET Framework 1.1 Microsoft 09.10.2011 34,8MB 1.1.4322 notwendig Microsoft Conferencing Add-in for Microsoft Office Outlook Microsoft Corporation 25.06.2012 26,7MB 8.0.6362.202 notwendig Microsoft Office Access 2007 Microsoft Corporation 18.11.2011 12.0.6425.1000 notwendig Microsoft Office Access Runtime (English) 2007 Microsoft Corporation 17.01.2013 217MB 12.0.6425.1000 notwendig Microsoft Office Communicator 2007 R2 Microsoft Corporation 10.03.2012 53,1MB 3.5.6907.244 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 05.02.2012 7,91MB 14.0.5130.5003 notwendig Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 19.09.2011 12.0.6425.1000 notwendig Microsoft Office Live Meeting 2007 Microsoft Corporation 09.11.2011 117MB 8.0.6362.202 notwendig Microsoft Office Standard 2007 Microsoft Corporation 19.09.2011 12.0.6425.1000 notwendig Microsoft Office Visio Viewer 2007 Microsoft Corporation 05.02.2012 20,9MB 12.0.4518.1014 notwendig Microsoft redistributable runtime DLLs VS2005 SP1(x86) SAP 19.10.2011 4,28MB 8.0.50727.4053 notwendig Microsoft redistributable runtime DLLs VS2008 SP1(x86) SAP AG 19.10.2011 8,89MB 9.0 notwendig Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Corporation 19.09.2011 124KB 12.0.4518.1014 notwendig Microsoft Silverlight Microsoft Corporation 21.03.2013 118MB 5.1.20125.0 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 19.09.2011 300KB 8.0.61001 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 06.11.2011 2,06MB 9.0.21022 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 05.07.2012 234KB 9.0.30729 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09.03.2013 226KB 9.0.30729.4148 notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 07.11.2011 600KB 9.0.30729.6161 notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 09.03.2013 12,2MB 10.0.40219 notwendig Mozilla Firefox 20.0.1 (x86 de) Mozilla 22.04.2013 44,7MB 20.0.1 notwendig Mozilla Maintenance Service Mozilla 22.04.2013 330KB 20.0.1 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 19.09.2011 37,0KB 4.20.9870.0 notwendig MSXML 4.0 SP2 (KB973688) Microsoft Corporation 19.09.2011 1,33MB 4.20.9876.0 notwendig Nikon Message Center 2 Nikon 09.03.2013 9,42MB 2.1.0 notwendig Nikon Movie Editor Nikon 05.04.2013 30,7MB 2.7.0 notwendig Nokia Connectivity Cable Driver Nokia 03.11.2012 3,35MB 7.1.92.0 notwendig Nokia Suite Nokia 03.11.2012 3.6.36.0 notwendig On Screen Display 19.09.2011 6.24.00 notwendig PC Connectivity Solution Nokia 03.11.2012 15,0MB 12.0.48.0 notwendig Picture Control Utility Nikon 05.04.2013 27,2MB 1.4.11 notwendig QuickTime Apple Inc. 13.11.2012 73,1MB 7.73.80.64 notwendig RedMon - Redirection Port Monitor 20.10.2011 notwendig Safari Apple Inc. 22.05.2012 104MB 5.34.57.2 notwendig SAP Business Explorer SAP AG 19.10.2011 7.20 notwendig SAP Console 7.10 SAP AG 19.10.2011 notwendig SAP GUI for Windows 7.20 SAP 19.10.2011 7.20 Compilation 3 notwendig SAP JNet SAP AG 19.10.2011 notwendig SAP Netweaver Business Client 3.0 SAP AG 19.10.2011 notwendig SAP PDFPRINT SAP AG 19.10.2011 notwendig SAP Print Service SAP AG 19.10.2011 notwendig SAPSetup Automatic Workstation Update Service SAP AG 19.10.2011 notwendig Short Movie Creator Nikon 05.04.2013 67,9MB 1.3.1 notwendig Symantec Endpoint Protection Symantec Corporation 21.05.2012 441MB 11.0.7000.975 notwendig System Update Lenovo 19.09.2011 11,7MB 4.00.0046 notwendig ThinkPad Bluetooth with Enhanced Data Rate Software Broadcom Corporation 21.10.2011 88,4MB 6.2.1.100 notwendig ThinkPad Energie-Manager 19.09.2011 3.48 notwendig ThinkPad