| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TREND MICRO Office Scan meldet BedrohungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.09.2013, 21:59
| #1 |
 |  TREND MICRO Office Scan meldet Bedrohungen Hallo zusammen, Kann mir vielleicht jemand helfen. Ich bekomme ständig folgende Meldung vom OfficeScan (siehe BilD): TREND MICRO Office Scan: Office Scan hat einen Verstoß gegen die Web-Siucherheitsrichtlinie entdeckt und die untere URL gesprerrt. Obwohl ich die Seite nie geöffnet habe, kommt diese Meldung immer wieder.  Wie kann ich diese Benachrichtigungen abschalten ? Vielen Dank |
|
22.09.2013, 22:31
| #2 | |
| /// TB-Ausbilder   | TREND MICRO Office Scan meldet Bedrohungen Hallo,
__________________Zitat:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
23.09.2013, 08:10
| #3 |
| | TREND MICRO Office Scan meldet Bedrohungen Hallo Leo,
__________________erstmal Vielen Dank für deine Antwort. Ich habe versucht das selbst in den Griff zu kriegen, habe aber nicht gechafft.  Hier sind die Logs: Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-09-2013
Ran by ppak at 2013-09-23 08:17:21
Running from C:\Users\ppak\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs ======================
Update for Microsoft Office 2007 (KB2508958) (x32)
2007 Microsoft Office system (x32 Version: 12.0.6612.1000)
7-Zip 9.20 (x32)
Adobe Connect 9 Add-in (HKCU Version: 11,2,247,0)
Adobe Connect Add-in (HKCU)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader X (10.1.4) - Deutsch (x32 Version: 10.1.4)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.8.612)
AFPL Ghostscript 8.54 (x32)
AFPL Ghostscript Fonts (x32)
Anzeige am Bildschirm (Version: 6.60.01)
Apple Mobile Device Support (Version: 6.0.1.3)
Conexant 20672 SmartAudio HD (Version: 8.32.23.2)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0)
Google Chrome (HKCU Version: 29.0.1547.76)
IBM Lotus Sametime Connect 7.5.1 (x32 Version: 7.5.70413)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (x32 Version: 1.1.0.1147)
Integrated Camera TWAIN (x32 Version: 1.0.11.1223)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Identity Protection Technology 1.0.74.0 (x32 Version: 1.0.74.0)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Network Connections Drivers (Version: 16.4)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2538)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.2.0000)
Java Auto Updater (x32 Version: 2.1.9.5)
Java(TM) 6 Update 29 (64-bit) (Version: 6.0.290)
Java(TM) 6 Update 29 (x32 Version: 6.0.290)
Juniper Networks Network Connect 6.5.0 (x32 Version: 6.5.0.17883)
Juniper Networks Setup Client (HKCU Version: 2.1.7.9797)
Lenovo Auto Scroll Utility (Version: 1.10)
Lenovo Patch Utility (x32 Version: 1.0.1.1)
Lenovo Patch Utility 64 bit (Version: 1.2.0.1)
Lenovo Screen Reading Optimizer (x32 Version: 1.10)
Lenovo System Interface Driver (Version: 1.05)
Lotus Notes 8.5.3 de (x32 Version: 8.53.11286)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Visio MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visio 2010 Service Pack 1 (SP1) (x32)
Microsoft Visio Premium 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728)
Mobile Broadband Drivers (x32 Version: 6.5.1.5)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Notepad++ (x32 Version: 6.3)
NVIDIA 3D Vision Treiber 275.93 (Version: 275.93)
NVIDIA Grafiktreiber 275.93 (Version: 275.93)
NVIDIA HD-Audiotreiber 1.2.23.3 (Version: 1.2.23.3)
NVIDIA Install Application (Version: 2.275.82.0)
NVIDIA Optimus 1.3.12 (Version: 1.3.12)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.7593)
NVIDIA Systemsteuerung 275.93 (Version: 275.93)
NVIDIA Update Components (Version: 1.3.12)
Radio.fx (x32)
RICOH_Media_Driver_v2.13.18.02 (x32 Version: 2.13.18.02)
Skype Click to Call (x32 Version: 5.9.9216)
Skype™ 6.3 (x32 Version: 6.3.107)
System Update (x32 Version: 4.01.0015)
TeamViewer 8 (x32 Version: 8.0.20935)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.4.0.2900)
ThinkPad Energie-Manager (x32 Version: 3.62)
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Modem Adapter (Version: 7.80.5.0)
ThinkPad Power Management Driver (Version: 1.64.00.00)
ThinkPad UltraNav Driver (Version: 15.3.27.1)
ThinkVantage Communications Utility (Version: 2.01)
ThinkVantage Fingerprint Software (Version: 5.9.5.7038)
ThinkVantage GPS (x32 Version: 2.73)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.75)
tools-freebsd (x32 Version: 8.8.5.893925)
tools-linux (x32 Version: 8.8.5.893925)
tools-netware (x32 Version: 8.8.5.893925)
tools-solaris (x32 Version: 8.8.5.893925)
tools-windows (x32 Version: 8.8.5.893925)
tools-winPre2k (x32 Version: 8.8.5.893925)
Trend Micro OfficeScan Client (x32 Version: 10.5)
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VmciSockets (Version: 9.1.55.1)
VMware Remote Console Plug-in (x32 Version: 2.5.0.252576)
VMware vSphere Client 4.1 (x32 Version: 4.1.0.12319)
VMware Workstation (x32 Version: 8.0.5.33341)
Windows 7 Codec Pack 4.0.2 (x32 Version: 4.0.2)
==================== Restore Points =========================
20-09-2013 22:25:46 Removed Apple Application Support
22-09-2013 20:15:27 Installed SpyHunter
22-09-2013 20:32:43 Removed SpyHunter
23-09-2013 06:08:49 Removed Apple Software Update
23-09-2013 06:12:55 Removed Apple Mobile Device Support
==================== Hosts content: ==========================
2009-07-14 04:34 - 2012-06-19 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {10ED9013-D9B4-4C01-AB03-3D3D4284676A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-22] (Adobe Systems Incorporated)
Task: {1C670496-34BF-466C-AC27-43FDF90B45C9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1267249724-2912316410-597184085-6338UA => C:\Users\ppak\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-28] (Google Inc.)
Task: {3531C870-CA0E-4A81-9B18-CDB7AF275092} - System32\Tasks\{70C40147-A730-43B7-8261-99C383B88680} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/abandoninstall?page=tsProgressBar
Task: {3B526A6C-8740-451B-ADB1-1A73BBBDEB20} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {8B282F8A-0F0C-459E-97ED-ABC089EC4BEB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {999C21E3-BF8D-489C-A5C1-331B8A73797F} - System32\Tasks\{96127D7E-8CA2-48DF-88F8-A0FD72C6800F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/abandoninstall?page=tsProgressBar
Task: {B42F8B8A-CDF6-44F4-B52B-415C0059F32C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1267249724-2912316410-597184085-6338Core => C:\Users\ppak\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-28] (Google Inc.)
Task: {CB0F5DE4-B7F4-41CC-AE61-4D19F5A2FE11} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267249724-2912316410-597184085-6338Core.job => C:\Users\ppak\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267249724-2912316410-597184085-6338UA.job => C:\Users\ppak\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-01-12 14:04 - 2011-07-04 04:02 - 00055296 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\Windows\system32\Sensor64.dll
2009-07-14 02:34 - 2009-07-14 03:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\System32\Speech\SpeechUX\SpTip.dll
2012-01-12 13:59 - 2011-03-06 21:20 - 00286720 _____ (Intel Corporation) C:\Windows\system32\igfxrDEU.lrc
2012-01-12 13:59 - 2011-03-06 21:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-07-14 02:34 - 2009-07-14 03:41 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\Speech\SpeechUX\SpeechUXPS.DLL
2013-02-01 21:30 - 2013-06-03 13:06 - 09907712 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\TOBITCLT.dll
2013-02-01 21:30 - 2013-05-16 14:28 - 00242688 _____ () C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-client$.ger
2011-09-16 03:27 - 2011-09-16 03:27 - 21757952 _____ (IBM Corp) C:\Notes\nnotesws.dll
2011-09-16 03:07 - 2011-09-16 03:07 - 03219456 _____ (IBM Corp) C:\Notes\nxmlproc.dll
2004-04-20 16:38 - 2004-04-20 16:38 - 00499712 _____ (Microsoft Corporation) C:\Notes\MSVCP71.dll
2004-04-20 16:38 - 2004-04-20 16:38 - 00348160 _____ (Microsoft Corporation) C:\Notes\MSVCR71.dll
2011-09-16 03:27 - 2011-09-16 03:27 - 24031232 _____ (IBM Corp) C:\Notes\nnotes.dll
2011-09-16 02:15 - 2011-09-16 02:15 - 00364544 _____ (IBM Corp) C:\Notes\js32.dll
2011-09-16 03:10 - 2011-09-16 03:10 - 01900544 _____ (IBM Corp) C:\Notes\NLSCCSTR.DLL
2011-09-16 03:13 - 2011-09-16 03:13 - 03895296 _____ (IBM) C:\Notes\nsdhelp.dll
2011-09-16 03:06 - 2011-09-16 03:06 - 00006144 _____ (IBM Corp) C:\Notes\ndgts.dll
2011-09-16 03:07 - 2011-09-16 03:07 - 00442368 _____ (IBM Corp) C:\Notes\ndxlo.dll
2011-09-16 03:07 - 2011-09-16 03:07 - 00118784 _____ (IBM Corp) C:\Notes\nxmlcommon.dll
2011-09-16 01:55 - 2011-09-16 01:55 - 00175104 _____ (Lotus Development Corporation.) C:\Notes\LTOUIN22.dll
2011-09-16 03:09 - 2011-09-16 03:09 - 00035328 _____ (IBM Corp) C:\Notes\nxpm.dll
2011-09-16 03:27 - 2011-09-16 03:27 - 01183744 _____ (IBM Corp) C:\Notes\NSTRINGS.DLL
2011-09-16 03:17 - 2011-09-16 03:17 - 00011264 _____ (IBM Corp) C:\Notes\namhook.DLL
2011-09-16 03:12 - 2011-09-16 03:12 - 00028160 _____ (IBM Corp) C:\Notes\nTCP.DLL
2007-09-24 19:44 - 2007-09-24 19:44 - 00069632 _____ (IBM) C:\Notes\icc\icclib\icclib.dll
2007-09-24 19:44 - 2007-09-24 19:44 - 00774144 _____ (OpenSSL - www.openssl.org) C:\Notes\icc\osslib\libeay32.dll
2011-09-16 03:13 - 2011-09-16 03:13 - 00030208 _____ (IBM Corp) C:\Notes\nplugins.dll
2011-09-16 03:08 - 2011-09-16 03:08 - 02129920 _____ (IBM Corp) C:\Notes\nlsxbe.DLL
2011-09-16 03:08 - 2011-09-16 03:08 - 00020992 _____ (IBM Corp) C:\Notes\nDBnotes.DLL
2011-09-16 03:09 - 2011-09-16 03:09 - 00139264 _____ (IBM Corp) C:\Notes\nftgtr40.DLL
2011-09-16 03:09 - 2011-09-16 03:09 - 00569344 _____ (IBM Corp) C:\Notes\gtr40nts.dll
2008-12-19 04:56 - 2008-12-19 04:56 - 00135168 _____ (Autonomy, Inc.) C:\Notes\kvfilter.dll
2002-06-13 23:43 - 2002-06-13 23:43 - 00401462 _____ (Microsoft Corporation) C:\Notes\MSVCP60.dll
2011-09-16 03:08 - 2011-09-16 03:08 - 00034304 _____ (IBM Corp) C:\Notes\naldaemn.DLL
2011-09-15 16:19 - 2011-09-15 16:19 - 00081920 _____ () C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\eclipse_1118.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00111880 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9vm\jvm.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00378120 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9vm24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00039176 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\J9THR24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00018184 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\J9HOOKABLE24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00140552 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\J9PRT24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00056584 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9zlib24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00058632 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\iverel24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00010504 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\vmi.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00021768 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\hyprtshim24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00012552 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\HYTHR.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00140552 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9dmp24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00011528 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\jsig.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 03847432 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9jit24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00349448 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9gc24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00136456 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9dyn24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00201992 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9jvmti24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00128264 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9vrb24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00337160 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\jclscar_24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00222472 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9shr24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00128264 _____ (IBM) C:\Notes\jvm\bin\java.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00012040 _____ (IBM) C:\Notes\jvm\bin\dbgwrapper.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00011016 _____ (International Business Machines Corporation) C:\Notes\jvm\bin\j9jar24.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00079112 _____ (IBM) C:\Notes\jvm\bin\zip.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00091400 _____ (IBM) C:\Notes\jvm\bin\net.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00031496 _____ (IBM) C:\Notes\jvm\bin\nio.dll
2011-09-15 16:19 - 2011-09-15 16:19 - 00110592 _____ () C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\pipeserver.dll
2012-04-04 11:32 - 2012-04-04 11:32 - 00385024 _____ (Eclipse Foundation) C:\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\214\1\.cp\swt-win32-3659.dll
2012-04-04 11:32 - 2012-04-04 11:32 - 00073728 _____ () C:\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\214\1\.cp\swtIbmWrapper.dll
2012-04-04 11:32 - 2012-04-04 11:32 - 00118784 _____ (Eclipse Foundation) C:\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\214\1\.cp\swt-gdip-win32-3659.dll
2012-04-04 11:32 - 2012-04-04 11:32 - 00090112 _____ (IBM Corp) C:\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\784\1\.cp\os\win32\notesbootstrap.dll
2011-09-16 03:13 - 2011-09-16 03:13 - 00069632 _____ (IBM Corp) C:\Notes\nnoteswc.dll
2011-09-15 16:19 - 2011-09-15 16:19 - 00208896 _____ () C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.3.20110915-1350\os\win32\x86\os.dll
2012-04-16 09:05 - 2012-04-16 09:05 - 04505600 _____ () C:\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\530\1\.cp\os\win32\x86\PhoneGridGIPS.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00147456 _____ () C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\swtxpcom.dll
2012-04-16 09:05 - 2012-04-16 09:05 - 00073728 _____ () C:\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\541\1\.cp\os\win32\NativeNetInfo.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00167936 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\nspr4.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00712704 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\MOZCRT19.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00014848 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\plc4.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00012288 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\plds4.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00462336 _____ (sqlite.org) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\sqlite3.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00081920 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\nssutil3.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00155648 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\softokn3.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00638976 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\nss3.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00135168 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\ssl3.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00098304 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\smime3.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00841728 _____ () C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\js3250.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 10148864 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\xul.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00712704 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\MOZCPP19.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00012288 _____ (Mozilla Foundation) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.xulrunner.runtime.win32.x86_6.2.3.20110915-1350\xulrunner\xpcom.dll
