System Care Antivirus beseitigen

bumpf · 15.06.2013, 13:33

Hallo,

auch ich habe mir das "System Care Antivirus" eingefangen und bitte um Eure Hilfe.

Leider habe ich auch als erste Lösung beim googeln des Problems den Spy Hunter 4 heruntergeladen, was wohl keine Lösung des Problems darstellt, wie ich in diesem Forum nachlesen konnte. Die ständigen Meldungen von System Care Antivirus habe ich unterbunden durch die Eingabe des Aktivierungsschlüssels AA39754E-715219CE, wie unter der "Abhilfeseite" mit der Lösung des Spy Hunters beschrieben.

Mehr oder weniger geschützt ist mein PC mit dem kostenlosen Avira Antivirenprogramm. Beim Hochladen des PC's erscheint seit einigen Tagen die Hinweismeldung, dass eine evtl. nicht vertrauenswürde Quelle "Softwareupdater" auf den PC zugreifen möchte. Ich habe bislang noch keine Programme (System Care Antivirus, Spy Hunter) deinstalliert, die Verknüpfungen liegen noch auf dem Desktop.

Wie in Eurer Checkliste beschrieben, habe ich OTL heruntergeladen und den quickscan durchgeführt, Datei Extras.txt anbei, Datei OTL.Txt zum hochladen zu groß, Inhalt nachfolgend.

Auch defogger habe ich mit Doppelklick heruntergeladen. Ich nutze das Berriebssystem Vista und wollte den Hinweis "Vista und Win7 User mit Rechtsklick und als Administrator starten" befolgen, allerdings erscheint beim Rechtsklick nicht die Auswahlmöglichkeit "als admin starten", weshalb ich den GMER scan (Schritt 3) noch nicht durchgeführt habe. Reicht der gewöhnliche Doppelklick aus?

Vielen Dank bereits im voraus, vG Oli

Datei OTL.Txt:

OTL logfile created on: 15.06.2013 13:51:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oli\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,99 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 56,14% Memory free
6,20 Gb Paging File | 4,58 Gb Available in Paging File | 74,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 227,40 Gb Total Space | 21,90 Gb Free Space | 9,63% Space Free | Partition Type: NTFS

Computer Name: TSITSIS-PC | User Name: Oli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.06.14 14:11:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oli\Desktop\OTL.exe
PRC - [2013.05.07 16:18:50 | 006,425,984 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SpyHunter4.exe
PRC - [2013.05.07 16:18:42 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2013.05.07 13:34:12 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.05.07 13:34:10 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.04.01 13:28:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.01 13:28:32 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.01 13:28:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.01.28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012.10.29 18:34:28 | 000,300,480 | ---- | M] (Abine Inc.) -- C:\Programme\Ask.com\AbineSDK\IE\DNTPService.exe
PRC - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.27 12:01:20 | 000,238,880 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008.10.27 12:01:18 | 000,116,000 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008.10.27 11:28:06 | 000,565,248 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008.06.06 18:26:38 | 000,520,192 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008.03.14 11:08:38 | 000,054,560 | ---- | M] (Lenovo.) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.11.29 19:43:44 | 000,841,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\password_manager.exe
PRC - [2007.11.29 18:56:34 | 000,722,232 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.03.16 05:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe
PRC - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Programme\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2007.01.30 05:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (No Company Name) ==========

MOD - [2012.10.29 18:34:28 | 000,245,696 | ---- | M] () -- C:\Programme\Ask.com\AbineSDK\IE\DNTPButton.dll
MOD - [2012.10.29 18:34:28 | 000,051,136 | ---- | M] () -- C:\Programme\Ask.com\AbineSDK\IE\DNTPServicePS.dll

========== Services (SafeList) ==========

SRV - [2013.06.12 16:57:16 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.15 18:23:36 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.07 16:18:42 | 000,770,432 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Programme\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2013.05.07 13:34:12 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.05.02 16:18:29 | 000,296,448 | ---- | M] () [Auto | Stopped] -- C:\Programme\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.04.01 13:28:38 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.01 13:28:31 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.28 14:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.11 11:56:48 | 000,603,664 | ---- | M] (Soluto) [Auto | Stopped] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2011.07.25 23:14:00 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.06.13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.10 18:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010.12.10 18:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2010.09.23 01:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.15 11:18:00 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2008.10.27 12:01:20 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008.10.27 12:01:18 | 000,116,000 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008.06.06 18:26:38 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008.05.07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.03.14 11:08:38 | 000,054,560 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.11.29 18:56:34 | 000,722,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007.03.16 05:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007.03.14 15:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Programme\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007.03.14 15:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Programme\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2007.01.30 05:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006.11.15 16:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [On_Demand | Stopped] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vsdatant.sys -- (Vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013.04.01 13:28:39 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.01 13:28:39 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.01 13:28:39 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.16 16:51:36 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.09.11 11:51:28 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\Soluto.sys -- (Soluto)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.06.22 12:01:32 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2009.05.28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.12.31 03:04:30 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2008.05.12 19:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.04.12 09:44:37 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008.02.22 16:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008.01.21 04:23:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007.06.16 21:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.03.21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.12.19 02:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.11.09 14:34:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2006.11.08 09:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.06 10:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A03ED460-C02F-432E-9342-F6FD4A58F8FE}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/3000notebook [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119556&babsrc=SP_ss&mntrId=aef043bc000000000000001fe1e6ccec
IE - HKCU\..\SearchScopes\{39878658-3752-4733-BB04-5F9C10238C2B}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{3B5949CE-17C6-4019-8D6C-909A620E2BC1}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{65850DB7-5761-4F85-8ECE-3BB23CB0AAE3}: "URL" = hxxp://go.web.de/suchbox/ebay?query={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://go.web.de/suchbox/google?q={searchTerms}&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{A03ED460-C02F-432E-9342-F6FD4A58F8FE}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
IE - HKCU\..\SearchScopes\{A5BEED6C-FE8D-4955-B794-A47999048803}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{AFBA95A4-CF86-49DC-A67D-4E207B28DA29}: "URL" = hxxp://go.1und1.de/suchbox/amazon?tag=1und1icon-21&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{C45A5A1F-F6E8-4B8D-892C-55093C78D74D}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{D95DC870-3FB7-483B-9726-85C0FE205A6E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=bd407759-ed6e-4325-ad99-47f37c1ffaae&apn_sauid=98DFC086-8889-40FB-83F9-7DB7F4C5957A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 14:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.27 14:29:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011.01.02 00:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oli\AppData\Roaming\mozilla\Extensions
[2010.08.26 23:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oli\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.02.19 00:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.delta-search.com/?affID=119556&babsrc=HP_ss&mntrId=aef043bc000000000000001fe1e6ccec
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Avira Toolbar = C:\Users\Oli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.11.0_0\
CHR - Extension: Google Drive = C:\Users\Oli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Oli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Oli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Oli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Programme\PC-Doctor\ATLPcdToolbar544936.dll (PC-Doctor, Inc.)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [EPSON Stylus DX4800 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Iwiwguugu] C:\Users\Oli\AppData\Roaming\Saboy\ezhys.exe (Acronis)
O4 - HKCU..\RunOnce: [AEF6D49D3B9B43BC0000AEF625AC48EF] C:\ProgramData\AEF6D49D3B9B43BC0000AEF625AC48EF\AEF6D49D3B9B43BC0000AEF625AC48EF.exe ()
O4 - Startup: C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7094888-3555-4B22-BC73-07B5799030A6}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programme\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.06.14 14:11:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oli\Desktop\OTL.exe
[2013.06.14 13:13:48 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013.06.14 13:13:47 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013.06.14 13:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.06.14 13:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.13 12:11:53 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.06.12 14:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AEF6D49D3B9B43BC0000AEF625AC48EF
[2013.06.10 14:22:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.10 14:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.05.29 18:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2013.05.29 18:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2013.05.27 18:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2013.05.27 18:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\1und1DesktopIconsInstaller
[2013.05.24 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Saboy
[2013.05.24 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Pocy
[2013.05.24 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Iptely
[2013.05.16 14:46:22 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Local\{C39D3058-CF3E-47CE-83C3-293E6910C2A4}
[2013.05.16 14:46:22 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Local\{22B47A58-C118-4B41-9E73-08653B18B842}
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.06.15 13:43:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.15 13:42:09 | 000,000,000 | ---- | M] () -- C:\Users\Oli\defogger_reenable
[2013.06.15 13:41:06 | 000,050,477 | ---- | M] () -- C:\Users\Oli\Desktop\Defogger.exe
[2013.06.15 13:08:51 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.15 13:08:00 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.15 13:07:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.15 13:07:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.14 14:11:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oli\Desktop\OTL.exe
[2013.06.14 13:13:50 | 000,002,083 | ---- | M] () -- C:\Users\Oli\Desktop\SpyHunter.lnk
[2013.06.14 13:11:45 | 000,000,125 | ---- | M] () -- C:\Users\Oli\Desktop\System Care Antivirus Support Site.url
[2013.06.14 11:43:54 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.13 19:50:16 | 000,025,311 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2013.06.13 19:49:41 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2013.06.13 19:49:11 | 3211,190,272 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.13 19:48:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013.06.13 12:11:53 | 000,002,006 | ---- | M] () -- C:\Users\Oli\Desktop\System Care Antivirus.lnk
[2013.06.12 13:38:09 | 000,008,790 | ---- | M] () -- C:\Users\Oli\Documents\cc_20130612_133805.reg
[2013.06.12 13:37:48 | 000,016,178 | ---- | M] () -- C:\Users\Oli\Documents\cc_20130612_133728.reg
[2013.06.10 14:22:01 | 000,001,674 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.08 16:28:40 | 000,000,393 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html
[2013.06.06 12:17:34 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.04 17:32:02 | 000,269,890 | ---- | M] () -- C:\Users\Oli\Documents\Hotel Xapala 08-2013.xps
[2013.05.29 18:15:14 | 000,333,798 | ---- | M] () -- C:\Users\Oli\Documents\QuickSteuer_2012_Dasi.zip
[2013.05.27 18:50:02 | 000,001,821 | ---- | M] () -- C:\Users\Oli\Desktop\Amazon.lnk
[2013.05.27 18:50:02 | 000,001,819 | ---- | M] () -- C:\Users\Oli\Desktop\WEB.DE.lnk
[2013.05.27 18:50:02 | 000,001,813 | ---- | M] () -- C:\Users\Oli\Desktop\eBay.lnk
[2013.05.27 14:28:35 | 000,001,736 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.27 14:07:12 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2013.05.16 18:18:47 | 000,763,448 | ---- | M] () -- C:\Users\Oli\Documents\AH-Turnier_22.06.2013.pdf
[2013.05.16 15:33:42 | 000,775,736 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.16 15:33:42 | 000,687,144 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.16 15:33:42 | 000,181,738 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.16 15:33:42 | 000,150,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.06.15 13:42:09 | 000,000,000 | ---- | C] () -- C:\Users\Oli\defogger_reenable
[2013.06.15 13:41:02 | 000,050,477 | ---- | C] () -- C:\Users\Oli\Desktop\Defogger.exe
[2013.06.14 13:13:50 | 000,002,083 | ---- | C] () -- C:\Users\Oli\Desktop\SpyHunter.lnk
[2013.06.14 13:11:45 | 000,000,125 | ---- | C] () -- C:\Users\Oli\Desktop\System Care Antivirus Support Site.url
[2013.06.13 12:11:53 | 000,002,006 | ---- | C] () -- C:\Users\Oli\Desktop\System Care Antivirus.lnk
[2013.06.12 13:38:07 | 000,008,790 | ---- | C] () -- C:\Users\Oli\Documents\cc_20130612_133805.reg
[2013.06.12 13:37:37 | 000,016,178 | ---- | C] () -- C:\Users\Oli\Documents\cc_20130612_133728.reg
[2013.06.10 14:22:01 | 000,001,674 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.04 17:32:01 | 000,269,890 | ---- | C] () -- C:\Users\Oli\Documents\Hotel Xapala 08-2013.xps
[2013.05.28 15:26:22 | 000,333,798 | ---- | C] () -- C:\Users\Oli\Documents\QuickSteuer_2012_Dasi.zip
[2013.05.27 14:28:35 | 000,001,736 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013.05.16 18:18:46 | 000,763,448 | ---- | C] () -- C:\Users\Oli\Documents\AH-Turnier_22.06.2013.pdf
[2012.09.17 22:24:15 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\FDB9BCFACE.sys
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012.06.22 12:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2012.05.20 17:07:32 | 000,003,584 | ---- | C] () -- C:\Users\Oli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.09 19:38:06 | 000,140,386 | ---- | C] () -- C:\Users\Oli\Steuer 2009-22.xps
[2011.10.09 19:37:55 | 000,180,768 | ---- | C] () -- C:\Users\Oli\Steuer 2009-21.xps
[2011.10.09 19:37:46 | 000,140,386 | ---- | C] () -- C:\Users\Oli\Steuer 2009-20.xps
[2011.10.09 19:37:34 | 000,180,526 | ---- | C] () -- C:\Users\Oli\Steuer 2009-19.xps
[2011.10.09 19:37:25 | 000,119,037 | ---- | C] () -- C:\Users\Oli\Steuer 2009-18.xps
[2011.10.09 19:37:15 | 000,126,681 | ---- | C] () -- C:\Users\Oli\Steuer 2009-17.xps
[2011.10.09 19:37:06 | 000,117,028 | ---- | C] () -- C:\Users\Oli\Steuer 2009-16.xps
[2011.10.09 19:36:56 | 000,134,148 | ---- | C] () -- C:\Users\Oli\Steuer 2009-15.xps
[2011.10.09 19:36:45 | 000,141,433 | ---- | C] () -- C:\Users\Oli\Steuer 2009-14.xps
[2011.10.09 19:36:28 | 000,144,882 | ---- | C] () -- C:\Users\Oli\Steuer 2009-13.xps
[2011.10.09 19:36:19 | 000,126,637 | ---- | C] () -- C:\Users\Oli\Steuer 2009-12.xps
[2011.10.09 19:36:11 | 000,121,118 | ---- | C] () -- C:\Users\Oli\Steuer 2009-11.xps
[2011.10.09 19:36:02 | 000,116,354 | ---- | C] () -- C:\Users\Oli\Steuer 2009-10.xps
[2011.10.09 19:35:52 | 000,133,883 | ---- | C] () -- C:\Users\Oli\Steuer 2009-9.xps
[2011.10.09 19:35:42 | 000,141,244 | ---- | C] () -- C:\Users\Oli\Steuer 2009-8.xps
[2011.10.09 19:35:31 | 000,144,818 | ---- | C] () -- C:\Users\Oli\Steuer 2009-7.xps
[2011.10.09 19:35:20 | 000,125,025 | ---- | C] () -- C:\Users\Oli\Steuer 2009-6.xps
[2011.10.09 19:35:07 | 000,142,014 | ---- | C] () -- C:\Users\Oli\Steuer 2009-5.xps
[2011.10.09 19:34:54 | 000,145,534 | ---- | C] () -- C:\Users\Oli\V-4.xps
[2011.10.09 19:34:41 | 000,122,916 | ---- | C] () -- C:\Users\Oli\Steuer 2009-3.xps
[2011.10.09 19:34:31 | 000,143,199 | ---- | C] () -- C:\Users\Oli\Steuer 2009-2.xps
[2011.10.09 19:34:09 | 000,141,829 | ---- | C] () -- C:\Users\Oli\Steuer 2009-1.xps
[2011.10.09 19:33:48 | 000,144,729 | ---- | C] () -- C:\Users\Oli\Steuer 2009.xps
[2011.10.09 19:33:20 | 000,117,435 | ---- | C] () -- C:\Users\Oli\Steuererklärung 2009 Unterlagen für FA.xps
[2011.01.30 01:51:52 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.06.10 20:33:20 | 000,010,599 | ---- | C] () -- C:\Users\Oli\OliverTsitsiganos_Tsitsi_elster_2048.pfx
[2010.04.11 11:59:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.08 19:46:23 | 000,007,355 | ---- | C] () -- C:\Users\Oli\SharePodSettings.xml
[2008.12.14 15:40:50 | 000,001,356 | ---- | C] () -- C:\Users\Oli\AppData\Local\d3d9caps.dat
[2008.08.16 08:52:19 | 001,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe

========== ZeroAccess Check ==========

[2009.04.17 00:05:44 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.12.27 23:35:59 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\1&1
[2013.02.24 18:35:55 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\1&1 Mail & Media GmbH
[2013.05.12 17:52:17 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Acinwa
[2011.01.02 00:44:40 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Auslogics
[2013.02.19 00:08:43 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Babylon
[2011.01.02 00:44:40 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\CheckPoint
[2009.05.31 15:44:48 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Downloaded Installations
[2013.05.10 15:22:02 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Geqoo
[2009.12.29 01:16:54 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Haufe
[2011.06.29 00:45:21 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Internet-Radio Player
[2013.06.12 17:55:05 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Iptely
[2013.02.18 23:44:07 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\IrfanView
[2012.07.31 23:49:12 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\kock
[2012.12.27 00:11:56 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Leadertech
[2009.06.08 22:28:47 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Lenovo
[2009.12.29 00:48:03 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Lexware
[2011.01.02 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Nokia
[2011.01.02 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Nokia Ovi Suite
[2013.02.08 02:37:05 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\OpenOffice.org
[2011.01.02 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\PC Suite
[2013.05.24 14:03:20 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Pocy
[2013.05.24 14:03:20 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Saboy
[2011.01.02 00:44:41 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\SharePod
[2013.05.10 14:51:27 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Siutve
[2011.01.02 01:11:47 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Thunderbird
[2012.09.17 23:11:50 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\TuneUp Software
[2012.08.02 22:47:33 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\UAs
[2010.08.04 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\Update
[2012.08.02 22:47:33 | 000,000,000 | ---D | M] -- C:\Users\Oli\AppData\Roaming\xmldm

========== Purity Check ==========

< End of report >

markusg · 15.06.2013, 13:36

Hi,

otl fix

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\RunOnce: [AEF6D49D3B9B43BC0000AEF625AC48EF] C:\ProgramData\AEF6D49D3B9B43BC0000AEF625AC48EF\AEF6D49D3B9B43BC0000AEF625AC48EF.exe ()
O4 - HKCU..\Run: [Iwiwguugu] C:\Users\Oli\AppData\Roaming\Saboy\ezhys.exe (Acronis)
[2013.05.24 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Pocy
[2013.05.24 14:03:20 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Iptely
[2013.06.13 12:11:53 | 000,000,000 | ---D | C] -- C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus
[2013.06.13 12:11:53 | 000,002,006 | ---- | M] () -- C:\Users\Oli\Desktop\System Care Antivirus.lnk
:files
C:\ProgramData\AEF6D49D3B9B43BC0000AEF625AC48EF
C:\Users\Oli\AppData\Roaming\Saboy
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

bumpf · 15.06.2013, 14:14

Hallo markusg,

vielen Dank erstmal für die schnelle Hilfestellung!!

Anbei der Inhalt des OTL-Textdokuments:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AEF6D49D3B9B43BC0000AEF625AC48EF deleted successfully.
C:\ProgramData\AEF6D49D3B9B43BC0000AEF625AC48EF\AEF6D49D3B9B43BC0000AEF625AC48EF.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Iwiwguugu deleted successfully.
C:\Users\Oli\AppData\Roaming\Saboy\ezhys.exe moved successfully.
C:\Users\Oli\AppData\Roaming\Pocy folder moved successfully.
C:\Users\Oli\AppData\Roaming\Iptely folder moved successfully.
C:\Users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus folder moved successfully.
C:\Users\Oli\Desktop\System Care Antivirus.lnk moved successfully.
========== FILES ==========
C:\ProgramData\AEF6D49D3B9B43BC0000AEF625AC48EF folder moved successfully.
C:\Users\Oli\AppData\Roaming\Saboy folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Oli
->Temp folder emptied: 51757850 bytes
->Temporary Internet Files folder emptied: 3867296 bytes
->Java cache emptied: 43989603 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 180902 bytes
%systemroot%\System32 .tmp files removed: 29024 bytes
%systemroot%\System32\drivers .tmp files removed: 279440 bytes
Windows Temp folder emptied: 200462 bytes
RecycleBin emptied: 602112 bytes

Total Files Cleaned = 96,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06152013_144857

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Ich denke der Upload hat funktioniert, ich erhielt folgende Mitteilung:

Datei: MovedFiles.zip_1 empfangen

Vorgang erfolgreich abgeschlossen

VG
Oli

markusg · 15.06.2013, 14:16

Danke fürs hochladen
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

bumpf · 15.06.2013, 14:32

Anbei der Inhalt der Textdatei (war leider zu groß für Dateianhang

):