FullScreen Magnifier 19.09.2011 2.24 notwendig ThinkPad Modem Adapter Conexant Systems 19.09.2011 7.80.5.0 notwendig ThinkPad Power Management Driver 19.09.2011 1.60.0.4 notwendig ThinkPad UltraNav Driver 19.09.2011 46,4MB 15.2.20.0 notwendig ThinkVantage Communications Utility Lenovo 19.09.2011 2,43MB 1.41 notwendig ThinkVantage System für aktiven Festplattenschutz Lenovo 19.09.2011 8,77MB 1.74 notwendig ThinkVantage System Update notwendig ViewNX 2 Nikon 09.03.2013 53,1MB 2.4.0 notwendig VLC media player 2.0.5 VideoLAN 18.02.2013 2.0.5 notwendig Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) Nokia 03.11.2012 05/31/2012 7.1.2.0 notwendig Yammer Yammer Inc. 22.02.2012 300222 notwendig Überwachungstool für die Intel® Turbo-Boost-Technik Intel 19.09.2011 960KB 1.0.186.3 notwendig Hallo, jetzt ist auch Anti-Malware durchgelaufen. Hier das Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.14.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 sklose :: CE05278 [Administrator] 15.05.2013 01:32:30 mbam-log-2013-05-15 (01-32-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 349817 Laufzeit: 1 Stunde(n), 9 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke im Voraus für das Feedback! Gruß, S2k13 |
15.05.2013, 13:48 | #25 |
/// Malware-holic | GVU Trojaner eingefangen... deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Google Toolbar : sollte man drauf verzichten, is nur ein zusätzliches Risiko und sie verlangsamen den Browser Java : alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.05.2013, 18:42 | #26 |
| GVU Trojaner eingefangen... Hallo, danke auch für die weiteren Hinweise. AdwCleaner spuckt folgendes Log aus: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.300 - Logfile created 05/15/2013 at 19:27:18 # Updated 28/04/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : ****** - CE05278 # Boot Mode : Normal # Running from : C:\Users\******\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Software ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v20.0.1 (de) File : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\ffld4oo5.default\prefs.js [OK] File is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.2100] : homepage = "hxxp://www.startfenster.com", ************************* AdwCleaner[S1].txt - [1573 octets] - [15/05/2013 19:27:18] ########## EOF - C:\AdwCleaner[S1].txt - [1633 octets] ########## Hallo nochmal, gibt es noch weitere Schritte, die ich gehen muss, um meinen Rechner wieder komplett schadfrei zu bekommen? Sorry, habe die Frage im letzten Thread vergessen CU S2K13 |
15.05.2013, 21:11 | #27 |
/// Malware-holic | GVU Trojaner eingefangen... Neustarten bitte. Hitman Pro - Download - Filepony Hitmanpro laden, doppelklicken. Auf Scan. Nichts löschen. Auf weiter, Log als XML speichern und posten, bzw packen und anhängen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
15.05.2013, 22:12 | #28 |
| GVU Trojaner eingefangen... Hallo, Neustart erledigt & HitmanPro ausgeführt. Hier das Log: Geändert von S2k13 (15.05.2013 um 22:22 Uhr) |
15.05.2013, 22:12 | #29 |
| GVU Trojaner eingefangen... Wie geht's denn weiter...? CU S2k13 |
16.05.2013, 17:00 | #30 |
/// Malware-holic | GVU Trojaner eingefangen... du bist hier nicht der einzige, und ich werd dir schon sagen wies weiter geht :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu GVU Trojaner eingefangen... |
eingefangen, einträge, einträgen, files, forum, freischalten, funktionier, gefangen, geld, gen, gmer, gvu trojaner, gvu-trojaner, modus, poste, posten, programme, troja, trojaner, träge |