2012-04-16 09:05 - 2012-04-16 09:05 - 00028672 _____ (International Business Machines Corporation) C:\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\824\1\.cp\os\win32\x86\ActivityMonitor.dll
2012-04-04 11:33 - 2012-04-04 11:33 - 00098304 _____ () C:\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\879\1\.cp\DTSearch.dll
2011-09-16 03:08 - 2011-09-16 03:08 - 02129920 _____ (IBM Corp) C:\Notes\nlsxbe.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 01230088 _____ (IBM) C:\Notes\jvm\bin\awt.dll
2011-07-14 10:24 - 2011-07-14 10:24 - 00337160 _____ (IBM) C:\Notes\jvm\bin\fontmanager.dll
2012-04-04 11:28 - 2012-04-04 11:28 - 00106496 _____ () C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.3.20110915-1350\os\win32\x86\comex.dll
2013-09-20 12:34 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2013-09-20 12:34 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
2011-09-16 03:08 - 2011-09-16 03:08 - 00122880 _____ (IBM Corp) C:\Notes\nwrdaemndll.DLL
2011-09-16 03:08 - 2011-09-16 03:08 - 00045056 _____ (IBM Corp) C:\Notes\nhkdaemn.DLL
2011-09-16 03:12 - 2011-09-16 03:12 - 00118784 _____ (IBM Corp) C:\Notes\nNTCP.DLL
2011-09-16 03:09 - 2011-09-16 03:09 - 00006144 _____ (IBM Corp) C:\Notes\nhldaemn.DLL
2011-09-16 03:13 - 2011-09-16 03:13 - 00143360 _____ (IBM Corp) C:\Notes\ntlupdat.DLL
2013-08-18 00:38 - 2013-08-18 00:38 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-08-12 06:20 - 2011-08-12 06:20 - 00247400 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
2013-09-11 10:57 - 2013-09-11 10:57 - 16177544 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/23/2013 07:58:51 AM) (Source: vmauthd) (User: )
Description: 2013-09-23T07:58:51.222+02:00| vthread-4| E105: Cannot find perfmon object in array returned by perfDLL, index=0
Error: (09/23/2013 07:57:59 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/22/2013 11:10:14 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/22/2013 10:16:43 PM) (Source: Application Hang) (User: )
Description: Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1728
Startzeit: 01ceb7cec1c5ceaa
Endzeit: 15
Anwendungspfad: C:\Users\ppak\Downloads\OTL.exe
Berichts-ID:
Error: (09/22/2013 09:59:34 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/22/2013 09:45:19 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (09/22/2013 09:36:35 PM) (Source: vmauthd) (User: )
Description: 2013-09-22T21:36:35.695+02:00| vthread-4| E105: Cannot find perfmon object in array returned by perfDLL, index=0
Error: (09/22/2013 09:35:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2013 10:23:19 PM) (Source: vmauthd) (User: )
Description: 2013-09-21T22:23:19.469+02:00| vthread-4| E105: Cannot find perfmon object in array returned by perfDLL, index=0
Error: (09/21/2013 10:22:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/23/2013 07:58:47 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error: (09/23/2013 07:57:35 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "TeamViewer 8" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/23/2013 07:57:35 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst TeamViewer 8 erreicht.
Error: (09/23/2013 07:57:04 AM) (Source: Microsoft-Windows-GroupPolicy) (User: ppak)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (09/23/2013 07:56:50 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT-AUTORITÄT)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Error: (09/23/2013 07:56:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/23/2013 07:56:49 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.
Error: (09/23/2013 07:56:49 AM) (Source: NETLOGON) (User: )
Description: Der Computer konnte eine sichere Sitzung mit einem
Domänencontroller in der Domäne ppak aufgrund der folgenden
Ursache nicht einrichten:
%%1311
Dies kann zu Authentifizierungsproblemen führen. Stellen
Sie sicher, dass der Computer mit dem Netzwerk verbunden ist.
Wenden Sie sich an den Domänenadministrator, wenn das Problem
weiterhin besteht.
ZUSÄTZLICHE INFORMATIONEN
Wenn dieser Computer ein Domänencontroller der bestimmten
Domäne ist, wird eine sichere Sitzung zum primären
Domänencontrolleremulator in der bestimmten Domäne eingerichtet.
Andernfalls richtet dieser Computer eine sichere Sitzung zu
einem beliebigen Domänencontroller in der bestimmten Domäne ein.
Error: (09/22/2013 09:36:25 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error: (09/22/2013 09:35:24 PM) (Source: Microsoft-Windows-GroupPolicy) (User: ppak)
Description: Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.
Microsoft Office Sessions:
=========================
Error: (02/14/2012 07:29:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6470 seconds with 2040 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-09-23 07:56:31.702
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-23 07:56:31.530
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-22 21:34:58.524
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-22 21:34:58.383
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-21 22:22:11.797
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-21 22:22:11.641
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-21 10:40:14.610
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-21 10:40:14.454
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-21 01:38:07.485
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-09-21 01:38:07.329
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\acedrv07.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 16271.23 MB
Available physical RAM: 12758.48 MB
Total Pagefile: 32540.65 MB
Available Pagefile: 28925.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (SYSTEM) (Fixed) (Total:465.74 GB) (Free:132.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 8E4A6FC6)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2013
Ran by ppak (administrator) on ppak on 23-09-2013 08:14:34
Running from C:\Users\ppak\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(baramundi software AG) C:\Windows\SysWOW64\BFCRX.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(IBM Corp) C:\Notes\SUService.exe
(IBM) C:\Notes\nsd.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(IBM Corp) C:\Notes\ntmulti.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(IBM Corp) C:\Notes\NLNOTES.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
(IBM) C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(IBM Corp) C:\Notes\ntaskldr.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2010-12-16] (Lenovo Group Limited)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-07-14] (Authentec Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [RfxSrvTray] - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKCU\...\Run: [Google Update] - C:\Users\ppak\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-28] (Google Inc.)
HKCU\...\Run: [NvCplWow64] - %SystemRoot%\SysWOW64\Rundll32.exe "%AppData%\Microsoft Corporation\thetorPw.ml6",Control_RunDLL
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1605992 2011-07-04] (Lenovo Group Limited)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1375688 2011-03-14] (Trend Micro Inc.)
HKLM-x32\...\Run: [vmware-tray] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103576 2012-10-31] (VMware, Inc.)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll C:\Windows\system32\nvinitx.dll [97280 2009-07-14] ()
AppInit_DLLs-x32: c:\progra~3\browse~2\261125~1.80\{c16c1~1\browse~1.dll [ ] ()
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EB4CC373CD4CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {B94C2238-346E-4C5E-9B36-8CC627F35574}
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://access.ppak.de/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63128] (VMware, Inc.)
Winsock: Catalog9 13 %SystemRoot%\system32\vsocklib.dll [63128] (VMware, Inc.)
Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67224] (VMware, Inc.)
Winsock: Catalog9-x64 13 %SystemRoot%\system32\vsocklib.dll [67224] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C2CC4E1C-D1AA-421A-ADA3-97BD3FB6565B}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{C33E2E22-E6DD-4DAD-8FA3-76F8B024F87C}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{E4850330-5FDC-4033-8DEF-FD2392B2DB90}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\ppak\AppData\Roaming\Mozilla\Firefox\Profiles\dosh1zv2.default-1371104754674
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ppak\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ppak\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ppak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\ppak\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\ppak\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\ppak\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Unity Player) - C:\Users\ppak\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\ppak\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\ppak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\ppak\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\ppak\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\ppak\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Skype Click to Call) - C:\Users\ppak\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\ppak\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ppak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 BFCRX; C:\Windows\SysWOW64\BFCRX.exe [609704 2012-04-20] (baramundi software AG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-07-04] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LNSUSvc; C:\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Notes\nsd.exe [4453768 2011-09-16] (IBM)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Multi-user Cleanup Service; C:\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [2105976 2011-02-23] (Trend Micro Inc.)
S2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [2389448 2011-02-23] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [917768 2010-04-24] (Trend Micro Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11840000 2012-10-31] ()
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
==================== Drivers (Whitelisted) ====================
S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2012-04-14] ()
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-23] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-23] (Ericsson AB)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-13] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-13] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-13] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-13] (MCCI Corporation)
R2 smihlp2; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-12-07] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder iPhone Edition\SysInfoX64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-23 08:14 - 2013-09-23 08:14 - 00000000 ____D C:\FRST
2013-09-23 08:12 - 2013-09-23 08:12 - 01955550 _____ (Farbar) C:\Users\ppak\Downloads\FRST64.exe
2013-09-23 07:58 - 2013-09-23 07:58 - 00000000 ____D C:\Users\ppak\AppData\Roaming\smkits
2013-09-22 22:17 - 2013-09-22 22:17 - 00000000 _____ C:\autoexec.bat
2013-09-22 22:16 - 2013-09-22 22:16 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-22 22:15 - 2013-09-22 22:34 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-22 21:40 - 2013-09-22 21:40 - 00000000 ___SD C:\ComboFix
2013-09-21 00:52 - 2013-09-21 00:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-21 00:27 - 2013-09-22 21:37 - 00000000 ____D C:\AdwCleaner
2013-09-20 12:34 - 2013-09-20 12:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ppak\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-20 12:34 - 2013-09-20 12:34 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\Users\ppak\AppData\Roaming\Malwarebytes
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-20 12:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-20 11:57 - 2013-09-20 11:58 - 00000000 ____D C:\Qoobox
2013-09-20 11:57 - 2013-09-20 11:57 - 00000000 ____D C:\Windows\erdnt
2013-09-19 20:17 - 2013-09-19 20:18 - 00000000 ____D C:\Users\ppak\Desktop\usb
2013-09-19 11:08 - 2013-09-19 20:26 - 00000000 ____D C:\Users\ppak\Desktop\Neuer Ordner (2)
2013-09-12 13:18 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 13:18 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 13:18 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 13:18 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 13:18 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 13:18 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 13:18 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 13:18 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 13:18 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 13:18 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 13:18 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 13:18 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 10:41 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 10:41 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 10:41 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 10:41 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 10:41 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 10:41 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 10:41 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 10:41 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 10:41 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 10:41 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 10:41 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 10:41 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 10:41 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 10:41 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 10:41 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 10:41 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 10:41 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 10:41 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 10:41 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 10:41 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 10:41 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 10:41 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 10:41 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 10:41 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 10:41 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 10:41 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-06 07:30 - 2013-09-06 07:30 - 00003216 ____N C:\bootsqm.dat
==================== One Month Modified Files and Folders =======
2013-09-23 08:14 - 2013-09-23 08:14 - 00000000 ____D C:\FRST
2013-09-23 08:12 - 2013-09-23 08:12 - 01955550 _____ (Farbar) C:\Users\ppak\Downloads\FRST64.exe
2013-09-23 08:11 - 2009-07-14 06:45 - 00022000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 08:11 - 2009-07-14 06:45 - 00022000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 08:08 - 2012-01-12 13:53 - 01224564 _____ C:\Windows\WindowsUpdate.log
2013-09-23 07:58 - 2013-09-23 07:58 - 00000000 ____D C:\Users\ppak\AppData\Roaming\smkits
2013-09-23 07:58 - 2012-04-16 12:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-23 07:58 - 2012-01-16 12:46 - 00000000 ____D C:\ProgramData\VMware
2013-09-23 07:56 - 2012-04-03 10:57 - 00476448 _____ C:\SUService.log
2013-09-23 07:56 - 2012-01-12 14:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-23 07:56 - 2012-01-12 13:47 - 00609654 _____ C:\Windows\SysWOW64\bfcrx.log
2013-09-23 07:56 - 2010-11-21 05:47 - 00068622 _____ C:\Windows\PFRO.log
2013-09-23 07:56 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 07:56 - 2009-07-14 06:51 - 00150519 _____ C:\Windows\setupact.log
2013-09-22 22:34 - 2013-09-22 22:15 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-22 22:21 - 2013-07-28 22:10 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267249724-2912316410-597184085-6338UA.job
2013-09-22 22:21 - 2013-07-28 22:10 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267249724-2912316410-597184085-6338Core.job
2013-09-22 22:17 - 2013-09-22 22:17 - 00000000 _____ C:\autoexec.bat
2013-09-22 22:16 - 2013-09-22 22:16 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-22 21:57 - 2012-04-16 12:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-22 21:57 - 2012-04-16 12:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-22 21:57 - 2012-04-16 12:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-22 21:40 - 2013-09-22 21:40 - 00000000 ___SD C:\ComboFix