15:21:28.0292 4184 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:21:28.0510 4184 ============================================================
15:21:28.0510 4184 Current date / time: 2013/06/15 15:21:28.0510
15:21:28.0510 4184 SystemInfo:
15:21:28.0510 4184
15:21:28.0510 4184 OS Version: 6.0.6002 ServicePack: 2.0
15:21:28.0510 4184 Product type: Workstation
15:21:28.0510 4184 ComputerName: TSITSIS-PC
15:21:28.0510 4184 UserName: Oli
15:21:28.0510 4184 Windows directory: C:\Windows
15:21:28.0510 4184 System windows directory: C:\Windows
15:21:28.0510 4184 Processor architecture: Intel x86
15:21:28.0510 4184 Number of processors: 2
15:21:28.0510 4184 Page size: 0x1000
15:21:28.0510 4184 Boot type: Normal boot
15:21:28.0510 4184 ============================================================
15:21:29.0150 4184 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:21:29.0150 4184 ============================================================
15:21:29.0150 4184 \Device\Harddisk0\DR0:
15:21:29.0150 4184 MBR partitions:
15:21:29.0150 4184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAF7800, BlocksNum 0x1C6CD800
15:21:29.0150 4184 ============================================================
15:21:29.0181 4184 C: <-> \Device\Harddisk0\DR0\Partition1
15:21:29.0181 4184 ============================================================
15:21:29.0181 4184 Initialize success
15:21:29.0181 4184 ============================================================
15:23:21.0420 5072 ============================================================
15:23:21.0420 5072 Scan started
15:23:21.0420 5072 Mode: Manual; SigCheck; TDLFS;
15:23:21.0420 5072 ============================================================
15:23:22.0855 5072 ================ Scan system memory ========================
15:23:22.0855 5072 System memory - ok
15:23:22.0855 5072 ================ Scan services =============================
15:23:23.0386 5072 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:23:23.0495 5072 ACPI - ok
15:23:23.0729 5072 [ F297DEF80AEDDAD06B16F45AB89DE99E ] AcPrfMgrSvc C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
15:23:23.0745 5072 AcPrfMgrSvc - ok
15:23:23.0869 5072 [ BC4F98D595EED0A21E498C35A2424A49 ] AcSvc C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
15:23:23.0885 5072 AcSvc - ok
15:23:23.0947 5072 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:23:23.0963 5072 AdobeFlashPlayerUpdateSvc - ok
15:23:24.0025 5072 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:23:24.0056 5072 adp94xx - ok
15:23:24.0150 5072 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:23:24.0166 5072 adpahci - ok
15:23:24.0228 5072 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:23:24.0244 5072 adpu160m - ok
15:23:24.0322 5072 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:23:24.0337 5072 adpu320 - ok
15:23:24.0431 5072 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:23:24.0571 5072 AeLookupSvc - ok
15:23:24.0602 5072 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:23:24.0696 5072 AFD - ok
15:23:24.0727 5072 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
15:23:24.0805 5072 AgereModemAudio - ok
15:23:25.0008 5072 [ A19871AE65A769C65034B4DC44C29023 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
15:23:25.0538 5072 AgereSoftModem - ok
15:23:25.0569 5072 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:23:25.0772 5072 agp440 - ok
15:23:25.0835 5072 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:23:25.0850 5072 aic78xx - ok
15:23:25.0881 5072 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:23:26.0037 5072 ALG - ok
15:23:26.0069 5072 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
15:23:26.0084 5072 aliide - ok
15:23:26.0115 5072 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:23:26.0131 5072 amdagp - ok
15:23:26.0178 5072 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
15:23:26.0193 5072 amdide - ok
15:23:26.0240 5072 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:23:26.0381 5072 AmdK7 - ok
15:23:26.0396 5072 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:23:26.0474 5072 AmdK8 - ok
15:23:26.0786 5072 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:23:26.0802 5072 AntiVirSchedulerService - ok
15:23:26.0864 5072 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:23:26.0880 5072 AntiVirService - ok
15:23:26.0958 5072 [ 9EDAE2D1CA368E8D01BEE8BFBC9488E4 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
15:23:26.0973 5072 AntiVirWebService - ok
15:23:27.0067 5072 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:23:27.0129 5072 Appinfo - ok
15:23:27.0316 5072 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:23:27.0332 5072 Apple Mobile Device - ok
15:23:27.0363 5072 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
15:23:27.0379 5072 arc - ok
15:23:27.0441 5072 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:23:27.0457 5072 arcsas - ok
15:23:27.0504 5072 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:23:27.0550 5072 AsyncMac - ok
15:23:27.0582 5072 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:23:27.0597 5072 atapi - ok
15:23:27.0722 5072 [ F70D2392158CB68E775F8C4CD3D12FBB ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
15:23:27.0784 5072 ATSWPDRV - ok
15:23:27.0893 5072 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:23:27.0971 5072 AudioEndpointBuilder - ok
15:23:27.0987 5072 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:23:28.0003 5072 Audiosrv - ok
15:23:28.0049 5072 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:23:28.0049 5072 avgntflt - ok
15:23:28.0081 5072 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:23:28.0096 5072 avipbb - ok
15:23:28.0174 5072 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:23:28.0190 5072 avkmgr - ok
15:23:28.0315 5072 [ 0B92CCF7BFCBE2B33838434F2F50CB61 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:23:28.0393 5072 b57nd60x - ok
15:23:28.0439 5072 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:23:28.0455 5072 BcmSqlStartupSvc - ok
15:23:28.0486 5072 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:23:28.0549 5072 Beep - ok
15:23:28.0767 5072 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:23:28.0876 5072 BFE - ok
15:23:28.0954 5072 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
15:23:29.0048 5072 BITS - ok
15:23:29.0141 5072 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:23:29.0219 5072 blbdrive - ok
15:23:29.0438 5072 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:23:29.0672 5072 Bonjour Service - ok
15:23:29.0750 5072 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:23:29.0812 5072 bowser - ok
15:23:29.0843 5072 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:23:29.0906 5072 BrFiltLo - ok
15:23:29.0937 5072 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:23:29.0984 5072 BrFiltUp - ok
15:23:30.0093 5072 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:23:30.0202 5072 Browser - ok
15:23:30.0327 5072 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:23:30.0561 5072 Brserid - ok
15:23:30.0576 5072 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:23:30.0639 5072 BrSerWdm - ok
15:23:30.0670 5072 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:23:30.0763 5072 BrUsbMdm - ok
15:23:30.0810 5072 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:23:30.0919 5072 BrUsbSer - ok
15:23:31.0060 5072 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
15:23:31.0107 5072 BthEnum - ok
15:23:31.0185 5072 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:23:31.0278 5072 BTHMODEM - ok
15:23:31.0325 5072 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:23:31.0403 5072 BthPan - ok
15:23:31.0699 5072 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:23:31.0777 5072 BTHPORT - ok
15:23:31.0964 5072 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
15:23:32.0074 5072 BthServ - ok
15:23:32.0120 5072 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:23:32.0183 5072 BTHUSB - ok
15:23:32.0339 5072 [ 636F45A8500C1438CFA7DEE15FC5C184 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:23:32.0354 5072 btwaudio - ok
15:23:32.0464 5072 [ BF9256FF01B093A5D90BB7A35EC90410 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
15:23:32.0479 5072 btwavdt - ok
15:23:32.0495 5072 [ 0AB8C1AC177AFB27309E1072FAF34A37 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:23:32.0510 5072 btwrchid - ok
15:23:32.0542 5072 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:23:32.0620 5072 cdfs - ok
15:23:32.0635 5072 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:23:32.0713 5072 cdrom - ok
15:23:32.0760 5072 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:23:32.0791 5072 CertPropSvc - ok
15:23:32.0916 5072 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
15:23:33.0009 5072 circlass - ok
15:23:33.0041 5072 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:23:33.0056 5072 CLFS - ok
15:23:33.0399 5072 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:23:33.0477 5072 clr_optimization_v2.0.50727_32 - ok
15:23:33.0665 5072 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:23:33.0727 5072 clr_optimization_v4.0.30319_32 - ok
15:23:33.0727 5072 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:23:33.0758 5072 CmBatt - ok
15:23:33.0789 5072 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:23:33.0805 5072 cmdide - ok
15:23:33.0914 5072 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:23:33.0930 5072 Compbatt - ok
15:23:33.0930 5072 COMSysApp - ok
15:23:33.0977 5072 cpuz135 - ok
15:23:33.0992 5072 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:23:34.0008 5072 crcdisk - ok
15:23:34.0039 5072 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:23:34.0101 5072 Crusoe - ok
15:23:34.0257 5072 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:23:34.0304 5072 CryptSvc - ok
15:23:34.0569 5072 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:23:34.0632 5072 DcomLaunch - ok
15:23:34.0694 5072 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:23:34.0756 5072 DfsC - ok
15:23:34.0975 5072 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:23:35.0349 5072 DFSR - ok
15:23:35.0380 5072 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:23:35.0427 5072 Dhcp - ok
15:23:35.0474 5072 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:23:35.0490 5072 disk - ok
15:23:35.0677 5072 [ 5F4944CFB8E60F2B02B7CD7419B3C314 ] Diskeeper C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
15:23:35.0708 5072 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
15:23:35.0708 5072 Diskeeper - detected UnsignedFile.Multi.Generic (1)
15:23:35.0755 5072 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:23:35.0817 5072 Dnscache - ok
15:23:35.0864 5072 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:23:35.0911 5072 dot3svc - ok
15:23:35.0989 5072 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:23:36.0020 5072 DPS - ok
15:23:36.0051 5072 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:23:36.0082 5072 drmkaud - ok
15:23:36.0176 5072 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:23:36.0238 5072 DXGKrnl - ok
15:23:36.0316 5072 [ 908ED85B7806E8AF3AF5E9B74F7809D4 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
15:23:36.0379 5072 e1express - ok
15:23:36.0425 5072 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:23:36.0488 5072 E1G60 - ok
15:23:36.0535 5072 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:23:36.0597 5072 EapHost - ok
15:23:36.0659 5072 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:23:36.0675 5072 Ecache - ok
15:23:36.0769 5072 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:23:36.0784 5072 ehRecvr - ok
15:23:36.0847 5072 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
15:23:36.0878 5072 ehSched - ok
15:23:36.0909 5072 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
15:23:36.0940 5072 ehstart - ok
15:23:36.0987 5072 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:23:37.0018 5072 elxstor - ok
15:23:37.0236 5072 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:23:37.0330 5072 EMDMgmt - ok
15:23:37.0377 5072 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:23:37.0392 5072 ErrDev - ok
15:23:37.0486 5072 [ 01CE484FF6D70A39479BC6D619DE7ED6 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys
15:23:37.0502 5072 EsgScanner - ok
15:23:37.0548 5072 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:23:37.0595 5072 EventSystem - ok
15:23:37.0611 5072 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:23:37.0673 5072 exfat - ok
15:23:37.0704 5072 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:23:37.0736 5072 fastfat - ok
15:23:37.0798 5072 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:23:37.0876 5072 fdc - ok
15:23:37.0970 5072 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:23:38.0001 5072 fdPHost - ok
15:23:38.0110 5072 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:23:38.0172 5072 FDResPub - ok