2013-09-22 21:37 - 2013-09-21 00:27 - 00000000 ____D C:\AdwCleaner
2013-09-21 01:39 - 2012-01-12 14:29 - 00004132 _____ C:\Windows\system32\TmInstall.log
2013-09-21 00:52 - 2013-09-21 00:52 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-20 13:26 - 2013-07-28 22:10 - 00002347 _____ C:\Users\ppak\Desktop\Google Chrome.lnk
2013-09-20 13:03 - 2012-01-12 13:45 - 00000336 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-20 12:40 - 2012-01-12 14:31 - 00009042 _____ C:\Windows\cfgall.ini
2013-09-20 12:34 - 2013-09-20 12:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ppak\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-20 12:34 - 2013-09-20 12:34 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\Users\ppak\AppData\Roaming\Malwarebytes
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-20 11:58 - 2013-09-20 11:57 - 00000000 ____D C:\Qoobox
2013-09-20 11:58 - 2012-01-16 12:46 - 00000000 ____D C:\Users\ppak\AppData\Roaming\VMware
2013-09-20 11:58 - 2012-01-16 12:44 - 00000000 ____D C:\Users\ppak\AppData\Local\VMware
2013-09-20 11:57 - 2013-09-20 11:57 - 00000000 ____D C:\Windows\erdnt
2013-09-20 11:46 - 2013-03-05 10:49 - 00000000 ____D C:\Users\ppak\Desktop\itu
2013-09-20 08:47 - 2013-03-01 23:46 - 00000000 ____D C:\Users\ppak\Desktop\Anleitungen
2013-09-20 08:23 - 2013-02-12 13:19 - 00000000 ____D C:\Users\ppak\Desktop\Pr
2013-09-19 20:26 - 2013-09-19 11:08 - 00000000 ____D C:\Users\ppak\Desktop\Neuer Ordner (2)
2013-09-19 20:24 - 2013-06-12 16:51 - 00000000 ____D C:\Users\ppak\Desktop\image
2013-09-19 20:18 - 2013-09-19 20:17 - 00000000 ____D C:\Users\ppak\Desktop\usb
2013-09-19 12:35 - 2011-04-12 09:43 - 01590370 _____ C:\Windows\system32\perfh007.dat
2013-09-19 12:35 - 2011-04-12 09:43 - 00434618 _____ C:\Windows\system32\perfc007.dat
2013-09-19 12:35 - 2009-07-14 07:13 - 00006894 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-17 14:02 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-17 10:33 - 2013-01-23 14:20 - 00001096 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-12 18:00 - 2012-01-13 11:55 - 00000000 ___RD C:\Users\ppak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 18:00 - 2012-01-13 11:55 - 00000000 ___RD C:\Users\ppak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 17:56 - 2009-07-14 06:45 - 00353016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 13:18 - 2013-07-20 14:18 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 13:14 - 2012-01-13 15:17 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 13:14 - 2012-01-12 15:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-07 00:41 - 2012-01-16 13:05 - 00000000 ____D C:\Users\ppak\AppData\Roaming\Skype
2013-09-06 07:30 - 2013-09-06 07:30 - 00003216 ____N C:\bootsqm.dat
2013-09-05 07:09 - 2009-07-14 04:34 - 00000450 _____ C:\Windows\win.ini
2013-08-31 12:13 - 2013-04-05 11:49 - 00000000 ____D C:\Users\ppak\Desktop\Online
Some content of TEMP:
====================
C:\Users\barainst\AppData\Local\Temp\InstallAX.exe
C:\Users\barainst\AppData\Local\Temp\InstallPlugin.exe
C:\Users\barainst\AppData\Local\Temp\ose00000.exe
C:\Users\ppak\AppData\Local\Temp\Quarantine.exe
C:\Users\ppak\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-02 07:37
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Und noch mal DANKE für deine Hilfe. |
|
23.09.2013, 08:25
| #4 |
| /// TB-Ausbilder | TREND MICRO Office Scan meldet Bedrohungen Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ cheers, Leo |
|
23.09.2013, 09:47
| #5 |
| | TREND MICRO Office Scan meldet Bedrohungen hier ist die Log Datei: Code:
ATTFilter 10:35:30.0087 6868 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:35:30.0546 6868 ============================================================
10:35:30.0546 6868 Current date / time: 2013/09/23 10:3g5:30.0546
10:35:30.0546 6868 SystemInfo:
10:35:30.0546 6868
10:35:30.0546 6868 OS Version: 6.1.7601 ServicePack: 1.0
10:35:30.0546 6868 Product type: Workstation
10:35:30.0547 6868 ComputerName: ppack
10:35:30.0547 6868 UserName: ppack
10:35:30.0548 6868 Windows directory: C:\Windows
10:35:30.0548 6868 System windows directory: C:\Windows
10:35:30.0548 6868 Running under WOW64
10:35:30.0548 6868 Processor architecture: Intel x64
10:35:30.0548 6868 Number of processors: 4
10:35:30.0548 6868 Page size: 0x1000
10:35:30.0548 6868 Boot type: Normal boot
10:35:30.0548 6868 ============================================================
10:35:32.0376 6868 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:35:32.0392 6868 ============================================================
10:35:32.0392 6868 \Device\Harddisk0\DR0:
10:35:32.0392 6868 MBR partitions:
10:35:32.0392 6868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A37CE80
10:35:32.0393 6868 ============================================================
10:35:32.0422 6868 C: <-> \Device\Harddisk0\DR0\Partition1
10:35:32.0422 6868 ============================================================
10:35:32.0422 6868 Initialize success
10:35:32.0422 6868 ============================================================
10:36:19.0542 7372 ============================================================
10:36:19.0542 7372 Scan started
10:36:19.0542 7372 Mode: Manual; SigCheck; TDLFS;
10:36:19.0542 7372 ============================================================
10:36:22.0290 7372 ================ Scan system memory ========================
10:36:22.0290 7372 System memory - ok
10:36:22.0299 7372 ================ Scan services =============================
10:36:22.0550 7372 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
10:36:22.0833 7372 1394ohci - ok
10:36:22.0876 7372 [ F4AF97702BAD85BFEF64B9A557F11B6F ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
10:36:23.0001 7372 5U877 - ok
10:36:23.0063 7372 [ 6E9C8B324980AFE454C6F7762E2B4478 ] acedrv07 C:\Windows\system32\drivers\acedrv07.sys
10:36:23.0170 7372 acedrv07 ( UnsignedFile.Multi.Generic ) - warning
10:36:23.0171 7372 acedrv07 - detected UnsignedFile.Multi.Generic (1)
10:36:23.0194 7372 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:36:23.0335 7372 ACPI - ok
10:36:23.0383 7372 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:36:23.0510 7372 AcpiPmi - ok
10:36:23.0652 7372 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:36:23.0765 7372 AdobeARMservice - ok
10:36:23.0936 7372 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:36:24.0053 7372 AdobeFlashPlayerUpdateSvc - ok
10:36:24.0093 7372 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:36:24.0229 7372 adp94xx - ok
10:36:24.0269 7372 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:36:24.0392 7372 adpahci - ok
10:36:24.0414 7372 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:36:24.0521 7372 adpu320 - ok
10:36:24.0551 7372 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:36:24.0726 7372 AeLookupSvc - ok
10:36:24.0788 7372 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:36:24.0869 7372 AFD - ok
10:36:24.0898 7372 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:36:24.0973 7372 agp440 - ok
10:36:24.0998 7372 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:36:25.0136 7372 ALG - ok
10:36:25.0181 7372 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:36:25.0280 7372 aliide - ok
10:36:25.0342 7372 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:36:25.0414 7372 amdide - ok
10:36:25.0438 7372 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:36:25.0528 7372 AmdK8 - ok
10:36:25.0541 7372 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:36:25.0630 7372 AmdPPM - ok
10:36:25.0674 7372 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:36:25.0756 7372 amdsata - ok
10:36:25.0784 7372 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:36:25.0887 7372 amdsbs - ok
10:36:25.0904 7372 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:36:25.0968 7372 amdxata - ok
10:36:25.0999 7372 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
10:36:26.0127 7372 AMPPAL - ok
10:36:26.0141 7372 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
10:36:26.0175 7372 AMPPALP - ok
10:36:26.0276 7372 [ 864C632B999BE1237A3DC46736E71F27 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
10:36:26.0604 7372 AMPPALR3 - ok
10:36:26.0632 7372 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:36:26.0885 7372 AppID - ok
10:36:26.0909 7372 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:36:27.0107 7372 AppIDSvc - ok
10:36:27.0131 7372 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
10:36:27.0216 7372 Appinfo - ok
10:36:27.0405 7372 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:36:27.0481 7372 Apple Mobile Device - ok
10:36:27.0604 7372 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:36:27.0721 7372 AppMgmt - ok
10:36:27.0742 7372 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:36:27.0820 7372 arc - ok
10:36:27.0846 7372 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:36:27.0927 7372 arcsas - ok
10:36:28.0016 7372 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:36:28.0086 7372 aspnet_state - ok
10:36:28.0110 7372 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:36:28.0266 7372 AsyncMac - ok
10:36:28.0309 7372 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:36:28.0335 7372 atapi - ok
10:36:28.0391 7372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:36:28.0615 7372 AudioEndpointBuilder - ok
10:36:28.0647 7372 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:36:28.0748 7372 AudioSrv - ok
10:36:28.0793 7372 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:36:28.0916 7372 AxInstSV - ok
10:36:28.0959 7372 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:36:29.0084 7372 b06bdrv - ok
10:36:29.0124 7372 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:36:29.0235 7372 b57nd60a - ok
10:36:29.0249 7372 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:36:29.0342 7372 BDESVC - ok
10:36:29.0359 7372 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:36:29.0484 7372 Beep - ok
10:36:29.0544 7372 [ 4C75BB6D39F669C0BCAA0F7E8D6FE18B ] BFCRX C:\Windows\SysWOW64\BFCRX.exe
10:36:29.0720 7372 BFCRX - ok
10:36:29.0772 7372 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:36:29.0933 7372 BFE - ok
10:36:29.0976 7372 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:36:30.0088 7372 BITS - ok
10:36:30.0120 7372 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:36:30.0204 7372 blbdrive - ok
10:36:30.0238 7372 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:36:30.0318 7372 bowser - ok
10:36:30.0333 7372 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:36:30.0402 7372 BrFiltLo - ok
10:36:30.0412 7372 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:36:30.0467 7372 BrFiltUp - ok
10:36:30.0546 7372 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:36:30.0677 7372 BridgeMP - ok
10:36:30.0705 7372 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:36:30.0794 7372 Browser - ok
10:36:30.0817 7372 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:36:30.0944 7372 Brserid - ok
10:36:30.0962 7372 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:36:31.0041 7372 BrSerWdm - ok
10:36:31.0054 7372 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:36:31.0122 7372 BrUsbMdm - ok
10:36:31.0139 7372 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:36:31.0202 7372 BrUsbSer - ok
10:36:31.0248 7372 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:36:31.0337 7372 BthEnum - ok
10:36:31.0349 7372 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:36:31.0437 7372 BTHMODEM - ok
10:36:31.0465 7372 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:36:31.0548 7372 BthPan - ok
10:36:31.0592 7372 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:36:31.0754 7372 BTHPORT - ok
10:36:31.0815 7372 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:36:31.0937 7372 bthserv - ok
10:36:31.0967 7372 [ 9E2AF97302B9F4BF97E952A865EB31AE ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
10:36:32.0041 7372 BTHSSecurityMgr - ok
10:36:32.0067 7372 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:36:32.0173 7372 BTHUSB - ok
10:36:32.0206 7372 [ F8CFAFBD5BF8B3DDB0D3C2943A5AF8CE ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys
10:36:32.0378 7372 BTWAMPFL - ok
10:36:32.0404 7372 [ 24BFF9D75310F3059EE44F38BF0DE0B2 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:36:32.0598 7372 btwaudio - ok
10:36:32.0703 7372 [ 858B305ADE425732CFF9DED182F94FB8 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
10:36:32.0841 7372 btwavdt - ok
10:36:32.0918 7372 [ 6EF8CC2F2FDA2098089A33F43F4E019D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
10:36:33.0094 7372 btwdins - ok
10:36:33.0108 7372 [ B9354F9F111C64F2495B60F1E24CB453 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:36:33.0173 7372 btwl2cap - ok
10:36:33.0186 7372 [ 3BD876387D6C538690300F9EC198856B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:36:33.0247 7372 btwrchid - ok
10:36:33.0284 7372 [ 48360B88C4BF45850653BB7C86888ED4 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
10:36:33.0431 7372 CAXHWAZL - ok
10:36:33.0446 7372 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:36:33.0612 7372 cdfs - ok
10:36:33.0649 7372 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:36:33.0749 7372 cdrom - ok
10:36:33.0777 7372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:36:33.0925 7372 CertPropSvc - ok
10:36:33.0952 7372 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:36:34.0050 7372 circlass - ok
10:36:34.0088 7372 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:36:34.0146 7372 CLFS - ok
10:36:34.0197 7372 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:36:34.0284 7372 clr_optimization_v2.0.50727_32 - ok
10:36:34.0317 7372 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:36:34.0413 7372 clr_optimization_v2.0.50727_64 - ok
10:36:34.0471 7372 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:36:34.0584 7372 clr_optimization_v4.0.30319_32 - ok
10:36:34.0600 7372 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:36:34.0699 7372 clr_optimization_v4.0.30319_64 - ok
10:36:34.0724 7372 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:36:34.0804 7372 CmBatt - ok
10:36:34.0843 7372 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:36:34.0903 7372 cmdide - ok
10:36:34.0969 7372 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:36:35.0100 7372 CNG - ok
10:36:35.0175 7372 [ 8DE541B4CFA281A204BAA3EA2109809E ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:36:35.0451 7372 CnxtHdAudService - ok
10:36:35.0469 7372 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:36:35.0532 7372 Compbatt - ok
10:36:35.0556 7372 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:36:35.0640 7372 CompositeBus - ok
10:36:35.0649 7372 COMSysApp - ok
10:36:35.0671 7372 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:36:35.0733 7372 crcdisk - ok
10:36:35.0806 7372 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:36:35.0912 7372 CryptSvc - ok
10:36:36.0028 7372 CrystalSysInfo - ok
10:36:36.0073 7372 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:36:36.0205 7372 CSC - ok
10:36:36.0242 7372 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:36:36.0363 7372 CscService - ok
10:36:36.0397 7372 [ 9D0D050170D47E778B624A28C90F23DE ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
10:36:36.0513 7372 CxAudMsg - ok
10:36:36.0715 7372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:36:36.0845 7372 DcomLaunch - ok
10:36:36.0867 7372 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:36:37.0001 7372 defragsvc - ok
10:36:37.0020 7372 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:36:37.0146 7372 DfsC - ok
10:36:37.0173 7372 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:36:37.0274 7372 Dhcp - ok
10:36:37.0297 7372 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:36:37.0430 7372 discache - ok
10:36:37.0459 7372 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:36:37.0522 7372 Disk - ok
10:36:37.0542 7372 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:36:37.0619 7372 dmvsc - ok
10:36:37.0662 7372 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:36:37.0748 7372 Dnscache - ok
10:36:37.0770 7372 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:36:37.0908 7372 dot3svc - ok