15:23:38.0188 5072 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:23:38.0203 5072 FileInfo - ok
15:23:38.0375 5072 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:23:38.0469 5072 Filetrace - ok
15:23:38.0484 5072 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:23:38.0547 5072 flpydisk - ok
15:23:38.0578 5072 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:23:38.0593 5072 FltMgr - ok
15:23:38.0890 5072 [ C4C9A48C3339B6335F8F0DB1F47BB668 ] FNF5SVC C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
15:23:38.0905 5072 FNF5SVC - ok
15:23:39.0171 5072 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:23:39.0311 5072 FontCache - ok
15:23:39.0638 5072 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:23:39.0670 5072 FontCache3.0.0.0 - ok
15:23:39.0779 5072 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:23:39.0794 5072 fssfltr - ok
15:23:39.0982 5072 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:23:40.0247 5072 fsssvc - ok
15:23:40.0325 5072 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:23:40.0418 5072 Fs_Rec - ok
15:23:40.0434 5072 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:23:40.0450 5072 gagp30kx - ok
15:23:40.0543 5072 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:23:40.0559 5072 GEARAspiWDM - ok
15:23:40.0761 5072 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:23:40.0824 5072 gpsvc - ok
15:23:40.0902 5072 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:23:40.0917 5072 gupdate - ok
15:23:40.0933 5072 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:23:40.0933 5072 gupdatem - ok
15:23:41.0073 5072 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:23:41.0089 5072 gusvc - ok
15:23:41.0136 5072 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:23:41.0214 5072 HdAudAddService - ok
15:23:41.0417 5072 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:23:41.0495 5072 HDAudBus - ok
15:23:41.0541 5072 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:23:41.0635 5072 HidBth - ok
15:23:41.0682 5072 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:23:41.0760 5072 HidIr - ok
15:23:41.0822 5072 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
15:23:41.0853 5072 hidserv - ok
15:23:41.0963 5072 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:23:42.0025 5072 HidUsb - ok
15:23:42.0087 5072 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:23:42.0134 5072 hkmsvc - ok
15:23:42.0181 5072 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:23:42.0196 5072 HpCISSs - ok
15:23:42.0368 5072 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:23:42.0477 5072 HTTP - ok
15:23:42.0508 5072 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:23:42.0524 5072 i2omp - ok
15:23:42.0571 5072 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:23:42.0649 5072 i8042prt - ok
15:23:42.0914 5072 [ 7B96206E4BDD2FE582F0DBC46F5F410E ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
15:23:42.0930 5072 IAANTMON - ok
15:23:42.0992 5072 [ 80C633722DA72E97F3F5B3B11325696D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:23:43.0008 5072 iaStor - ok
15:23:43.0086 5072 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:23:43.0132 5072 iaStorV - ok
15:23:43.0179 5072 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:23:43.0210 5072 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:23:43.0210 5072 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:23:43.0429 5072 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:23:43.0507 5072 idsvc - ok
15:23:44.0645 5072 [ A9221D13D8F1F772010EE293BA9BAEB7 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:23:45.0238 5072 igfx - ok
15:23:45.0269 5072 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:23:45.0300 5072 iirsp - ok
15:23:45.0456 5072 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:23:45.0503 5072 IKEEXT - ok
15:23:45.0706 5072 [ 2BD6633DB50A98534AA3262E0F9F5A14 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:23:45.0815 5072 IntcAzAudAddService - ok
15:23:45.0862 5072 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
15:23:45.0878 5072 intelide - ok
15:23:45.0909 5072 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:23:45.0956 5072 intelppm - ok
15:23:46.0080 5072 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:23:46.0205 5072 IPBusEnum - ok
15:23:46.0252 5072 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:23:46.0299 5072 IpFilterDriver - ok
15:23:46.0439 5072 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:23:46.0533 5072 iphlpsvc - ok
15:23:46.0533 5072 IpInIp - ok
15:23:46.0579 5072 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:23:46.0657 5072 IPMIDRV - ok
15:23:46.0735 5072 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:23:46.0798 5072 IPNAT - ok
15:23:46.0876 5072 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:23:46.0891 5072 iPod Service - ok
15:23:47.0001 5072 [ AC76F0667A2798033F7401F95B163BC7 ] IPSSVC C:\Windows\system32\IPSSVC.EXE
15:23:47.0001 5072 IPSSVC - ok
15:23:47.0141 5072 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:23:47.0406 5072 IRENUM - ok
15:23:47.0422 5072 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:23:47.0437 5072 isapnp - ok
15:23:47.0687 5072 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:23:47.0858 5072 iScsiPrt - ok
15:23:48.0155 5072 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:23:48.0155 5072 iteatapi - ok
15:23:48.0202 5072 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:23:48.0217 5072 iteraid - ok
15:23:48.0248 5072 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:23:48.0264 5072 kbdclass - ok
15:23:48.0467 5072 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:23:48.0560 5072 kbdhid - ok
15:23:48.0654 5072 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:23:48.0701 5072 KeyIso - ok
15:23:48.0935 5072 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:23:48.0997 5072 KSecDD - ok
15:23:49.0044 5072 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:23:49.0106 5072 KtmRm - ok
15:23:49.0169 5072 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
15:23:49.0200 5072 LanmanServer - ok
15:23:49.0247 5072 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:23:49.0309 5072 LanmanWorkstation - ok
15:23:49.0356 5072 [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
15:23:49.0356 5072 lenovo.smi - ok
15:23:49.0403 5072 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:23:49.0418 5072 lltdio - ok
15:23:49.0496 5072 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:23:49.0574 5072 lltdsvc - ok
15:23:49.0590 5072 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:23:49.0652 5072 lmhosts - ok
15:23:49.0699 5072 [ 515FC18CABEE0158A324B08B1C2667CF ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
15:23:49.0777 5072 LPCFilter - ok
15:23:49.0870 5072 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:23:49.0886 5072 LSI_FC - ok
15:23:49.0917 5072 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:23:49.0933 5072 LSI_SAS - ok
15:23:49.0980 5072 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:23:49.0995 5072 LSI_SCSI - ok
15:23:50.0026 5072 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:23:50.0276 5072 luafv - ok
15:23:50.0354 5072 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
15:23:50.0370 5072 MatSvc - ok
15:23:50.0416 5072 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:23:50.0432 5072 MBAMProtector - ok
15:23:50.0463 5072 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:23:50.0494 5072 MBAMScheduler - ok
15:23:50.0697 5072 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:23:50.0931 5072 MBAMService - ok
15:23:51.0165 5072 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
15:23:51.0212 5072 McComponentHostService - ok
15:23:51.0259 5072 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:23:51.0305 5072 Mcx2Svc - ok
15:23:51.0352 5072 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
15:23:51.0368 5072 megasas - ok
15:23:51.0477 5072 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:23:51.0649 5072 MegaSR - ok
15:23:51.0664 5072 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:23:51.0711 5072 MMCSS - ok
15:23:51.0742 5072 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:23:51.0805 5072 Modem - ok
15:23:51.0836 5072 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:23:51.0867 5072 monitor - ok
15:23:51.0898 5072 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:23:51.0914 5072 mouclass - ok
15:23:51.0945 5072 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:23:52.0023 5072 mouhid - ok
15:23:52.0054 5072 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:23:52.0070 5072 MountMgr - ok
15:23:52.0163 5072 [ BA7BC321BFEF85B525A9417693B1FF09 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:23:52.0179 5072 MozillaMaintenance - ok
15:23:52.0226 5072 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
15:23:52.0241 5072 mpio - ok
15:23:52.0319 5072 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:23:52.0429 5072 mpsdrv - ok
15:23:52.0538 5072 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:23:52.0616 5072 MpsSvc - ok
15:23:52.0678 5072 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:23:52.0694 5072 Mraid35x - ok
15:23:52.0725 5072 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:23:52.0772 5072 MRxDAV - ok
15:23:52.0850 5072 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:23:52.0928 5072 mrxsmb - ok
15:23:52.0959 5072 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:23:52.0990 5072 mrxsmb10 - ok
15:23:53.0037 5072 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:23:53.0068 5072 mrxsmb20 - ok
15:23:53.0099 5072 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
15:23:53.0115 5072 msahci - ok
15:23:53.0162 5072 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:23:53.0177 5072 msdsm - ok
15:23:53.0224 5072 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:23:53.0286 5072 MSDTC - ok
15:23:53.0318 5072 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:23:53.0364 5072 Msfs - ok
15:23:53.0427 5072 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:23:53.0442 5072 msisadrv - ok
15:23:53.0567 5072 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:23:53.0661 5072 MSiSCSI - ok
15:23:53.0661 5072 msiserver - ok
15:23:53.0723 5072 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:23:53.0785 5072 MSKSSRV - ok
15:23:53.0817 5072 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:23:53.0832 5072 MSPCLOCK - ok
15:23:53.0863 5072 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:23:53.0926 5072 MSPQM - ok
15:23:53.0973 5072 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:23:54.0004 5072 MsRPC - ok
15:23:54.0113 5072 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:23:54.0113 5072 mssmbios - ok
15:23:54.0331 5072 MSSQL$MSSMLBIZ - ok
15:23:54.0378 5072 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:23:54.0394 5072 MSSQLServerADHelper - ok
15:23:54.0425 5072 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:23:54.0456 5072 MSTEE - ok
15:23:54.0472 5072 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:23:54.0487 5072 Mup - ok
15:23:54.0675 5072 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:23:54.0784 5072 napagent - ok
15:23:54.0924 5072 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:23:54.0940 5072 NativeWifiP - ok
15:23:54.0987 5072 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:23:55.0033 5072 NDIS - ok
15:23:55.0049 5072 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:23:55.0064 5072 NdisTapi - ok
15:23:55.0142 5072 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:23:55.0158 5072 Ndisuio - ok
15:23:55.0205 5072 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:23:55.0252 5072 NdisWan - ok
15:23:55.0298 5072 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:23:55.0361 5072 NDProxy - ok
15:23:55.0392 5072 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:23:55.0439 5072 NetBIOS - ok
15:23:55.0486 5072 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:23:55.0548 5072 netbt - ok
15:23:55.0579 5072 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:23:55.0595 5072 Netlogon - ok
15:23:55.0766 5072 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:23:55.0798 5072 Netman - ok
15:23:55.0876 5072 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:23:55.0954 5072 netprofm - ok
15:23:56.0032 5072 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:23:56.0063 5072 NetTcpPortSharing - ok
15:23:56.0172 5072 [ EA30BD026A7D1B745A37516880C4AC1B ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
15:23:56.0375 5072 NETw3v32 - ok
15:23:57.0264 5072 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
15:23:57.0638 5072 NETw5v32 - ok
15:23:57.0654 5072 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:23:57.0669 5072 nfrd960 - ok
15:23:57.0794 5072 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:23:57.0950 5072 NlaSvc - ok