10:36:37.0959 7372 [ 7719FB1A82B2972B1F326AD2F80C2606 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
10:36:38.0068 7372 DozeSvc - ok
10:36:38.0084 7372 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:36:38.0211 7372 DPS - ok
10:36:38.0246 7372 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:36:38.0303 7372 drmkaud - ok
10:36:38.0376 7372 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:36:38.0460 7372 dsNcAdpt - ok
10:36:38.0535 7372 [ 50687918CBA84A682F8ACC284D41BC66 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
10:36:38.0667 7372 dsNcService - ok
10:36:38.0723 7372 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:36:38.0860 7372 DXGKrnl - ok
10:36:38.0888 7372 [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys
10:36:38.0952 7372 DzHDD64 - ok
10:36:38.0983 7372 [ 992F625B74C675087B5629FC79ABA55B ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
10:36:39.0110 7372 e1cexpress - ok
10:36:39.0146 7372 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:36:39.0302 7372 EapHost - ok
10:36:39.0411 7372 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:36:39.0949 7372 ebdrv - ok
10:36:39.0975 7372 [ F88F2E5806FC405B0FA94B7947A5875E ] ecnssndis C:\Windows\system32\Drivers\wwuss64.sys
10:36:40.0036 7372 ecnssndis - ok
10:36:40.0049 7372 [ C8CD88218EFC28F7E44A9892B3E97F4D ] ecnssndisfltr C:\Windows\system32\Drivers\wwussf64.sys
10:36:40.0107 7372 ecnssndisfltr - ok
10:36:40.0144 7372 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:36:40.0211 7372 EFS - ok
10:36:40.0289 7372 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:36:40.0449 7372 ehRecvr - ok
10:36:40.0466 7372 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:36:40.0572 7372 ehSched - ok
10:36:40.0611 7372 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:36:40.0752 7372 elxstor - ok
10:36:40.0772 7372 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:36:40.0842 7372 ErrDev - ok
10:36:40.0971 7372 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:36:41.0151 7372 EventSystem - ok
10:36:41.0239 7372 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:36:41.0630 7372 EvtEng - ok
10:36:41.0674 7372 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:36:41.0935 7372 exfat - ok
10:36:42.0081 7372 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:36:42.0246 7372 fastfat - ok
10:36:42.0372 7372 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:36:42.0495 7372 Fax - ok
10:36:42.0524 7372 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:36:42.0615 7372 fdc - ok
10:36:42.0772 7372 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:36:43.0025 7372 fdPHost - ok
10:36:43.0137 7372 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:36:43.0309 7372 FDResPub - ok
10:36:43.0355 7372 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:36:43.0501 7372 FileInfo - ok
10:36:43.0555 7372 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:36:43.0768 7372 Filetrace - ok
10:36:43.0807 7372 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:36:43.0894 7372 flpydisk - ok
10:36:43.0954 7372 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:36:44.0038 7372 FltMgr - ok
10:36:44.0211 7372 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
10:36:44.0350 7372 FontCache - ok
10:36:44.0487 7372 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:36:44.0567 7372 FontCache3.0.0.0 - ok
10:36:44.0592 7372 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:36:44.0662 7372 FsDepends - ok
10:36:44.0731 7372 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:36:44.0798 7372 Fs_Rec - ok
10:36:44.0949 7372 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:36:44.0996 7372 fvevol - ok
10:36:45.0211 7372 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:36:45.0290 7372 gagp30kx - ok
10:36:45.0818 7372 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:36:45.0995 7372 gpsvc - ok
10:36:46.0197 7372 [ ADB4348DA1345877B04E22203AFC8993 ] hcmon C:\Windows\system32\drivers\hcmon.sys
10:36:46.0290 7372 hcmon - ok
10:36:46.0328 7372 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:36:46.0429 7372 hcw85cir - ok
10:36:46.0563 7372 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:36:46.0823 7372 HdAudAddService - ok
10:36:46.0873 7372 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:36:47.0011 7372 HDAudBus - ok
10:36:47.0064 7372 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:36:47.0174 7372 HidBatt - ok
10:36:47.0211 7372 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:36:47.0344 7372 HidBth - ok
10:36:47.0384 7372 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:36:47.0482 7372 HidIr - ok
10:36:47.0523 7372 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:36:47.0690 7372 hidserv - ok
10:36:47.0768 7372 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:36:47.0862 7372 HidUsb - ok
10:36:47.0905 7372 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:36:48.0113 7372 hkmsvc - ok
10:36:48.0178 7372 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:36:48.0347 7372 HomeGroupListener - ok
10:36:48.0437 7372 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:36:48.0544 7372 HomeGroupProvider - ok
10:36:48.0637 7372 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:36:48.0820 7372 HpSAMD - ok
10:36:50.0453 7372 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
10:36:50.0564 7372 HsfXAudioService - ok
10:36:50.0914 7372 [ F6AC1087A131FBB385400667BEA64FBE ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
10:36:51.0652 7372 HSF_DPV - ok
10:36:51.0739 7372 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:36:51.0867 7372 HTTP - ok
10:36:51.0907 7372 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:36:51.0965 7372 hwpolicy - ok
10:36:52.0020 7372 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:36:52.0112 7372 i8042prt - ok
10:36:52.0268 7372 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:36:52.0446 7372 iaStorV - ok
10:36:52.0526 7372 [ A9BD44426A69079240767FE4AEE0EA71 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
10:36:52.0655 7372 IBMPMDRV - ok
10:36:52.0681 7372 [ 57D4A3ED5497DB0C5A53E680A9BDD1C6 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
10:36:52.0782 7372 IBMPMSVC - ok
10:36:52.0899 7372 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:36:53.0938 7372 IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:36:53.0938 7372 IDriverT - detected UnsignedFile.Multi.Generic (1)
10:36:54.0050 7372 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:36:54.0181 7372 idsvc - ok
10:36:55.0434 7372 [ 978D876A581D57E0DE6437674EB0014D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:36:57.0527 7372 igfx - ok
10:36:57.0607 7372 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:36:57.0688 7372 iirsp - ok
10:36:57.0863 7372 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:36:58.0221 7372 IKEEXT - ok
10:36:58.0402 7372 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:36:58.0464 7372 intelide - ok
10:36:58.0501 7372 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:36:58.0627 7372 intelppm - ok
10:36:58.0683 7372 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:36:58.0830 7372 IPBusEnum - ok
10:36:58.0900 7372 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:36:59.0291 7372 IpFilterDriver - ok
10:36:59.0355 7372 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:36:59.0477 7372 iphlpsvc - ok
10:36:59.0537 7372 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:36:59.0670 7372 IPMIDRV - ok
10:36:59.0759 7372 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:36:59.0966 7372 IPNAT - ok
10:37:00.0005 7372 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:37:00.0122 7372 IRENUM - ok
10:37:00.0187 7372 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:37:00.0254 7372 isapnp - ok
10:37:00.0337 7372 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:37:00.0459 7372 iScsiPrt - ok
10:37:00.0597 7372 [ 6FAF199FDFFDD2376973143C3E012765 ] jhi_service C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
10:37:00.0728 7372 jhi_service - ok
10:37:00.0800 7372 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:37:00.0900 7372 kbdclass - ok
10:37:00.0932 7372 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:37:01.0026 7372 kbdhid - ok
10:37:01.0059 7372 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:37:01.0094 7372 KeyIso - ok
10:37:01.0133 7372 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:37:01.0197 7372 KSecDD - ok
10:37:01.0263 7372 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:37:01.0343 7372 KSecPkg - ok
10:37:01.0693 7372 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:37:01.0869 7372 ksthunk - ok
10:37:01.0981 7372 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:37:02.0201 7372 KtmRm - ok
10:37:02.0244 7372 [ F761A831C9DC8D0204B7FB43E3A896B7 ] l36wgps C:\Windows\system32\DRIVERS\l36wgps64.sys
10:37:02.0322 7372 l36wgps - ok
10:37:02.0399 7372 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:37:02.0631 7372 LanmanServer - ok
10:37:02.0678 7372 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:37:02.0879 7372 LanmanWorkstation - ok
10:37:02.0975 7372 [ 930BC7B758B9BA5AEC2F5F6F5BE60FFF ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
10:37:04.0508 7372 LENOVO.CAMMUTE - ok
10:37:04.0828 7372 [ 128158D8B1DF639BF3E3FDBCBB64CDAC ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
10:37:05.0497 7372 LENOVO.MICMUTE - ok
10:37:05.0546 7372 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
10:37:05.0599 7372 lenovo.smi - ok
10:37:05.0656 7372 [ 5DA0FA155F8E8F18556C677451953D9D ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
10:37:05.0772 7372 LENOVO.TPKNRSVC - ok
10:37:05.0801 7372 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
10:37:05.0940 7372 Lenovo.VIRTSCRLSVC - ok
10:37:06.0083 7372 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:37:06.0281 7372 lltdio - ok
10:37:06.0380 7372 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:37:06.0681 7372 lltdsvc - ok
10:37:06.0712 7372 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:37:06.0967 7372 lmhosts - ok
10:37:07.0215 7372 [ 97F9EAAC985A663394CD8F54DCD3E73A ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:37:07.0248 7372 LMS - ok
10:37:07.0800 7372 [ 2098AF12149789FA6608422C8796F77C ] LNSUSvc C:\Notes\SUService.exe
10:37:07.0868 7372 LNSUSvc - ok
10:37:08.0186 7372 Lotus Notes Diagnostics - ok
10:37:09.0485 7372 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:37:09.0631 7372 LSI_FC - ok
10:37:09.0942 7372 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:37:10.0333 7372 LSI_SAS - ok
10:37:10.0453 7372 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:37:10.0600 7372 LSI_SAS2 - ok
10:37:10.0628 7372 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:37:10.0721 7372 LSI_SCSI - ok
10:37:10.0952 7372 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:37:11.0247 7372 luafv - ok
10:37:11.0814 7372 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:37:11.0885 7372 MBAMProtector - ok
10:37:13.0007 7372 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:37:13.0594 7372 MBAMScheduler - ok
10:37:13.0822 7372 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:37:14.0082 7372 MBAMService - ok
10:37:14.0205 7372 [ D8BA1ECBF0B9A4B4E1F3B7EB517D6C20 ] Mbm3CBus C:\Windows\system32\DRIVERS\Mbm3CBus.sys
10:37:14.0410 7372 Mbm3CBus - ok
10:37:14.0521 7372 [ 01E60917101B309E15F30DA26ACF64F6 ] Mbm3DevMt C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
10:37:14.0829 7372 Mbm3DevMt - ok
10:37:14.0882 7372 [ 6350A2CA21FB7B14432EFFDC61863AED ] Mbm3mdfl C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
10:37:14.0990 7372 Mbm3mdfl - ok
10:37:15.0065 7372 [ 9FC3A8713D148E15D0472E1C44DD0FDA ] Mbm3Mdm C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
10:37:15.0231 7372 Mbm3Mdm - ok
10:37:15.0307 7372 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:37:16.0612 7372 Mcx2Svc - ok
10:37:17.0063 7372 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
10:37:17.0375 7372 MDM ( UnsignedFile.Multi.Generic ) - warning
10:37:17.0375 7372 MDM - detected UnsignedFile.Multi.Generic (1)
10:37:17.0431 7372 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:37:17.0539 7372 mdmxsdk - ok
10:37:17.0581 7372 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:37:17.0674 7372 megasas - ok
10:37:17.0756 7372 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:37:17.0968 7372 MegaSR - ok
10:37:18.0107 7372 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:37:18.0200 7372 MEIx64 - ok
10:37:18.0296 7372 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:37:18.0472 7372 MMCSS - ok
10:37:18.0513 7372 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:37:18.0721 7372 Modem - ok
10:37:18.0757 7372 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:37:18.0878 7372 monitor - ok
10:37:18.0994 7372 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:37:19.0077 7372 mouclass - ok
10:37:19.0154 7372 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:37:19.0274 7372 mouhid - ok
10:37:19.0321 7372 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:37:19.0404 7372 mountmgr - ok
10:37:19.0563 7372 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:37:19.0671 7372 MozillaMaintenance - ok
10:37:19.0697 7372 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:37:19.0810 7372 mpio - ok
10:37:19.0864 7372 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:37:20.0044 7372 mpsdrv - ok
10:37:20.0304 7372 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:37:20.0595 7372 MpsSvc - ok
10:37:20.0627 7372 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:37:20.0788 7372 MRxDAV - ok
10:37:20.0844 7372 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:37:20.0970 7372 mrxsmb - ok
10:37:21.0011 7372 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:37:21.0131 7372 mrxsmb10 - ok
10:37:21.0172 7372 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:37:21.0267 7372 mrxsmb20 - ok
10:37:21.0375 7372 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:37:21.0419 7372 msahci - ok
10:37:21.0560 7372 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:37:21.0718 7372 msdsm - ok
10:37:21.0848 7372 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:37:22.0070 7372 MSDTC - ok
10:37:22.0100 7372 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:37:22.0242 7372 Msfs - ok
10:37:22.0282 7372 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:37:22.0572 7372 mshidkmdf - ok
10:37:22.0701 7372 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:37:22.0763 7372 msisadrv - ok
10:37:22.0874 7372 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:37:23.0057 7372 MSiSCSI - ok
10:37:23.0065 7372 msiserver - ok
10:37:23.0292 7372 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:37:23.0518 7372 MSKSSRV - ok
10:37:23.0561 7372 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:37:23.0739 7372 MSPCLOCK - ok
10:37:23.0766 7372 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:37:23.0903 7372 MSPQM - ok
10:37:23.0930 7372 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:37:24.0050 7372 MsRPC - ok
10:37:24.0082 7372 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:37:24.0139 7372 mssmbios - ok
10:37:24.0168 7372 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:37:24.0293 7372 MSTEE - ok
10:37:24.0308 7372 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:37:24.0389 7372 MTConfig - ok
10:37:24.0543 7372 [ FF54EA1617D15711690D5EF054512C21 ] Multi-user Cleanup Service C:\Notes\ntmulti.exe
10:37:24.0562 7372 Multi-user Cleanup Service - ok
10:37:24.0628 7372 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:37:24.0696 7372 Mup - ok
10:37:24.0819 7372 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:37:24.0986 7372 napagent - ok
10:37:25.0097 7372 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:37:25.0261 7372 NativeWifiP - ok
10:37:25.0906 7372 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:37:25.0987 7372 NDIS - ok
10:37:26.0187 7372 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:37:26.0406 7372 NdisCap - ok
10:37:26.0534 7372 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:37:26.0653 7372 NdisTapi - ok
10:37:26.0862 7372 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:37:27.0073 7372 Ndisuio - ok
10:37:27.0233 7372 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:37:27.0676 7372 NdisWan - ok
10:37:27.0800 7372 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:37:28.0022 7372 NDProxy - ok
10:37:28.0099 7372 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:37:28.0267 7372 NetBIOS - ok
10:37:28.0365 7372 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:37:28.0529 7372 NetBT - ok
10:37:28.0575 7372 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:37:28.0608 7372 Netlogon - ok
10:37:28.0860 7372 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:37:29.0059 7372 Netman - ok
10:37:29.0491 7372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:37:29.0583 7372 NetMsmqActivator - ok
10:37:29.0592 7372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:37:29.0618 7372 NetPipeActivator - ok
10:37:29.0671 7372 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:37:29.0869 7372 netprofm - ok
10:37:29.0878 7372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:37:29.0904 7372 NetTcpActivator - ok
10:37:29.0912 7372 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:37:29.0938 7372 NetTcpPortSharing - ok
10:37:31.0165 7372 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
10:37:32.0944 7372 NETwNs64 - ok
10:37:33.0037 7372 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:37:33.0139 7372 nfrd960 - ok
10:37:33.0195 7372 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:37:33.0324 7372 NlaSvc - ok
10:37:33.0620 7372 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:37:33.0768 7372 Npfs - ok
10:37:33.0797 7372 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:37:33.0928 7372 nsi - ok
10:37:33.0938 7372 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:37:34.0074 7372 nsiproxy - ok
10:37:34.0161 7372 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:37:34.0334 7372 Ntfs - ok
10:37:34.0441 7372 [ BB6C90108DD6A9B27FAA67849D89E02D ] ntrtscan C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
10:37:34.0640 7372 ntrtscan - ok
10:37:34.0657 7372 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:37:34.0789 7372 Null - ok
10:37:34.0832 7372 [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
10:37:34.0931 7372 NVHDA - ok
10:37:35.0318 7372 [ 7C7E6935E986C5237A883D2B82C654E2 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:37:36.0397 7372 nvlddmkm - ok
10:37:36.0431 7372 [ EE58A22403C31A23731DD2AD2CB707C8 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
10:37:36.0491 7372 nvpciflt - ok
10:37:36.0545 7372 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:37:36.0648 7372 nvraid - ok
10:37:36.0678 7372 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:37:36.0778 7372 nvstor - ok
10:37:36.0826 7372 [ E62E113D487958CBC5137AF65922DE4C ] NVSvc C:\Windows\system32\nvvsvc.exe
10:37:37.0034 7372 NVSvc - ok
10:37:37.0130 7372 [ 31D61EC056FAB73A911D9987099575E0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:37:37.0267 7372 nvUpdatusService - ok
10:37:37.0313 7372 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:37:37.0410 7372 nv_agp - ok
10:37:37.0487 7372 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:37:37.0645 7372 odserv - ok
10:37:37.0670 7372 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:37:37.0765 7372 ohci1394 - ok
10:37:37.0821 7372 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:37:37.0899 7372 ose - ok
10:37:38.0118 7372 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:37:38.0710 7372 osppsvc - ok
10:37:38.0765 7372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:37:38.0819 7372 p2pimsvc - ok
10:37:38.0882 7372 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:37:38.0989 7372 p2psvc - ok
10:37:39.0036 7372 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:37:39.0137 7372 Parport - ok
10:37:39.0184 7372 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:37:39.0263 7372 partmgr - ok
10:37:39.0305 7372 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:37:39.0431 7372 PcaSvc - ok
10:37:39.0454 7372 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:37:39.0563 7372 pci - ok
10:37:39.0597 7372 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:37:39.0655 7372 pciide - ok
10:37:39.0677 7372 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:37:39.0786 7372 pcmcia - ok
10:37:39.0806 7372 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:37:39.0884 7372 pcw - ok
10:37:39.0913 7372 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:37:40.0130 7372 PEAUTH - ok
10:37:40.0189 7372 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:37:40.0299 7372 PeerDistSvc - ok
10:37:40.0403 7372 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:37:40.0501 7372 PerfHost - ok
10:37:40.0575 7372 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:37:40.0859 7372 pla - ok
10:37:40.0916 7372 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:37:41.0026 7372 PlugPlay - ok
10:37:41.0043 7372 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:37:41.0118 7372 PNRPAutoReg - ok
10:37:41.0142 7372 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:37:41.0181 7372 PNRPsvc - ok
10:37:41.0222 7372 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:37:41.0337 7372 PolicyAgent - ok
10:37:41.0363 7372 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:37:41.0536 7372 Power - ok
10:37:41.0585 7372 [ 7A1E6CF32EDFF1F13186997FCA086FC7 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
10:37:41.0684 7372 Power Manager DBC Service - ok
10:37:41.0714 7372 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:37:41.0869 7372 PptpMiniport - ok
10:37:41.0885 7372 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:37:41.0965 7372 Processor - ok
10:37:42.0002 7372 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:37:42.0117 7372 ProfSvc - ok
10:37:42.0129 7372 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:37:42.0160 7372 ProtectedStorage - ok
10:37:42.0195 7372 [ 4A768FB063A38B0A78AD97617D3A04F5 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
10:37:42.0278 7372 psadd - ok
10:37:42.0294 7372 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:37:42.0501 7372 Psched - ok
10:37:42.0583 7372 [ 20EFF1CA8922F6A834261B985550A51D ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
10:37:42.0739 7372 PwmEWSvc - ok
10:37:42.0821 7372 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:37:43.0085 7372 ql2300 - ok
10:37:43.0104 7372 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:37:43.0189 7372 ql40xx - ok
10:37:43.0225 7372 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:37:43.0436 7372 QWAVE - ok
10:37:43.0451 7372 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:37:43.0546 7372 QWAVEdrv - ok
10:37:44.0521 7372 [ 9B35220786B06B61D19C54406904E6ED ] Radio.fx C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
10:37:45.0126 7372 Radio.fx - ok
10:37:45.0153 7372 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:37:45.0288 7372 RasAcd - ok
10:37:45.0317 7372 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:37:45.0467 7372 RasAgileVpn - ok
10:37:45.0490 7372 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:37:45.0649 7372 RasAuto - ok
10:37:45.0671 7372 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:37:45.0850 7372 Rasl2tp - ok
10:37:45.0875 7372 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:37:46.0058 7372 RasMan - ok
10:37:46.0086 7372 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:37:46.0232 7372 RasPppoe - ok
10:37:46.0249 7372 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:37:46.0379 7372 RasSstp - ok
10:37:46.0400 7372 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:37:46.0552 7372 rdbss - ok
10:37:46.0568 7372 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:37:46.0636 7372 rdpbus - ok
10:37:46.0657 7372 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:37:46.0746 7372 RDPCDD - ok
10:37:46.0784 7372 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:37:46.0874 7372 RDPDR - ok
10:37:46.0904 7372 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:37:47.0000 7372 RDPENCDD - ok
10:37:47.0008 7372 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:37:47.0105 7372 RDPREFMP - ok
10:37:47.0139 7372 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:37:47.0233 7372 RDPWD - ok
10:37:47.0249 7372 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:37:47.0338 7372 rdyboost - ok
10:37:47.0395 7372 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:37:47.0557 7372 RegSrvc - ok
10:37:47.0583 7372 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:37:47.0770 7372 RemoteAccess - ok
10:37:47.0798 7372 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:37:47.0990 7372 RemoteRegistry - ok
10:37:48.0025 7372 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:37:48.0158 7372 RFCOMM - ok
10:37:48.0183 7372 [ 819FE65AE1C0312B535B7AA54D30CFDA ] risdxc C:\Windows\system32\DRIVERS\risdxc64.sys
10:37:48.0301 7372 risdxc - ok
10:37:48.0324 7372 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:37:48.0508 7372 RpcEptMapper - ok
10:37:48.0553 7372 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:37:48.0643 7372 RpcLocator - ok
10:37:48.0706 7372 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:37:48.0814 7372 RpcSs - ok
10:37:48.0843 7372 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:37:48.0981 7372 rspndr - ok
10:37:49.0000 7372 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:37:49.0055 7372 s3cap - ok
10:37:49.0068 7372 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:37:49.0095 7372 SamSs - ok
10:37:49.0101 7372 SAService - ok
10:37:49.0116 7372 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:37:49.0181 7372 sbp2port - ok
10:37:49.0200 7372 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:37:49.0377 7372 SCardSvr - ok
10:37:49.0393 7372 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:37:49.0535 7372 scfilter - ok
10:37:49.0580 7372 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:37:49.0811 7372 Schedule - ok
10:37:49.0839 7372 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:37:49.0934 7372 SCPolicySvc - ok
10:37:49.0957 7372 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:37:50.0079 7372 SDRSVC - ok
10:37:50.0094 7372 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:37:50.0245 7372 secdrv - ok
10:37:50.0261 7372 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:37:50.0401 7372 seclogon - ok
10:37:50.0428 7372 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:37:50.0579 7372 SENS - ok
10:37:50.0594 7372 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:37:50.0680 7372 SensrSvc - ok
10:37:50.0713 7372 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:37:50.0798 7372 Serenum - ok
10:37:50.0817 7372 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:37:50.0929 7372 Serial - ok
10:37:50.0946 7372 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:37:51.0035 7372 sermouse - ok
10:37:51.0073 7372 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:37:51.0236 7372 SessionEnv - ok
10:37:51.0253 7372 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:37:51.0331 7372 sffdisk - ok
10:37:51.0345 7372 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:37:51.0418 7372 sffp_mmc - ok
10:37:51.0428 7372 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:37:51.0514 7372 sffp_sd - ok
10:37:51.0531 7372 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:37:51.0604 7372 sfloppy - ok
10:37:51.0638 7372 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:37:51.0848 7372 SharedAccess - ok
10:37:51.0875 7372 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:37:52.0039 7372 ShellHWDetection - ok
10:37:52.0071 7372 [ C3F190562FE82EFDA7CCEF305EBAD3E3 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
10:37:52.0145 7372 Shockprf - ok
10:37:52.0167 7372 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:37:52.0225 7372 SiSRaid2 - ok
10:37:52.0236 7372 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:37:52.0300 7372 SiSRaid4 - ok
10:37:52.0375 7372 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:37:53.0127 7372 SkypeUpdate - ok
10:37:53.0158 7372 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:37:53.0264 7372 Smb - ok
10:37:53.0322 7372 [ 3BC2844AF786CA422CC31D505ACFA9F2 ] smihlp2 C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
10:37:53.0358 7372 smihlp2 - ok
10:37:53.0396 7372 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:37:53.0452 7372 SNMPTRAP - ok
10:37:53.0466 7372 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:37:53.0529 7372 spldr - ok
10:37:53.0584 7372 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:37:53.0759 7372 Spooler - ok
10:37:53.0871 7372 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:37:54.0305 7372 sppsvc - ok
10:37:54.0323 7372 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:37:54.0449 7372 sppuinotify - ok
10:37:54.0524 7372 [ D2AEEB5C15B4B256DC4EC2CE8219B090 ] SROSVC C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
10:37:54.0681 7372 SROSVC - ok
10:37:54.0729 7372 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:37:54.0855 7372 srv - ok
10:37:54.0895 7372 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:37:55.0036 7372 srv2 - ok
10:37:55.0059 7372 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:37:55.0188 7372 SrvHsfHDA - ok
10:37:55.0233 7372 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:37:55.0677 7372 SrvHsfV92 - ok
10:37:55.0712 7372 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:37:55.0885 7372 SrvHsfWinac - ok
10:37:55.0907 7372 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:37:56.0082 7372 srvnet - ok
10:37:56.0119 7372 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:37:56.0263 7372 SSDPSRV - ok
10:37:56.0279 7372 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:37:56.0405 7372 SstpSvc - ok
10:37:56.0461 7372 [ 88C1BEE3CBE1B46A58730FDD0484BD3A ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:37:56.0585 7372 Stereo Service - ok
10:37:56.0606 7372 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:37:56.0661 7372 stexstor - ok
10:37:56.0704 7372 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:37:56.0833 7372 stisvc - ok
10:37:56.0859 7372 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:37:56.0916 7372 storflt - ok
10:37:56.0945 7372 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:37:57.0008 7372 StorSvc - ok
10:37:57.0025 7372 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:37:57.0070 7372 storvsc - ok
10:37:57.0106 7372 [ 6EA2F517373771CAC5188E82617C9C0B ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe
10:37:57.0158 7372 SUService ( UnsignedFile.Multi.Generic ) - warning
10:37:57.0158 7372 SUService - detected UnsignedFile.Multi.Generic (1)
10:37:57.0174 7372 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:37:57.0215 7372 swenum - ok
10:37:57.0252 7372 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:37:57.0401 7372 swprv - ok
10:37:57.0436 7372 [ 772493A8945495F1A287BF6C4CA25B48 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:37:57.0552 7372 SynTP - ok
10:37:57.0606 7372 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:37:57.0881 7372 SysMain - ok
10:37:57.0898 7372 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:37:58.0012 7372 TabletInputService - ok
10:37:58.0040 7372 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:37:58.0160 7372 TapiSrv - ok
10:37:58.0184 7372 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:37:58.0331 7372 TBS - ok
10:37:58.0415 7372 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:37:58.0714 7372 Tcpip - ok
10:37:58.0904 7372 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:37:59.0012 7372 TCPIP6 - ok
10:37:59.0053 7372 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:37:59.0133 7372 tcpipreg - ok
10:37:59.0163 7372 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:37:59.0238 7372 TDPIPE - ok
10:37:59.0280 7372 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:37:59.0366 7372 TDTCP - ok
10:37:59.0392 7372 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:37:59.0550 7372 tdx - ok
10:38:00.0066 7372 [ 576918B02840A360702051BC4269B13F ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
10:38:01.0328 7372 TeamViewer8 - ok
10:38:01.0376 7372 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:38:01.0442 7372 TermDD - ok
10:38:01.0478 7372 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:38:01.0662 7372 TermService - ok
10:38:01.0682 7372 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:38:01.0775 7372 Themes - ok