15:23:58.0012 5072 [ 13350DDD0976CEB5F125396C7BFB05B4 ] nmraapache C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
15:23:58.0012 5072 nmraapache ( UnsignedFile.Multi.Generic ) - warning
15:23:58.0012 5072 nmraapache - detected UnsignedFile.Multi.Generic (1)
15:23:58.0075 5072 [ 3CB041B0C24258BDCFD0DB1B1BF95EFB ] nmservice C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
15:23:58.0090 5072 nmservice - ok
15:23:58.0137 5072 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:23:58.0200 5072 Npfs - ok
15:23:58.0262 5072 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:23:58.0309 5072 nsi - ok
15:23:58.0324 5072 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:23:58.0402 5072 nsiproxy - ok
15:23:58.0465 5072 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:23:58.0512 5072 Ntfs - ok
15:23:58.0605 5072 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:23:58.0699 5072 ntrigdigi - ok
15:23:58.0714 5072 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:23:58.0777 5072 Null - ok
15:23:58.0824 5072 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:23:58.0839 5072 nvraid - ok
15:23:58.0870 5072 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:23:58.0886 5072 nvstor - ok
15:23:58.0917 5072 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:23:58.0933 5072 nv_agp - ok
15:23:58.0933 5072 NwlnkFlt - ok
15:23:58.0948 5072 NwlnkFwd - ok
15:23:59.0042 5072 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:23:59.0104 5072 ohci1394 - ok
15:23:59.0276 5072 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:23:59.0291 5072 ose - ok
15:23:59.0806 5072 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:24:00.0165 5072 osppsvc - ok
15:24:00.0399 5072 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:24:00.0477 5072 p2pimsvc - ok
15:24:00.0492 5072 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:24:00.0524 5072 p2psvc - ok
15:24:00.0555 5072 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:24:00.0586 5072 Parport - ok
15:24:00.0648 5072 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:24:00.0664 5072 partmgr - ok
15:24:00.0711 5072 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
15:24:00.0804 5072 Parvdm - ok
15:24:00.0836 5072 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:24:00.0851 5072 PcaSvc - ok
15:24:00.0882 5072 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:24:00.0898 5072 pci - ok
15:24:00.0929 5072 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
15:24:00.0945 5072 pciide - ok
15:24:00.0992 5072 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:24:01.0007 5072 pcmcia - ok
15:24:01.0272 5072 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:24:01.0382 5072 PEAUTH - ok
15:24:01.0491 5072 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:24:01.0771 5072 pla - ok
15:24:01.0818 5072 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:24:01.0896 5072 PlugPlay - ok
15:24:01.0974 5072 [ 29A26236447E5B5E3FCE5E33168C43E0 ] PMSveH C:\Program Files\Lenovo\PM Driver\PMSveH.exe
15:24:01.0990 5072 PMSveH ( UnsignedFile.Multi.Generic ) - warning
15:24:01.0990 5072 PMSveH - detected UnsignedFile.Multi.Generic (1)
15:24:02.0021 5072 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:24:02.0099 5072 PNRPAutoReg - ok
15:24:02.0115 5072 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:24:02.0146 5072 PNRPsvc - ok
15:24:02.0208 5072 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:24:02.0224 5072 PolicyAgent - ok
15:24:02.0302 5072 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:24:02.0333 5072 PptpMiniport - ok
15:24:02.0380 5072 [ C9CA089787AA4CA892F2173A8E15C1B0 ] PROCDD C:\Windows\system32\DRIVERS\PROCDD.SYS
15:24:02.0395 5072 PROCDD - ok
15:24:02.0442 5072 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
15:24:02.0473 5072 Processor - ok
15:24:02.0567 5072 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:24:02.0614 5072 ProfSvc - ok
15:24:02.0629 5072 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:24:02.0645 5072 ProtectedStorage - ok
15:24:02.0770 5072 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\system32\PSIService.exe
15:24:02.0801 5072 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
15:24:02.0801 5072 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
15:24:02.0848 5072 [ F8A25F1DD8B2C332CBC663E3579566E7 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
15:24:02.0848 5072 psadd - ok
15:24:02.0926 5072 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:24:02.0941 5072 PSched - ok
15:24:03.0144 5072 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:24:03.0144 5072 PxHelp20 - ok
15:24:03.0269 5072 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:24:03.0347 5072 ql2300 - ok
15:24:03.0409 5072 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:24:03.0425 5072 ql40xx - ok
15:24:03.0518 5072 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:24:03.0550 5072 QWAVE - ok
15:24:03.0565 5072 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:24:03.0612 5072 QWAVEdrv - ok
15:24:03.0643 5072 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:24:03.0674 5072 RasAcd - ok
15:24:03.0706 5072 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:24:03.0752 5072 RasAuto - ok
15:24:03.0784 5072 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:24:03.0846 5072 Rasl2tp - ok
15:24:03.0955 5072 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:24:04.0033 5072 RasMan - ok
15:24:04.0080 5072 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:24:04.0096 5072 RasPppoe - ok
15:24:04.0142 5072 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:24:04.0158 5072 RasSstp - ok
15:24:04.0220 5072 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:24:04.0267 5072 rdbss - ok
15:24:04.0329 5072 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:24:04.0392 5072 RDPCDD - ok
15:24:04.0470 5072 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:24:04.0501 5072 rdpdr - ok
15:24:04.0517 5072 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:24:04.0563 5072 RDPENCDD - ok
15:24:04.0657 5072 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:24:04.0704 5072 RDPWD - ok
15:24:04.0735 5072 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:24:04.0766 5072 RemoteAccess - ok
15:24:04.0797 5072 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:24:04.0844 5072 RemoteRegistry - ok
15:24:04.0891 5072 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:24:04.0922 5072 RFCOMM - ok
15:24:05.0016 5072 [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
15:24:05.0031 5072 RichVideo - ok
15:24:05.0078 5072 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
15:24:05.0094 5072 rimmptsk - ok
15:24:05.0141 5072 [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
15:24:05.0187 5072 rimsptsk - ok
15:24:05.0219 5072 [ D231B577024AA324AF13A42F3A807D10 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
15:24:05.0234 5072 rismxdp - ok
15:24:05.0281 5072 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:24:05.0328 5072 RpcLocator - ok
15:24:05.0453 5072 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
15:24:05.0515 5072 RpcSs - ok
15:24:05.0546 5072 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:24:05.0608 5072 rspndr - ok
15:24:05.0624 5072 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:24:05.0640 5072 SamSs - ok
15:24:05.0655 5072 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:24:05.0671 5072 sbp2port - ok
15:24:05.0733 5072 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:24:05.0780 5072 SCardSvr - ok
15:24:05.0998 5072 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:24:06.0076 5072 Schedule - ok
15:24:06.0092 5072 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:24:06.0123 5072 SCPolicySvc - ok
15:24:06.0170 5072 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:24:06.0186 5072 sdbus - ok
15:24:06.0264 5072 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:24:06.0310 5072 SDRSVC - ok
15:24:06.0342 5072 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:24:06.0404 5072 secdrv - ok
15:24:06.0482 5072 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:24:06.0544 5072 seclogon - ok
15:24:06.0576 5072 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
15:24:06.0654 5072 SENS - ok
15:24:06.0669 5072 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:24:06.0732 5072 Serenum - ok
15:24:06.0825 5072 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:24:06.0887 5072 Serial - ok
15:24:06.0934 5072 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:24:06.0950 5072 sermouse - ok
15:24:07.0043 5072 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:24:07.0075 5072 SessionEnv - ok
15:24:07.0106 5072 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:24:07.0168 5072 sffdisk - ok
15:24:07.0199 5072 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:24:07.0231 5072 sffp_mmc - ok
15:24:07.0277 5072 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:24:07.0309 5072 sffp_sd - ok
15:24:07.0355 5072 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:24:07.0449 5072 sfloppy - ok
15:24:07.0496 5072 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:24:07.0574 5072 SharedAccess - ok
15:24:07.0667 5072 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:24:07.0699 5072 ShellHWDetection - ok
15:24:07.0761 5072 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:24:07.0777 5072 sisagp - ok
15:24:07.0792 5072 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:24:07.0808 5072 SiSRaid2 - ok
15:24:07.0855 5072 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:24:07.0870 5072 SiSRaid4 - ok
15:24:08.0011 5072 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:24:08.0432 5072 slsvc - ok
15:24:08.0478 5072 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:24:08.0510 5072 SLUINotify - ok
15:24:08.0541 5072 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:24:08.0556 5072 Smb - ok
15:24:08.0681 5072 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:24:08.0697 5072 SNMPTRAP - ok
15:24:08.0728 5072 [ FF35C2D01AC36B446A1B997F305F0FC2 ] Soluto C:\Windows\system32\DRIVERS\Soluto.sys
15:24:08.0744 5072 Soluto - ok
15:24:08.0931 5072 [ 57E4AFE38AAF4D4D864D07829B38A377 ] SolutoService C:\Program Files\Soluto\SolutoService.exe
15:24:08.0962 5072 SolutoService - ok
15:24:08.0993 5072 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:24:09.0009 5072 spldr - ok
15:24:09.0134 5072 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:24:09.0196 5072 Spooler - ok
15:24:09.0367 5072 [ 85CD5B92052C3D285CC91244C593A1AC ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
15:24:09.0399 5072 SpyHunter 4 Service - ok
15:24:09.0445 5072 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:24:09.0477 5072 SQLBrowser - ok
15:24:09.0555 5072 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:24:09.0570 5072 SQLWriter - ok
15:24:09.0633 5072 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:24:09.0711 5072 srv - ok
15:24:09.0742 5072 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:24:09.0789 5072 srv2 - ok
15:24:09.0804 5072 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:24:09.0820 5072 srvnet - ok
15:24:09.0945 5072 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:24:09.0991 5072 SSDPSRV - ok
15:24:10.0085 5072 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:24:10.0101 5072 ssmdrv - ok
15:24:10.0163 5072 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:24:10.0179 5072 SstpSvc - ok
15:24:10.0241 5072 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:24:10.0272 5072 stisvc - ok
15:24:10.0397 5072 [ C2191C1A5DFED0795E3D3B68905B195B ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
15:24:10.0413 5072 SUService ( UnsignedFile.Multi.Generic ) - warning
15:24:10.0413 5072 SUService - detected UnsignedFile.Multi.Generic (1)
15:24:10.0428 5072 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:24:10.0444 5072 swenum - ok
15:24:10.0537 5072 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:24:10.0600 5072 swprv - ok
15:24:10.0647 5072 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:24:10.0647 5072 Symc8xx - ok
15:24:10.0678 5072 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:24:10.0693 5072 Sym_hi - ok
15:24:10.0709 5072 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:24:10.0724 5072 Sym_u3 - ok
15:24:10.0802 5072 [ F7A4250BB3E3AFCD4AF100E551509352 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:24:10.0834 5072 SynTP - ok
15:24:10.0896 5072 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:24:11.0005 5072 SysMain - ok
15:24:11.0208 5072 [ 9D40AC2003DCA9F045181241C2BF47A2 ] SystemStoreService C:\Program Files\SoftwareUpdater\SystemStore.exe
15:24:11.0270 5072 SystemStoreService ( UnsignedFile.Multi.Generic ) - warning
15:24:11.0270 5072 SystemStoreService - detected UnsignedFile.Multi.Generic (1)
15:24:11.0317 5072 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:24:11.0364 5072 TabletInputService - ok
15:24:11.0426 5072 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:24:11.0458 5072 TapiSrv - ok