10:38:01.0808 7372 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:38:01.0932 7372 THREADORDER - ok
10:38:02.0001 7372 [ 55283E1FC92021AEBA8E1E5B7EBAD9D1 ] TmFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
10:38:02.0093 7372 TmFilter - ok
10:38:02.0170 7372 [ C3001F8027EA278070D3E44797007363 ] tmlisten C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
10:38:02.0285 7372 tmlisten - ok
10:38:02.0304 7372 [ 8F82EF40FA762354530236ABE302FA35 ] TmPreFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
10:38:02.0354 7372 TmPreFilter - ok
10:38:02.0390 7372 [ B55961FC9C78290F89538B4F932525B4 ] TmProxy C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
10:38:02.0436 7372 TmProxy - ok
10:38:02.0464 7372 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
10:38:02.0534 7372 tmtdi - ok
10:38:02.0557 7372 [ 1BB77ECCBFA3675B1EE8D6D6D37A1E1E ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
10:38:02.0610 7372 TPDIGIMN - ok
10:38:02.0640 7372 [ 88F81D810FF16AC65B02643DAF308D4F ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
10:38:02.0705 7372 TPHDEXLGSVC - ok
10:38:02.0747 7372 [ 2670D23A61CD706004C24A83D4D48294 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
10:38:02.0834 7372 TPHKLOAD - ok
10:38:02.0862 7372 [ CB0625C2F5B7C72C50C5AE34F8E8F7D0 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
10:38:03.0567 7372 TPHKSVC - ok
10:38:03.0644 7372 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
10:38:03.0712 7372 TPM - ok
10:38:03.0742 7372 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
10:38:03.0790 7372 TPPWRIF - ok
10:38:03.0824 7372 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:38:03.0997 7372 TrkWks - ok
10:38:04.0052 7372 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:38:04.0194 7372 TrustedInstaller - ok
10:38:04.0238 7372 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:38:04.0326 7372 tssecsrv - ok
10:38:04.0350 7372 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:38:04.0416 7372 TsUsbFlt - ok
10:38:04.0430 7372 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:38:04.0502 7372 TsUsbGD - ok
10:38:04.0546 7372 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:38:04.0633 7372 tunnel - ok
10:38:04.0656 7372 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:38:04.0713 7372 uagp35 - ok
10:38:04.0735 7372 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:38:04.0898 7372 udfs - ok
10:38:04.0932 7372 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:38:04.0996 7372 UI0Detect - ok
10:38:05.0018 7372 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:38:05.0067 7372 uliagpkx - ok
10:38:05.0088 7372 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:38:05.0152 7372 umbus - ok
10:38:05.0164 7372 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:38:05.0217 7372 UmPass - ok
10:38:05.0247 7372 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:38:05.0355 7372 UmRdpService - ok
10:38:05.0485 7372 [ A69CD6BDB82872999D2E46F9324ADA83 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:38:05.0634 7372 UNS - ok
10:38:05.0665 7372 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:38:05.0821 7372 upnphost - ok
10:38:05.0870 7372 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:38:05.0931 7372 USBAAPL64 - ok
10:38:05.0978 7372 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:38:06.0052 7372 usbaudio - ok
10:38:06.0092 7372 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:38:06.0171 7372 usbccgp - ok
10:38:06.0194 7372 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:38:06.0270 7372 usbcir - ok
10:38:06.0285 7372 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:38:06.0347 7372 usbehci - ok
10:38:06.0372 7372 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:38:06.0496 7372 usbhub - ok
10:38:06.0510 7372 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:38:06.0568 7372 usbohci - ok
10:38:06.0583 7372 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:38:06.0645 7372 usbprint - ok
10:38:06.0663 7372 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:38:06.0729 7372 USBSTOR - ok
10:38:06.0734 7372 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:38:06.0788 7372 usbuhci - ok
10:38:06.0815 7372 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:38:06.0895 7372 usbvideo - ok
10:38:06.0920 7372 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:38:07.0054 7372 UxSms - ok
10:38:07.0071 7372 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:38:07.0092 7372 VaultSvc - ok
10:38:07.0118 7372 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:38:07.0164 7372 vdrvroot - ok
10:38:07.0185 7372 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:38:07.0332 7372 vds - ok
10:38:07.0351 7372 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:38:07.0409 7372 vga - ok
10:38:07.0423 7372 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:38:07.0553 7372 VgaSave - ok
10:38:07.0573 7372 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:38:07.0649 7372 vhdmp - ok
10:38:07.0688 7372 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:38:07.0731 7372 viaide - ok
10:38:07.0913 7372 [ 2466C720A6A0059FB71B7E7F3BF01A73 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
10:38:07.0972 7372 VMAuthdService ( UnsignedFile.Multi.Generic ) - warning
10:38:07.0972 7372 VMAuthdService - detected UnsignedFile.Multi.Generic (1)
10:38:08.0026 7372 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:38:08.0120 7372 vmbus - ok
10:38:08.0132 7372 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:38:08.0179 7372 VMBusHID - ok
10:38:08.0212 7372 [ A133C6DE3D7ACCEE000F9FD4C1A716B2 ] vmci C:\Windows\system32\DRIVERS\vmci.sys
10:38:08.0261 7372 vmci - ok
10:38:08.0349 7372 [ B259C31378BC855AFD1B53F59311C251 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
10:38:08.0424 7372 VMnetAdapter - ok
10:38:08.0555 7372 [ DEC4CE720FFEDA939CF1BA315CFBD993 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
10:38:08.0642 7372 VMnetBridge - ok
10:38:08.0669 7372 VMnetDHCP - ok
10:38:08.0719 7372 [ A396F2A4CA291ACA5A4215823AAB7FBF ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
10:38:08.0797 7372 VMnetuserif - ok
10:38:08.0901 7372 [ 415B167695C4B5960A13098622EF3D80 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
10:38:08.0991 7372 vmusb - ok
10:38:09.0295 7372 [ 18903CA7936912C337C9D28858880CF2 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
10:38:09.0476 7372 VMUSBArbService - ok
10:38:09.0505 7372 VMware NAT Service - ok
10:38:09.0841 7372 [ 440CFC75B44D845BE07E73164448744B ] VMwareHostd C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
10:38:10.0381 7372 VMwareHostd ( UnsignedFile.Multi.Generic ) - warning
10:38:10.0381 7372 VMwareHostd - detected UnsignedFile.Multi.Generic (1)
10:38:10.0427 7372 [ 30D68099DAA30257B06E010799807BBE ] vmx86 C:\Windows\system32\drivers\vmx86.sys
10:38:10.0487 7372 vmx86 - ok
10:38:10.0518 7372 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:38:10.0583 7372 volmgr - ok
10:38:10.0603 7372 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:38:10.0700 7372 volmgrx - ok
10:38:10.0715 7372 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:38:10.0825 7372 volsnap - ok
10:38:10.0896 7372 [ BF63E3F8F1CED65F4F5AD22E0735B2E4 ] VSApiNt C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
10:38:11.0077 7372 VSApiNt - ok
10:38:11.0115 7372 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:38:11.0208 7372 vsmraid - ok
10:38:11.0279 7372 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:38:11.0648 7372 VSS - ok
10:38:11.0754 7372 [ 6107E33A30C0B923F31C872E1980D2D1 ] vstor2-mntapi10-shared C:\Windows\syswow64\drivers\vstor2-mntapi10-shared.sys
10:38:11.0841 7372 vstor2-mntapi10-shared - ok
10:38:11.0874 7372 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:38:12.0004 7372 vwifibus - ok
10:38:12.0028 7372 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:38:12.0141 7372 vwififlt - ok
10:38:12.0198 7372 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:38:12.0309 7372 vwifimp - ok
10:38:12.0388 7372 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:38:12.0513 7372 W32Time - ok
10:38:12.0547 7372 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:38:12.0626 7372 WacomPen - ok
10:38:12.0649 7372 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:38:12.0835 7372 WANARP - ok
10:38:12.0851 7372 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:38:12.0956 7372 Wanarpv6 - ok
10:38:13.0015 7372 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:38:13.0199 7372 wbengine - ok
10:38:13.0224 7372 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:38:13.0357 7372 WbioSrvc - ok
10:38:13.0386 7372 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:38:13.0538 7372 wcncsvc - ok
10:38:13.0555 7372 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:38:13.0659 7372 WcsPlugInService - ok
10:38:13.0675 7372 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:38:13.0749 7372 Wd - ok
10:38:13.0800 7372 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:38:13.0986 7372 Wdf01000 - ok
10:38:14.0007 7372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:38:14.0123 7372 WdiServiceHost - ok
10:38:14.0139 7372 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:38:14.0196 7372 WdiSystemHost - ok
10:38:14.0222 7372 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:38:14.0373 7372 WebClient - ok
10:38:14.0396 7372 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:38:14.0576 7372 Wecsvc - ok
10:38:14.0593 7372 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:38:14.0751 7372 wercplsupport - ok
10:38:14.0780 7372 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:38:14.0943 7372 WerSvc - ok
10:38:14.0985 7372 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:38:15.0125 7372 WfpLwf - ok
10:38:15.0143 7372 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:38:15.0214 7372 WIMMount - ok
10:38:15.0257 7372 [ 1EDBBF412A382550AF6EB35F5E46928E ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
10:38:15.0590 7372 winachsf - ok
10:38:15.0605 7372 WinDefend - ok
10:38:15.0631 7372 WinHttpAutoProxySvc - ok
10:38:15.0685 7372 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:38:15.0858 7372 Winmgmt - ok
10:38:15.0953 7372 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:38:16.0297 7372 WinRM - ok
10:38:16.0343 7372 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
10:38:16.0430 7372 WinUsb - ok
10:38:16.0471 7372 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:38:16.0671 7372 Wlansvc - ok
10:38:16.0707 7372 WMCoreService - ok
10:38:16.0748 7372 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:38:16.0825 7372 WmiAcpi - ok
10:38:16.0866 7372 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:38:16.0926 7372 wmiApSrv - ok
10:38:16.0954 7372 WMPNetworkSvc - ok
10:38:16.0982 7372 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:38:17.0069 7372 WPCSvc - ok
10:38:17.0088 7372 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:38:17.0155 7372 WPDBusEnum - ok
10:38:17.0173 7372 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:38:17.0337 7372 ws2ifsl - ok
10:38:17.0372 7372 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:38:17.0519 7372 wscsvc - ok
10:38:17.0527 7372 WSearch - ok
10:38:17.0628 7372 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:38:18.0011 7372 wuauserv - ok
10:38:18.0047 7372 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:38:18.0169 7372 WudfPf - ok
10:38:18.0195 7372 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:38:18.0327 7372 WUDFRd - ok
10:38:18.0361 7372 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:38:18.0484 7372 wudfsvc - ok
10:38:18.0528 7372 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
10:38:18.0680 7372 WwanSvc - ok
10:38:18.0732 7372 [ 63DD9FFD416D66959C9DA57D8B001531 ] WwanUsbServ C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
10:38:18.0851 7372 WwanUsbServ - ok
10:38:18.0883 7372 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
10:38:18.0951 7372 XAudio - ok
10:38:19.0014 7372 ================ Scan global ===============================
10:38:19.0035 7372 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:38:19.0111 7372 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
10:38:19.0211 7372 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
10:38:19.0261 7372 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:38:19.0531 7372 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:38:19.0540 7372 [Global] - ok
10:38:19.0541 7372 ================ Scan MBR ==================================
10:38:19.0585 7372 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:38:20.0022 7372 \Device\Harddisk0\DR0 - ok
10:38:20.0023 7372 ================ Scan VBR ==================================
10:38:20.0027 7372 [ D9007015BF41394173FC7C9D3CBFCBC0 ] \Device\Harddisk0\DR0\Partition1
10:38:20.0031 7372 \Device\Harddisk0\DR0\Partition1 - ok
10:38:20.0032 7372 ============================================================
10:38:20.0032 7372 Scan finished
10:38:20.0032 7372 ============================================================
10:38:20.0054 7276 Detected object count: 6
10:38:20.0054 7276 Actual detected object count: 6
10:39:05.0030 7276 acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:05.0030 7276 acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:05.0034 7276 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:05.0035 7276 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:05.0040 7276 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:05.0040 7276 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:05.0045 7276 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:05.0045 7276 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:05.0050 7276 VMAuthdService ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:05.0050 7276 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:39:05.0051 7276 VMwareHostd ( UnsignedFile.Multi.Generic ) - skipped by user
10:39:05.0052 7276 VMwareHostd ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:41:28.0915 7244 Deinitialize success
|
|
23.09.2013, 10:06
| #6 |
| /// TB-Ausbilder | TREND MICRO Office Scan meldet Bedrohungen ok. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ --> TREND MICRO Office Scan meldet Bedrohungen |
|
23.09.2013, 11:35
| #7 |
| | TREND MICRO Office Scan meldet Bedrohungen Hallo Leo, Ich kann leider Office Scan nicht beenden, da ich kein Passwort dafür habe und als ich Combofix ausführen wollte, kam diese Meldung  Darf ich trotzdem fortfahren ? Oder gibt es eine andere Möglichkeit OfficeScan zu deaktivieren ? hier ist die AdwCleaner Log-Datei: Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 23/09/2013 um 12:01:57
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ppack - ppack
# Gestartet von : C:\Users\ppack\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\barainst\AppData\Roaming\Mozilla\Firefox\Profiles\irf8dx67.default\prefs.js ]
[ Datei : C:\Users\ppack\AppData\Roaming\Mozilla\Firefox\Profiles\dosh1zv2.default-1371104754674\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\ppack\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7487 octets] - [21/09/2013 00:27:39]
AdwCleaner[R1].txt - [1166 octets] - [21/09/2013 00:35:46]
AdwCleaner[R2].txt - [1287 octets] - [21/09/2013 22:43:33]
AdwCleaner[R3].txt - [390 octets] - [22/09/2013 21:37:38]
AdwCleaner[R4].txt - [1406 octets] - [23/09/2013 11:55:55]
AdwCleaner[S0].txt - [7137 octets] - [21/09/2013 00:31:25]
AdwCleaner[S1].txt - [1228 octets] - [21/09/2013 00:53:11]
AdwCleaner[S2].txt - [1327 octets] - [23/09/2013 12:01:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1387 octets] ##########
|
|
23.09.2013, 11:46
| #8 | |
| /// TB-Ausbilder | TREND MICRO Office Scan meldet BedrohungenZitat:
__________________ cheers, Leo |
|
23.09.2013, 12:35
| #9 |
| | TREND MICRO Office Scan meldet Bedrohungen Hier sind noch mal die Logs: ComboFix: Code:
ATTFilter ComboFix 13-09-22.01 - tschumak 23.09.2013 12:52:45.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.16271.13141 [GMT 2:00]
ausgeführt von:: c:\users\tschumak\Desktop\ComboFix.exe
AV: Trend Micro OfficeScan Virenschutz *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro OfficeScan Spyware-Schutz *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Im Speicher befindliches AV aktiv.
.
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\ppack\AppData\Local\Google\Chrome\User Data\Default\preferences
c:\windows\SysWow64\SETF2C6.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-08-23 bis 2013-09-23 ))))))))))))))))))))))))))))))
.
.
2013-09-23 11:08 . 2013-09-23 11:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-23 11:08 . 2013-09-23 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-23 11:08 . 2013-09-23 11:08 -------- d-----w- c:\users\barainst\AppData\Local\temp
2013-09-23 08:52 . 2013-09-23 08:52 -------- d-----w- c:\users\ppack\AppData\Roaming\smkits
2013-09-23 06:14 . 2013-09-23 06:14 -------- d-----w- C:\FRST
2013-09-22 20:16 . 2013-09-22 20:16 -------- d-----w- c:\program files\Enigma Software Group
2013-09-22 20:15 . 2013-09-22 20:34 -------- d-----w- c:\windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-22 20:15 . 2013-09-22 20:15 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-09-20 22:27 . 2013-09-23 10:02 -------- d-----w- C:\AdwCleaner
2013-09-20 10:34 . 2013-09-20 10:34 -------- d-----w- c:\users\ppack\AppData\Roaming\Malwarebytes
2013-09-20 10:34 . 2013-09-20 10:34 -------- d-----w- c:\programdata\Malwarebytes
2013-09-20 10:34 . 2013-09-20 10:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-20 10:34 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-20 06:32 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F4E15605-BEFD-4C2A-BD85-F1FCCFD319F5}\mpengine.dll
2013-09-12 08:41 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-22 19:57 . 2012-04-16 10:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-22 19:57 . 2012-04-16 10:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-12 11:14 . 2012-01-13 13:17 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-12 08:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-14 18:29 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-14 18:29 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-14 18:29 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-14 18:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-14 18:29 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-14 18:29 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-14 18:29 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-14 18:29 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-14 18:29 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-14 18:29 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-14 18:29 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-14 18:29 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-14 18:29 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-14 18:29 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-14 18:28 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"RfxSrvTray"="c:\program files (x86)\Tobit Radio.fx\Client\rfx-tray.exe" [2013-02-07 1838872]
"NvCplWow64"="c:\users\ppack\AppData\Roaming\Microsoft Corporation\thetorPw.ml6" [2012-09-11 1099776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-07-04 1605992]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2011-01-17 112152]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2011-03-13 1375688]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-10-31 103576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-10-17 1213216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux7"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1267249724-2912316410-597184085-5665\Scripts\Logon\0\0]
"Script"=netusePpack.cmd
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1267249724-2912316410-597184085-6338\Scripts\Logon\0\0]
"Script"=netuseWI.cmd
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BFCRX;BFC Remote Executor;c:\windows\SysWOW64\BFCRX.exe;c:\windows\SysWOW64\BFCRX.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 LNSUSvc;Lotus Notes Smart Upgrade Service ;c:\notes\SUService.exe;c:\notes\SUService.exe [x]
S2 Lotus Notes Diagnostics;Lotus Notes-Diagnose;c:\notes\nsd.exe;c:\notes\nsd.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
S2 Radio.fx;Radio.fx Server;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe;c:\program files (x86)\Tobit Radio.fx\Server\rfx-server.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
S2 SROSVC;Screen Reading Optimizer Service Program;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe;c:\program files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [x]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode;c:\program files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 ecnssndis; Mobile Broadband Driver;c:\windows\system32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
S3 ecnssndisfltr; Mobile Broadband Driver Filter;c:\windows\system32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
S3 l36wgps; Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\l36wgps64.sys;c:\windows\SYSNATIVE\DRIVERS\l36wgps64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Mbm3CBus;F5521gw Mobile Broadband Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3CBus.sys [x]
S3 Mbm3DevMt; Mobile Broadband Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3DevMt.sys [x]
S3 Mbm3mdfl; Mobile Broadband Modem Port Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3mdfl.sys [x]
S3 Mbm3Mdm; Mobile Broadband Modem Port Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys;c:\windows\SYSNATIVE\DRIVERS\Mbm3Mdm.sys [x]
S3 WwanUsbServ;Mobile Broadband Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys;c:\windows\SYSNATIVE\DRIVERS\WwanUsbMp64.sys [x]
S4 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 19:57]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267249724-2912316410-597184085-6338Core.job
- c:\users\ppack\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-28 20:10]
.
2013-09-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267249724-2912316410-597184085-6338UA.job
- c:\users\ppack\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-28 20:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-12-16 41320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-14 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 85832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C2CC4E1C-D1AA-421A-ADA3-97BD3FB6565B}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{C33E2E22-E6DD-4DAD-8FA3-76F8B024F87C}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{E4850330-5FDC-4033-8DEF-FD2392B2DB90}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
DPF: {B94C2238-346E-4C5E-9B36-8CC627F35574}
FF - ProfilePath - c:\users\ppack\AppData\Roaming\Mozilla\Firefox\Profiles\dosh1zv2.default-1371104754674\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5786d022-540e-4699-b350-b4be0ae94b79} - (no file)
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-09-23 13:13:34
ComboFix-quarantined-files.txt 2013-09-23 11:13
.
Vor Suchlauf: 15 Verzeichnis(se), 141.044.355.072 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 142.997.987.328 Bytes frei
.
- - End Of File - - D1A2AB34178400EA9C5001C7595DCA3F
A36C5E4F47E84449FF07ED3517B43A31
Code:
ATTFilter # AdwCleaner v3.005 - Bericht erstellt am 23/09/2013 um 12:01:57
# Updated 22/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ppack - ppack
# Gestartet von : C:\Users\ppack\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\barainst\AppData\Roaming\Mozilla\Firefox\Profiles\irf8dx67.default\prefs.js ]
[ Datei : C:\Users\ppack\AppData\Roaming\Mozilla\Firefox\Profiles\dosh1zv2.default-1371104754674\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\ppack\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7487 octets] - [21/09/2013 00:27:39]
AdwCleaner[R1].txt - [1166 octets] - [21/09/2013 00:35:46]
AdwCleaner[R2].txt - [1287 octets] - [21/09/2013 22:43:33]
AdwCleaner[R3].txt - [390 octets] - [22/09/2013 21:37:38]
AdwCleaner[R4].txt - [1406 octets] - [23/09/2013 11:55:55]
AdwCleaner[S0].txt - [7137 octets] - [21/09/2013 00:31:25]
AdwCleaner[S1].txt - [1228 octets] - [21/09/2013 00:53:11]
AdwCleaner[S2].txt - [1327 octets] - [23/09/2013 12:01:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1387 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-09-2013
Ran by ppack (administrator) on ppack on 23-09-2013 13:24:58
Running from C:\Users\ppack\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(baramundi software AG) C:\Windows\SysWOW64\BFCRX.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\system32\CxAudMsg64.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(IBM Corp) C:\Notes\SUService.exe
(IBM) C:\Notes\nsd.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(IBM Corp) C:\Notes\ntmulti.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
() C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SAsrv.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\Speech\Common\sapisvr.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Tobit.Software) C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Farbar) C:\Users\ppack\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2010-12-16] (Lenovo Group Limited)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe [85832 2011-07-14] (Authentec Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [RfxSrvTray] - C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software)
HKCU\...\Run: [NvCplWow64] - %SystemRoot%\SysWOW64\Rundll32.exe "%AppData%\Microsoft Corporation\thetorPw.ml6",Control_RunDLL
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1605992 2011-07-04] (Lenovo Group Limited)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OfficeScanNT Monitor] - C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1375688 2011-03-14] (Trend Micro Inc.)
HKLM-x32\...\Run: [vmware-tray] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103576 2012-10-31] (VMware, Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [239720 2011-08-13] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9EB4CC373CD4CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {B94C2238-346E-4C5E-9B36-8CC627F35574}
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://access.ppack.de/dana-cached/sc/JuniperSetupClient.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 12 %SystemRoot%\system32\vsocklib.dll [63128] (VMware, Inc.)
Winsock: Catalog9 13 %SystemRoot%\system32\vsocklib.dll [63128] (VMware, Inc.)
Winsock: Catalog9-x64 12 %SystemRoot%\system32\vsocklib.dll [67224] (VMware, Inc.)
Winsock: Catalog9-x64 13 %SystemRoot%\system32\vsocklib.dll [67224] (VMware, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C2CC4E1C-D1AA-421A-ADA3-97BD3FB6565B}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{C33E2E22-E6DD-4DAD-8FA3-76F8B024F87C}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{E4850330-5FDC-4033-8DEF-FD2392B2DB90}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
====
FF ProfilePath: C:\Users\ppack\AppData\Roaming\Mozilla\Firefox\Profiles\dosh1zv2.default-1371104754674
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ppack\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ppack\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\ppack\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\ppack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\ppack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\ppack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\ppack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Skype Click to Call) - C:\Users\ppack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\ppack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ppack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 BFCRX; C:\Windows\SysWOW64\BFCRX.exe [609704 2012-04-20] (baramundi software AG)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-07-04] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 LNSUSvc; C:\Notes\SUService.exe [189832 2011-09-16] (IBM Corp)
R2 Lotus Notes Diagnostics; C:\Notes\nsd.exe [4453768 2011-09-16] (IBM)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Multi-user Cleanup Service; C:\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [2105976 2011-02-23] (Trend Micro Inc.)