15:24:11.0520 5072 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:24:11.0598 5072 TBS - ok
15:24:11.0676 5072 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:24:11.0785 5072 Tcpip - ok
15:24:11.0801 5072 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:24:12.0081 5072 Tcpip6 - ok
15:24:12.0144 5072 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:24:12.0175 5072 tcpipreg - ok
15:24:12.0206 5072 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:24:12.0253 5072 TDPIPE - ok
15:24:12.0315 5072 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:24:12.0409 5072 TDTCP - ok
15:24:12.0456 5072 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:24:12.0503 5072 tdx - ok
15:24:12.0549 5072 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:24:12.0581 5072 TermDD - ok
15:24:12.0643 5072 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:24:12.0737 5072 TermService - ok
15:24:12.0768 5072 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:24:12.0783 5072 Themes - ok
15:24:12.0908 5072 [ 6A31E2966354E4DED9533875899CA708 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
15:24:12.0971 5072 ThinkVantage Registry Monitor Service - ok
15:24:13.0017 5072 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:24:13.0049 5072 THREADORDER - ok
15:24:13.0142 5072 [ 3C6A42A8494D74F44F048BB7F9F2DB44 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:24:13.0142 5072 TPHKSVC - ok
15:24:13.0189 5072 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
15:24:13.0205 5072 TPM - ok
15:24:13.0314 5072 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:24:13.0345 5072 TrkWks - ok
15:24:13.0438 5072 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:24:13.0470 5072 TrustedInstaller - ok
15:24:13.0626 5072 [ 384383E999450EA1F0117B55461E3A55 ] TSSCoreService C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
15:24:13.0641 5072 TSSCoreService - ok
15:24:13.0657 5072 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:24:13.0735 5072 tssecsrv - ok
15:24:14.0172 5072 [ FC740E4FF236B72CA59B8F762D30C7F3 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
15:24:14.0328 5072 TuneUp.UtilitiesSvc - ok
15:24:14.0421 5072 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
15:24:14.0437 5072 TuneUpUtilitiesDrv - ok
15:24:14.0484 5072 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:24:14.0499 5072 tunnel - ok
15:24:14.0717 5072 [ 550EB190CB6444C9E5DCAB810D2057BD ] TVT Backup Protection Service C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
15:24:14.0764 5072 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
15:24:14.0764 5072 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
15:24:14.0920 5072 [ 5C4894EB6E56DEE78522BB8DE00AA29A ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
15:24:15.0139 5072 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
15:24:15.0139 5072 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
15:24:15.0388 5072 [ 5D355B9077CBE87C8E8EB1EAFEFF9F38 ] TVT Scheduler c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
15:24:15.0560 5072 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
15:24:15.0560 5072 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
15:24:15.0607 5072 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\Windows\system32\DRIVERS\tvtfilter.sys
15:24:15.0607 5072 tvtfilter ( UnsignedFile.Multi.Generic ) - warning
15:24:15.0607 5072 tvtfilter - detected UnsignedFile.Multi.Generic (1)
15:24:15.0685 5072 [ 7E66DDA1EF146BFC3A6E36E08E036602 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
15:24:15.0700 5072 TVTI2C - ok
15:24:15.0841 5072 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:24:15.0872 5072 uagp35 - ok
15:24:16.0012 5072 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:24:16.0059 5072 udfs - ok
15:24:16.0121 5072 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:24:16.0215 5072 UI0Detect - ok
15:24:16.0230 5072 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:24:16.0246 5072 uliagpkx - ok
15:24:16.0386 5072 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:24:16.0402 5072 uliahci - ok
15:24:16.0418 5072 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:24:16.0433 5072 UlSata - ok
15:24:16.0464 5072 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:24:16.0480 5072 ulsata2 - ok
15:24:16.0496 5072 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:24:16.0542 5072 umbus - ok
15:24:16.0667 5072 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:24:16.0761 5072 upnphost - ok
15:24:16.0792 5072 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
15:24:16.0823 5072 USBAAPL - ok
15:24:16.0886 5072 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:24:16.0979 5072 usbccgp - ok
15:24:17.0073 5072 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:24:17.0151 5072 usbcir - ok
15:24:17.0260 5072 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:24:17.0307 5072 usbehci - ok
15:24:17.0353 5072 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:24:17.0385 5072 usbhub - ok
15:24:17.0431 5072 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:24:17.0509 5072 usbohci - ok
15:24:17.0572 5072 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:24:17.0603 5072 usbprint - ok
15:24:17.0665 5072 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:24:17.0712 5072 USBSTOR - ok
15:24:17.0759 5072 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:24:17.0775 5072 usbuhci - ok
15:24:17.0853 5072 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:24:17.0931 5072 UxSms - ok
15:24:17.0962 5072 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:24:18.0071 5072 vds - ok
15:24:18.0102 5072 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:24:18.0149 5072 vga - ok
15:24:18.0196 5072 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:24:18.0243 5072 VgaSave - ok
15:24:18.0274 5072 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:24:18.0289 5072 viaagp - ok
15:24:18.0352 5072 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:24:18.0383 5072 ViaC7 - ok
15:24:18.0430 5072 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:24:18.0445 5072 viaide - ok
15:24:18.0508 5072 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:24:18.0523 5072 volmgr - ok
15:24:18.0586 5072 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:24:18.0601 5072 volmgrx - ok
15:24:18.0648 5072 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:24:18.0679 5072 volsnap - ok
15:24:18.0679 5072 Vsdatant - ok
15:24:18.0773 5072 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:24:18.0788 5072 vsmraid - ok
15:24:18.0866 5072 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:24:18.0929 5072 VSS - ok
15:24:18.0960 5072 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:24:19.0022 5072 W32Time - ok
15:24:19.0054 5072 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:24:19.0100 5072 WacomPen - ok
15:24:19.0163 5072 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:24:19.0210 5072 Wanarp - ok
15:24:19.0225 5072 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:24:19.0241 5072 Wanarpv6 - ok
15:24:19.0366 5072 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:24:19.0381 5072 wcncsvc - ok
15:24:19.0428 5072 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:24:19.0459 5072 WcsPlugInService - ok
15:24:19.0490 5072 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
15:24:19.0506 5072 Wd - ok
15:24:19.0568 5072 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:24:19.0615 5072 Wdf01000 - ok
15:24:19.0693 5072 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:24:19.0740 5072 WdiServiceHost - ok
15:24:19.0740 5072 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:24:19.0771 5072 WdiSystemHost - ok
15:24:19.0880 5072 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:24:19.0896 5072 WebClient - ok
15:24:20.0036 5072 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:24:20.0067 5072 Wecsvc - ok
15:24:20.0099 5072 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:24:20.0130 5072 wercplsupport - ok
15:24:20.0208 5072 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:24:20.0239 5072 WerSvc - ok
15:24:20.0333 5072 [ F9AD3A5E3FD7E0BDB18B8202B0FDD4E4 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
15:24:20.0348 5072 WimFltr - ok
15:24:20.0473 5072 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:24:20.0489 5072 WinDefend - ok
15:24:20.0520 5072 WinHttpAutoProxySvc - ok
15:24:20.0676 5072 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:24:20.0707 5072 Winmgmt - ok
15:24:20.0832 5072 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:24:21.0050 5072 WinRM - ok
15:24:21.0097 5072 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:24:21.0190 5072 Wlansvc - ok
15:24:21.0393 5072 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:24:21.0409 5072 wlcrasvc - ok
15:24:21.0534 5072 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:24:21.0783 5072 wlidsvc - ok
15:24:21.0814 5072 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:24:21.0830 5072 WmiAcpi - ok
15:24:21.0908 5072 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:24:21.0939 5072 wmiApSrv - ok
15:24:22.0173 5072 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:24:22.0236 5072 WMPNetworkSvc - ok
15:24:22.0282 5072 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:24:22.0314 5072 WPCSvc - ok
15:24:22.0391 5072 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:24:22.0454 5072 WPDBusEnum - ok
15:24:22.0485 5072 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:24:22.0532 5072 WpdUsb - ok
15:24:22.0719 5072 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:24:22.0828 5072 WPFFontCache_v0400 - ok
15:24:22.0891 5072 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:24:22.0953 5072 ws2ifsl - ok
15:24:23.0031 5072 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
15:24:23.0078 5072 wscsvc - ok
15:24:23.0078 5072 WSearch - ok
15:24:23.0405 5072 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:24:23.0561 5072 wuauserv - ok
15:24:23.0670 5072 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:24:23.0748 5072 WudfPf - ok
15:24:23.0780 5072 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:24:23.0826 5072 WUDFRd - ok
15:24:23.0920 5072 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:24:23.0982 5072 wudfsvc - ok
15:24:23.0998 5072 ================ Scan global ===============================
15:24:24.0092 5072 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:24:24.0154 5072 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:24:24.0170 5072 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
15:24:24.0201 5072 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:24:24.0216 5072 [Global] - ok
15:24:24.0216 5072 ================ Scan MBR ==================================
15:24:24.0263 5072 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:24:25.0246 5072 \Device\Harddisk0\DR0 - ok
15:24:25.0246 5072 ================ Scan VBR ==================================
15:24:25.0277 5072 [ B2B2AAECF217BA7C7B5FE33809100C38 ] \Device\Harddisk0\DR0\Partition1
15:24:25.0308 5072 \Device\Harddisk0\DR0\Partition1 - ok
15:24:25.0308 5072 ============================================================
15:24:25.0308 5072 Scan finished
15:24:25.0308 5072 ============================================================
15:24:25.0324 4264 Detected object count: 11
15:24:25.0324 4264 Actual detected object count: 11
15:24:50.0420 4264 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0420 4264 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:50.0436 4264 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0436 4264 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:50.0436 4264 nmraapache ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0436 4264 nmraapache ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:50.0436 4264 PMSveH ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0436 4264 PMSveH ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:50.0436 4264 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0436 4264 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:50.0436 4264 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0436 4264 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:50.0436 4264 SystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0436 4264 SystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:50.0452 4264 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0452 4264 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:50.0452 4264 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0452 4264 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:50.0452 4264 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0452 4264 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:24:50.0452 4264 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
15:24:50.0452 4264 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg · 15.06.2013, 14:41

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

bumpf · 15.06.2013, 14:45

Was bedeutet möglichst in CODE-Tags posten, wie funktioniert das?? Sorry...!!

markusg · 15.06.2013, 14:57

kopier sie einfach rein. oder auf die schaltfläche code klicken.

bumpf · 15.06.2013, 15:37

ComboFix hat einen automatischen Neustart des Rechners vorgenommen. Dabei wurde zum einen erneut der Zugriff auf das folgende Programm wegen vertrauensvoller Quelle nachgefragt: "SoftwareUpdater.Ui.exe". Habe den Zugriff nicht zugelassen. Zum anderen wurde automatisch das Programm "SpyHunter 4" geöffnet. Sollte ich das Programm noch deinstallieren?

Zudem öffnen sich seit ca. einer halben Stunde Fenster von ComboFix, welche sich sofort wieder schließen, ist das ok?

Soll ich warten bis dieser Vorgang abgeschlossen ist oder kann das im Hintergrund weiterlaufen und ich sende die Inhalte der ComboFix-Datei aus dem c-Laufwerk?

Habe den Rechner neu gestartet. ComboFix Fenster wurde automatisch geöffnet mit dem Hinweis: "Bereite Logdatei vor. Starte keine anderen Programme, bevor ComboFix fertig ist". Allerdings startete erneut das Programm Spy Hunter 4 automatisch, ich hoffe das ist kein Problem. Hinweis wegen zweifelhaftem Programm SoftwareUpdater.Ui.exe kam erneut. Avira meldete: Überprüfen Sie die Computersicherheit. Es sind mehrere Sicherheitsprobleme auf dem Computer vorhanden.

Im ComboFix Fenster kam der Hinwei, dass in Kürze Logdatei erstellt wird und unter C-Laufwerk abgespeichert wird und noch folgender Hinweis zweimal: "SED: can't read catchlog, ..." dann wurde Fenster automatisch geschlossen und die Logdatei öffnete sich, Inhalt nachfolgend.

Beim öffnen des IE kam dann noch der erwähnte Hinweis: "Es wurde versucht, einen Registrierungsschlüssel... etc." Habe bislang den Computer nicht nochmals neu gestartet.

Logdatei:

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-06-13.01 - Oli 15.06.2013  15:50:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3062.1569 [GMT 2:00]
ausgeführt von:: c:\users\Oli\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pswi_preloaded.exe
c:\programdata\Taskmgr
c:\programdata\Taskmgr\SP01.int
c:\programdata\Taskmgr\WPO13.int
c:\users\Oli\AppData\Roaming\1&1
c:\users\Oli\AppData\Roaming\1&1\1&1 EasyLogin\customer.xml
c:\users\Oli\AppData\Roaming\1&1\1&1 EasyLogin\EasyLogin.log
c:\users\Oli\AppData\Roaming\1&1\1&1 EasyLogin\update\EasyLogin_setup_DE.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-15 bis 2013-06-15  ))))))))))))))))))))))))))))))
.
.
2013-06-15 14:00 . 2013-06-15 15:11	--------	d-----w-	c:\users\Oli\AppData\Local\temp
2013-06-15 14:00 . 2013-06-15 14:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-15 12:48 . 2013-06-15 13:07	--------	d-----w-	C:\_OTL
2013-06-14 11:13 . 2013-06-14 11:13	110080	----a-r-	c:\users\Oli\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconF7A21AF7.exe
2013-06-14 11:13 . 2013-06-14 11:13	110080	----a-r-	c:\users\Oli\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconD7F16134.exe
2013-06-14 11:13 . 2013-06-14 11:13	110080	----a-r-	c:\users\Oli\AppData\Roaming\Microsoft\Installer\{E89498D8-1430-4A2B-A76A-4A71326981E9}\IconCF33A0CE.exe
2013-06-14 11:13 . 2013-06-14 11:14	--------	d-----w-	C:\sh4ldr
2013-06-14 11:13 . 2013-06-14 11:13	--------	d-----w-	c:\program files\Enigma Software Group
2013-06-14 11:13 . 2013-06-14 11:13	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2013-06-14 09:37 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{297270A9-3A4B-4059-97BB-408C12A5B95A}\mpengine.dll
2013-06-13 09:50 . 2013-05-16 22:27	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-06-12 10:49 . 2013-04-24 04:00	985600	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 10:49 . 2013-04-24 04:00	98304	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 10:49 . 2013-04-24 04:00	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 10:49 . 2013-04-24 04:00	41984	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 10:49 . 2013-04-24 01:46	812544	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 10:49 . 2013-05-08 04:37	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 10:49 . 2013-05-02 04:04	443904	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 10:49 . 2013-05-02 04:03	37376	----a-w-	c:\windows\system32\printcom.dll
2013-06-12 10:49 . 2013-05-02 22:03	3603832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-06-12 10:49 . 2013-05-02 22:03	3551096	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-12 10:49 . 2013-04-17 12:30	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2013-06-10 12:21 . 2013-06-10 12:21	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-29 16:23 . 2013-05-29 16:23	--------	d-----w-	c:\program files\WEB.DE MailCheck
2013-05-27 16:50 . 2013-05-27 16:50	--------	d-----w-	c:\programdata\UUdb
2013-05-27 16:50 . 2013-05-27 16:50	--------	d-----w-	c:\programdata\1und1DesktopIconsInstaller
2013-05-27 12:29 . 2013-05-27 12:29	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-27 12:29 . 2013-05-27 12:29	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-27 12:29 . 2013-05-27 12:29	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-27 12:29 . 2013-05-27 12:29	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-27 12:29 . 2013-05-27 12:29	159744	----a-w-	c:\program files\Internet Explorer\Plugins\npqtplugin.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 14:57 . 2012-04-04 22:09	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 14:57 . 2011-07-28 18:08	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-16 10:05 . 2010-06-24 10:33	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2009-10-03 09:42	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59	69632	----a-w-	c:\windows\system32\QuickTime.qts
2013-04-15 14:20 . 2013-05-15 10:55	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 10:55	37376	----a-w-	c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 10:55	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-04-04 12:50 . 2013-05-07 13:08	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-01 11:28 . 2012-12-20 23:56	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-04-01 11:28 . 2012-12-20 23:56	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-04-01 11:28 . 2012-12-20 23:56	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-06-05 34352]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2008-03-11 54560]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-06-06 487424]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-15 217176]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-12-14 478800]
"RemoteControl"="c:\program files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 431392]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-10-27 148768]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-11-29 2872632]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-05-27 1516608]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2007-3-29 719664]
LenovoRegistration.lnk - c:\swtools\LenovoWelcome\LenovoRegistration.cmd [2007-10-4 166]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,c:\program files\Soluto\soluto.exe /userinit"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware]
c:\program files\Lenovo Fingerprint Software\fpapp.exe \s [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2009-03-06 16:29	458752	------w-	c:\program files\ThinkVantage\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2013-02-08 13:10	1644680	----a-w-	c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-23 11:04	4423680	------w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2010-03-26 03:08	62312	----a-w-	c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-06 03:50	1165776	----a-w-	c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 14:57]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 12:49]
.
2013-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-24 12:49]
.
2011-01-02 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-05-12 22:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://go.web.de/tb/ie_startpage/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.1und1.de/suchbox/1und1suche?su=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Iwiwguugu - c:\users\Oli\AppData\Roaming\Saboy\ezhys.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-System Care Antivirus - c:\programdata\AEF6D49D3B9B43BC0000AEF625AC48EF\AEF6D49D3B9B43BC0000AEF625AC48EF.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{154006cd-a446-4da1-922e-a267e0fe1f9a}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001eec
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8b51fdfc-1a8d-4751-acb8-922252a8506f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f001641
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a7094888-3555-4b22-bc73-07b5799030a6}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0b001f3c
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{af5c82fe-7b35-4a49-9e55-3faca6c93f4c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14000000
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{e969a2b9-0b55-4bf3-b9d5-82f121695767}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14001fe1
"Dhcpv6State"=dword:00000000
"NameServer"=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2492)
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\System32\lpksetup.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LENOVO\HOTKEY\FNF5SVC.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Soluto\SolutoService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\LENOVO\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Soluto\soluto.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\conime.exe
c:\program files\Enigma Software Group\SpyHunter\Spyhunter4.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Lenovo\PM Driver\PMHandler.exe
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lenovo\Bluetooth Software\BtStackServer.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-15  17:23:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-15 15:22
.
Vor Suchlauf: 18 Verzeichnis(se), 21.888.323.584 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 21.564.649.472 Bytes frei
.
- - End Of File - - E82BD90473EFDEA4AF6819A86078CEC8

--- --- ---
5C616939100B85E558DA92B899A0FC36

markusg · 15.06.2013, 18:01

spyhunter, weg.
um die andern meldungen kümmern wir uns noch.

poste alle bisher erstellten Logs von Malwarebytes mit funden, update es dann, mache einen vollständigen scan, log posten.
http://www.trojaner-board.de/125889-...en-posten.html

bumpf · 15.06.2013, 19:24

Habe SpyHunter deinstalliert. Auf dem Desktop ist noch immer eine Verknüpfung zu "System Care Antivirus", in der Liste der installierten Programme unter Systemsteuerung befindet sich das Programm aber nicht mehr.

Soll ich das Antivirenprogramm Avira wieder aktivieren? Wie geht's weiter?

Nochmals vielen Dank für die Unterstützung!!

markusg · 15.06.2013, 19:25

verknüpfung löschen, avira zwischen den scans und fixes an, wies weiter geht steht eig im letzten post

bumpf · 15.06.2013, 19:26

Sorry, habe den 2. Absatz mit Malwarebytes übersehen, mache ich gleich und poste die Funde.

markusg · 15.06.2013, 19:27

und die alten logs mit funden

bumpf · 15.06.2013, 20:15

Scan erledigt, anbei der Report und die Logdateien. Es kam die Meldung "keine infizierten Objekte gefunden".

Report:

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.06.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Oli :: TSITSIS-PC [Administrator]

15.06.2013 20:38:19
mbam-log-2013-06-15 (20-38-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 248949
Laufzeit: 10 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Logdateien:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.05.07.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Oli :: TSITSIS-PC [Administrator]

Schutz: Aktiviert

07.05.2013 15:11:57
mbam-log-2013-05-07 (15-11-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 241347
Laufzeit: 8 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.05.19.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Oli :: TSITSIS-PC [Administrator]

Schutz: Aktiviert

20.05.2013 22:14:25
mbam-log-2013-05-20 (22-14-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 243825
Laufzeit: 15 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.06.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Oli :: TSITSIS-PC [Administrator]

15.06.2013 20:38:19
mbam-log-2013-06-15 (20-38-19).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 248949
Laufzeit: 10 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2013/05/07 15:09:08 +0200 TSITSIS-PC Oli MESSAGE Starting protection
2013/05/07 15:09:08 +0200 TSITSIS-PC Oli MESSAGE Protection started successfully
2013/05/07 15:09:08 +0200 TSITSIS-PC Oli MESSAGE Starting IP protection
2013/05/07 15:09:13 +0200 TSITSIS-PC Oli MESSAGE IP Protection started successfully
2013/05/07 15:09:58 +0200 TSITSIS-PC Oli MESSAGE Stopping IP protection
2013/05/07 15:09:58 +0200 TSITSIS-PC Oli MESSAGE IP Protection stopped successfully
2013/05/07 15:09:58 +0200 TSITSIS-PC Oli MESSAGE Protection stopped
2013/05/07 15:10:02 +0200 TSITSIS-PC Oli MESSAGE Executing scheduled update: Daily
2013/05/07 15:10:12 +0200 TSITSIS-PC Oli MESSAGE Starting protection
2013/05/07 15:10:12 +0200 TSITSIS-PC Oli MESSAGE Protection started successfully
2013/05/07 15:10:12 +0200 TSITSIS-PC Oli MESSAGE Starting IP protection
2013/05/07 15:10:24 +0200 TSITSIS-PC Oli MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2013.05.07.05
2013/05/07 15:10:36 +0200 TSITSIS-PC Oli MESSAGE IP Protection started successfully
2013/05/07 15:10:36 +0200 TSITSIS-PC Oli MESSAGE Starting database refresh
2013/05/07 15:10:36 +0200 TSITSIS-PC Oli MESSAGE Stopping IP protection
2013/05/07 15:10:38 +0200 TSITSIS-PC Oli MESSAGE IP Protection stopped successfully
2013/05/07 15:10:41 +0200 TSITSIS-PC Oli MESSAGE Database refreshed successfully
2013/05/07 15:10:41 +0200 TSITSIS-PC Oli MESSAGE Starting IP protection
2013/05/07 15:10:47 +0200 TSITSIS-PC Oli MESSAGE IP Protection started successfully

2013/05/07 15:09:08 +0200 TSITSIS-PC Oli MESSAGE Starting protection
2013/05/07 15:09:08 +0200 TSITSIS-PC Oli MESSAGE Protection started successfully
2013/05/07 15:09:08 +0200 TSITSIS-PC Oli MESSAGE Starting IP protection
2013/05/07 15:09:13 +0200 TSITSIS-PC Oli MESSAGE IP Protection started successfully
2013/05/07 15:09:58 +0200 TSITSIS-PC Oli MESSAGE Stopping IP protection
2013/05/07 15:09:58 +0200 TSITSIS-PC Oli MESSAGE IP Protection stopped successfully
2013/05/07 15:09:58 +0200 TSITSIS-PC Oli MESSAGE Protection stopped
2013/05/07 15:10:02 +0200 TSITSIS-PC Oli MESSAGE Executing scheduled update: Daily
2013/05/07 15:10:12 +0200 TSITSIS-PC Oli MESSAGE Starting protection
2013/05/07 15:10:12 +0200 TSITSIS-PC Oli MESSAGE Protection started successfully
2013/05/07 15:10:12 +0200 TSITSIS-PC Oli MESSAGE Starting IP protection
2013/05/07 15:10:24 +0200 TSITSIS-PC Oli MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2013.05.07.05
2013/05/07 15:10:36 +0200 TSITSIS-PC Oli MESSAGE IP Protection started successfully
2013/05/07 15:10:36 +0200 TSITSIS-PC Oli MESSAGE Starting database refresh
2013/05/07 15:10:36 +0200 TSITSIS-PC Oli MESSAGE Stopping IP protection
2013/05/07 15:10:38 +0200 TSITSIS-PC Oli MESSAGE IP Protection stopped successfully
2013/05/07 15:10:41 +0200 TSITSIS-PC Oli MESSAGE Database refreshed successfully
2013/05/07 15:10:41 +0200 TSITSIS-PC Oli MESSAGE Starting IP protection
2013/05/07 15:10:47 +0200 TSITSIS-PC Oli MESSAGE IP Protection started successfully

2013/05/07 15:09:08 +0200 TSITSIS-PC Oli MESSAGE Starting protection
2013/05/07 15:09:08 +0200 TSITSIS-PC Oli MESSAGE Protection started successfully
2013/05/07 15:09:08 +0200 TSITSIS-PC Oli MESSAGE Starting IP protection
2013/05/07 15:09:13 +0200 TSITSIS-PC Oli MESSAGE IP Protection started successfully
2013/05/07 15:09:58 +0200 TSITSIS-PC Oli MESSAGE Stopping IP protection
2013/05/07 15:09:58 +0200 TSITSIS-PC Oli MESSAGE IP Protection stopped successfully
2013/05/07 15:09:58 +0200 TSITSIS-PC Oli MESSAGE Protection stopped
2013/05/07 15:10:02 +0200 TSITSIS-PC Oli MESSAGE Executing scheduled update: Daily
2013/05/07 15:10:12 +0200 TSITSIS-PC Oli MESSAGE Starting protection
2013/05/07 15:10:12 +0200 TSITSIS-PC Oli MESSAGE Protection started successfully
2013/05/07 15:10:12 +0200 TSITSIS-PC Oli MESSAGE Starting IP protection
2013/05/07 15:10:24 +0200 TSITSIS-PC Oli MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2013.05.07.05
2013/05/07 15:10:36 +0200 TSITSIS-PC Oli MESSAGE IP Protection started successfully
2013/05/07 15:10:36 +0200 TSITSIS-PC Oli MESSAGE Starting database refresh
2013/05/07 15:10:36 +0200 TSITSIS-PC Oli MESSAGE Stopping IP protection
2013/05/07 15:10:38 +0200 TSITSIS-PC Oli MESSAGE IP Protection stopped successfully
2013/05/07 15:10:41 +0200 TSITSIS-PC Oli MESSAGE Database refreshed successfully
2013/05/07 15:10:41 +0200 TSITSIS-PC Oli MESSAGE Starting IP protection
2013/05/07 15:10:47 +0200 TSITSIS-PC Oli MESSAGE IP Protection started successfully

2013/05/16 12:01:27 +0200 TSITSIS-PC (null) MESSAGE Executing scheduled update: Daily
2013/05/16 12:01:33 +0200 TSITSIS-PC (null) MESSAGE Starting protection
2013/05/16 12:01:33 +0200 TSITSIS-PC (null) MESSAGE Protection started successfully
2013/05/16 12:01:33 +0200 TSITSIS-PC (null) MESSAGE Starting IP protection
2013/05/16 12:01:35 +0200 TSITSIS-PC (null) MESSAGE Scheduled update executed successfully: database updated from version v2013.05.12.03 to version v2013.05.16.04
2013/05/16 12:01:38 +0200 TSITSIS-PC (null) MESSAGE IP Protection started successfully
2013/05/16 12:01:38 +0200 TSITSIS-PC (null) MESSAGE Starting database refresh
2013/05/16 12:01:38 +0200 TSITSIS-PC (null) MESSAGE Stopping IP protection
2013/05/16 12:01:38 +0200 TSITSIS-PC (null) MESSAGE IP Protection stopped successfully
2013/05/16 12:01:41 +0200 TSITSIS-PC (null) MESSAGE Database refreshed successfully
2013/05/16 12:01:41 +0200 TSITSIS-PC (null) MESSAGE Starting IP protection
2013/05/16 12:01:45 +0200 TSITSIS-PC (null) MESSAGE IP Protection started successfully

2013/05/17 14:08:22 +0200 TSITSIS-PC (null) MESSAGE Starting protection
2013/05/17 14:08:22 +0200 TSITSIS-PC (null) MESSAGE Protection started successfully
2013/05/17 14:08:22 +0200 TSITSIS-PC (null) MESSAGE Starting IP protection
2013/05/17 14:08:26 +0200 TSITSIS-PC (null) MESSAGE IP Protection started successfully

2013/05/19 13:46:43 +0200 TSITSIS-PC Oli MESSAGE Executing scheduled update: Daily
2013/05/19 13:47:45 +0200 TSITSIS-PC Oli MESSAGE Scheduled update executed successfully: database updated from version v2013.05.16.04 to version v2013.05.19.04
2013/05/19 13:47:45 +0200 TSITSIS-PC Oli MESSAGE Starting database refresh
2013/05/19 13:47:45 +0200 TSITSIS-PC Oli MESSAGE Stopping IP protection
2013/05/19 13:48:15 +0200 TSITSIS-PC Oli MESSAGE IP Protection stopped successfully
2013/05/19 13:51:00 +0200 TSITSIS-PC Oli MESSAGE Database refreshed successfully
2013/05/19 13:51:09 +0200 TSITSIS-PC Oli MESSAGE Starting IP protection
2013/05/19 13:51:16 +0200 TSITSIS-PC Oli MESSAGE IP Protection started successfully

2013/05/21 16:35:23 +0200 TSITSIS-PC Oli MESSAGE Stopping protection
2013/05/21 16:35:24 +0200 TSITSIS-PC Oli MESSAGE Protection stopped successfully
2013/05/21 16:35:24 +0200 TSITSIS-PC Oli MESSAGE Stopping IP protection
2013/05/21 16:35:28 +0200 TSITSIS-PC Oli MESSAGE IP Protection stopped successfully

2013/06/15 20:37:13 +0200 TSITSIS-PC Oli MESSAGE Protection stopped
2013/06/15 20:37:37 +0200 TSITSIS-PC Oli MESSAGE Starting database refresh
2013/06/15 20:37:40 +0200 TSITSIS-PC Oli MESSAGE Database refreshed successfully

15.06.2013, 14:57	#8
markusg /// Malware-holic	System Care Antivirus beseitigen kopier sie einfach rein. oder auf die schaltfläche code klicken. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

15.06.2013, 19:27	#14
markusg /// Malware-holic	System Care Antivirus beseitigen und die alten logs mit funden __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

System Care Antivirus beseitigen

Log-Analyse und Auswertung: System Care Antivirus beseitigen