R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] ()
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)
R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [2389448 2011-02-23] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [917768 2010-04-24] (Trend Micro Inc.)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11840000 2012-10-31] ()
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
==================== Drivers (Whitelisted) ====================
S1 acedrv07; C:\Windows\system32\drivers\acedrv07.sys [125440 2012-04-14] ()
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-23] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-23] (Ericsson AB)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-13] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-13] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-13] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-13] (MCCI Corporation)
R2 smihlp2; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344376 2012-07-17] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42808 2012-07-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-12-07] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2224952 2012-07-17] (Trend Micro Inc.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 CrystalSysInfo; \??\C:\Program Files (x86)\MediaCoder iPhone Edition\SysInfoX64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-23 13:24 - 2013-09-23 13:24 - 01955550 _____ (Farbar) C:\Users\ppack\Downloads\FRST64(1).exe
2013-09-23 13:14 - 2013-09-23 13:15 - 00025189 _____ C:\Users\ppack\Desktop\ComboFix.txt
2013-09-23 13:13 - 2013-09-23 13:13 - 00025208 _____ C:\ComboFix.txt
2013-09-23 12:28 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-23 12:28 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-23 12:28 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-23 12:28 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-23 12:28 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-23 12:28 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-23 12:28 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-23 12:28 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-23 12:05 - 2013-09-23 12:07 - 00001450 _____ C:\Users\ppack\Desktop\AdwCleaner[S2].txt
2013-09-23 11:58 - 2013-09-23 11:58 - 05129542 ____R (Swearware) C:\Users\ppack\Desktop\ComboFix.exe
2013-09-23 11:57 - 2013-09-23 11:58 - 05129542 _____ (Swearware) C:\Users\ppack\Downloads\ComboFix.exe
2013-09-23 11:55 - 2013-09-23 11:56 - 01042066 _____ C:\Users\ppack\Downloads\adwcleaner.exe
2013-09-23 10:52 - 2013-09-23 10:52 - 00000000 ____D C:\Users\ppack\AppData\Roaming\smkits
2013-09-23 10:35 - 2013-09-23 10:35 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\ppack\Downloads\tdsskiller.exe
2013-09-23 08:17 - 2013-09-23 08:24 - 00040142 _____ C:\Users\ppack\Downloads\Addition.txt
2013-09-23 08:14 - 2013-09-23 08:14 - 00000000 ____D C:\FRST
2013-09-23 08:12 - 2013-09-23 08:12 - 01955550 _____ (Farbar) C:\Users\ppack\Downloads\FRST64.exe
2013-09-22 22:17 - 2013-09-22 22:17 - 00000000 _____ C:\autoexec.bat
2013-09-22 22:16 - 2013-09-22 22:16 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-22 22:15 - 2013-09-22 22:34 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-21 00:27 - 2013-09-23 12:02 - 00000000 ____D C:\AdwCleaner
2013-09-20 12:34 - 2013-09-20 12:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ppack\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-20 12:34 - 2013-09-20 12:34 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\Users\ppack\AppData\Roaming\Malwarebytes
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-20 12:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-20 11:57 - 2013-09-23 13:13 - 00000000 ____D C:\Qoobox
2013-09-20 11:57 - 2013-09-23 13:11 - 00000000 ____D C:\Windows\erdnt
2013-09-19 20:17 - 2013-09-19 20:18 - 00000000 ____D C:\Users\ppack\Desktop\usb
2013-09-19 11:08 - 2013-09-19 20:26 - 00000000 ____D C:\Users\ppack\Desktop\Neuer Ordner (2)
2013-09-12 13:18 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 13:18 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 13:18 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 13:18 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 13:18 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 13:18 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 13:18 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 13:18 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 13:18 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 13:18 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 13:18 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 13:18 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 13:18 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 13:18 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 10:41 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 10:41 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 10:41 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 10:41 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 10:41 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 10:41 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 10:41 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 10:41 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 10:41 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 10:41 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 10:41 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 10:41 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 10:41 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 10:41 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 10:41 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 10:41 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 10:41 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 10:41 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 10:41 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 10:41 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 10:41 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 10:41 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 10:41 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 10:41 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 10:41 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 10:41 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 10:41 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-06 07:30 - 2013-09-06 07:30 - 00003216 ____N C:\bootsqm.dat
==================== One Month Modified Files and Folders =======
2013-09-23 13:24 - 2013-09-23 13:24 - 01955550 _____ (Farbar) C:\Users\ppack\Downloads\FRST64(1).exe
2013-09-23 13:21 - 2013-07-28 22:10 - 00001132 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267249724-2912316410-597184085-6338UA.job
2013-09-23 13:19 - 2012-01-16 12:46 - 00000000 ____D C:\ProgramData\VMware
2013-09-23 13:18 - 2012-04-03 10:57 - 00477768 _____ C:\SUService.log
2013-09-23 13:18 - 2012-01-12 14:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-23 13:18 - 2012-01-12 13:47 - 00611099 _____ C:\Windows\SysWOW64\bfcrx.log
2013-09-23 13:18 - 2010-11-21 05:47 - 00069918 _____ C:\Windows\PFRO.log
2013-09-23 13:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 13:18 - 2009-07-14 06:51 - 00150687 _____ C:\Windows\setupact.log
2013-09-23 13:17 - 2012-01-12 13:53 - 01297987 _____ C:\Windows\WindowsUpdate.log
2013-09-23 13:15 - 2013-09-23 13:14 - 00025189 _____ C:\Users\ppack\Desktop\ComboFix.txt
2013-09-23 13:13 - 2013-09-23 13:13 - 00025208 _____ C:\ComboFix.txt
2013-09-23 13:13 - 2013-09-20 11:57 - 00000000 ____D C:\Qoobox
2013-09-23 13:11 - 2013-09-20 11:57 - 00000000 ____D C:\Windows\erdnt
2013-09-23 13:10 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-23 12:57 - 2012-04-16 12:40 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-23 12:26 - 2009-07-14 06:45 - 00022000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-23 12:26 - 2009-07-14 06:45 - 00022000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-23 12:07 - 2013-09-23 12:05 - 00001450 _____ C:\Users\ppack\Desktop\AdwCleaner[S2].txt
2013-09-23 12:02 - 2013-09-21 00:27 - 00000000 ____D C:\AdwCleaner
2013-09-23 11:58 - 2013-09-23 11:58 - 05129542 ____R (Swearware) C:\Users\ppack\Desktop\ComboFix.exe
2013-09-23 11:58 - 2013-09-23 11:57 - 05129542 _____ (Swearware) C:\Users\ppack\Downloads\ComboFix.exe
2013-09-23 11:56 - 2013-09-23 11:55 - 01042066 _____ C:\Users\ppack\Downloads\adwcleaner.exe
2013-09-23 10:52 - 2013-09-23 10:52 - 00000000 ____D C:\Users\ppack\AppData\Roaming\smkits
2013-09-23 10:35 - 2013-09-23 10:35 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\ppack\Downloads\tdsskiller.exe
2013-09-23 08:24 - 2013-09-23 08:17 - 00040142 _____ C:\Users\ppack\Downloads\Addition.txt
2013-09-23 08:14 - 2013-09-23 08:14 - 00000000 ____D C:\FRST
2013-09-23 08:12 - 2013-09-23 08:12 - 01955550 _____ (Farbar) C:\Users\ppack\Downloads\FRST64.exe
2013-09-22 22:34 - 2013-09-22 22:15 - 00000000 ____D C:\Windows\86CA3695A4124BAE92B649A60C2AC663.TMP
2013-09-22 22:21 - 2013-07-28 22:10 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1267249724-2912316410-597184085-6338Core.job
2013-09-22 22:17 - 2013-09-22 22:17 - 00000000 _____ C:\autoexec.bat
2013-09-22 22:16 - 2013-09-22 22:16 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-09-22 21:57 - 2012-04-16 12:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-22 21:57 - 2012-04-16 12:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-22 21:57 - 2012-04-16 12:40 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-21 01:39 - 2012-01-12 14:29 - 00004132 _____ C:\Windows\system32\TmInstall.log
2013-09-20 13:26 - 2013-07-28 22:10 - 00002347 _____ C:\Users\ppack\Desktop\Google Chrome.lnk
2013-09-20 13:03 - 2012-01-12 13:45 - 00000336 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-20 12:40 - 2012-01-12 14:31 - 00009042 _____ C:\Windows\cfgall.ini
2013-09-20 12:34 - 2013-09-20 12:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ppack\Desktop\mbam-setup-1.75.0.1300.exe
2013-09-20 12:34 - 2013-09-20 12:34 - 00001115 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\Users\ppack\AppData\Roaming\Malwarebytes
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-20 12:34 - 2013-09-20 12:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-20 11:58 - 2012-01-16 12:46 - 00000000 ____D C:\Users\ppack\AppData\Roaming\VMware
2013-09-20 11:58 - 2012-01-16 12:44 - 00000000 ____D C:\Users\ppack\AppData\Local\VMware
2013-09-20 11:46 - 2013-03-05 10:49 - 00000000 ____D C:\Users\ppack\Desktop\itusc75demo-rtm-en0313
2013-09-20 08:47 - 2013-03-01 23:46 - 00000000 ____D C:\Users\ppack\Desktop\Anleitungen MAXIMO
2013-09-20 08:23 - 2013-02-12 13:19 - 00000000 ____D C:\Users\ppack\Desktop\Pr
2013-09-19 20:26 - 2013-09-19 11:08 - 00000000 ____D C:\Users\ppack\Desktop\Neuer Ordner (2)
2013-09-19 20:24 - 2013-06-12 16:51 - 00000000 ____D C:\Users\ppack\Desktop\image
2013-09-19 20:18 - 2013-09-19 20:17 - 00000000 ____D C:\Users\ppack\Desktop\usb
2013-09-19 12:35 - 2011-04-12 09:43 - 01590370 _____ C:\Windows\system32\perfh007.dat
2013-09-19 12:35 - 2011-04-12 09:43 - 00434618 _____ C:\Windows\system32\perfc007.dat
2013-09-19 12:35 - 2009-07-14 07:13 - 00006894 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-17 14:02 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-17 10:33 - 2013-01-23 14:20 - 00001096 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-09-12 18:00 - 2012-01-13 11:55 - 00000000 ___RD C:\Users\ppack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 18:00 - 2012-01-13 11:55 - 00000000 ___RD C:\Users\ppack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 17:56 - 2009-07-14 06:45 - 00353016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 13:18 - 2013-07-20 14:18 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 13:14 - 2012-01-13 15:17 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 13:14 - 2012-01-12 15:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-07 00:41 - 2012-01-16 13:05 - 00000000 ____D C:\Users\ppack\AppData\Roaming\Skype
2013-09-06 07:30 - 2013-09-06 07:30 - 00003216 ____N C:\bootsqm.dat
2013-09-05 07:09 - 2009-07-14 04:34 - 00000450 _____ C:\Windows\win.ini
2013-08-31 12:13 - 2013-04-05 11:49 - 00000000 ____D C:\Users\ppack\Desktop\Online
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-02 07:37
==================== End Of Log ============================
Danke noch mal !!!! |
|
23.09.2013, 13:21
| #10 |
| /// TB-Ausbilder | TREND MICRO Office Scan meldet Bedrohungen Ja da läuft noch Malware... Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...\Run: [NvCplWow64] - %SystemRoot%\SysWOW64\Rundll32.exe "%AppData%\Microsoft Corporation\thetorPw.ml6",Control_RunDLL
C:\Users\ppack\AppData\Roaming\Microsoft Corporation\thetorPw.ml6
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
REG: reg query "HKCU\Software\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}" /s
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ cheers, Leo |
|
23.09.2013, 13:30
| #11 |
| | TREND MICRO Office Scan meldet Bedrohungen Hier ist die Fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2013
Ran by ppack at 2013-09-23 14:29:20 Run:1
Running from C:\Users\ppack\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\...\Run: [NvCplWow64] - %SystemRoot%\SysWOW64\Rundll32.exe "%AppData%\Microsoft Corporation\thetorPw.ml6",Control_RunDLL
C:\Users\ppack\AppData\Roaming\Microsoft Corporation\thetorPw.ml6
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} URL = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=412&sr=0&q={searchTerms}
REG: reg query "HKCU\Software\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}" /s
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplWow64 => Value deleted successfully.
"C:\Users\ppack\AppData\Roaming\Microsoft Corporation\thetorPw.ml6" => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2412} => Key not found.
========= reg query "HKCU\Software\Classes\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}" /s =========
FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.
========= End of Reg: =========
==== End of Fixlog ====
|
|
23.09.2013, 13:39
| #12 |
| /// TB-Ausbilder | TREND MICRO Office Scan meldet Bedrohungen Ok, weiter: Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.
__________________ cheers, Leo |
|
23.09.2013, 14:06
| #13 |
| | TREND MICRO Office Scan meldet Bedrohungen Hallo Leo, ich kann leider sie Seite (hxxp://jpshortstuff.247fixes.com/SystemLook_x64.exe) mit SystemLook nicht öffnen. Office Scan sperrt mir die Seite. Was soll ich machen ? Ich konnte doch was runterladen. Hier ist die Log Datei Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 15:03 on 23/09/2013 by ppack
(Limited User)
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "*thetorPw*"
C:\Users\ppack\AppData\Roaming\Microsoft Corporation\thetorPw.ml6 --a---- 1099776 bytes [12:38 11/09/2012] [12:38 11/09/2012] 724062351155106208DB31D83923A1A1
========== regfind ==========
Searching for "thetorPw"
No data found.
-= EOF =-
|
|
23.09.2013, 14:13
| #14 |
| /// TB-Ausbilder | TREND MICRO Office Scan meldet Bedrohungen Hast du eine Datei SystemLook_x64.exe heruntergeladen oder eine SystemLook.exe? Und hast du sie mit Rechtsklick -> als Administrator ausgeführt?
__________________ cheers, Leo |
|
23.09.2013, 14:36
| #15 |
| | TREND MICRO Office Scan meldet Bedrohungen Jetz aber. Ich musste die Datei auf einem anderen Pc runterladen, da OfficeScan hier mir die Seite gesperrt hat. Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 15:32 on 23/09/2013 by ppack
(Limited User)
========== filefind ==========
Searching for "*thetorPw*"
C:\Users\ppack\AppData\Roaming\Microsoft Corporation\thetorPw.ml6 --a---- 1099776 bytes [12:38 11/09/2012] [12:38 11/09/2012] 724062351155106208DB31D83923A1A1
========== regfind ==========
Searching for "thetorPw"
No data found.
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB_SD&REV_2.07#V2.07___&1#]
"DeviceDesc"="USB SD "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB_SD&REV_2.07#V2.07___&1#]
"DeviceDesc"="USB SD "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_INTENSO&PROD_USB_SD&REV_2.07#V2.07___&1#]
"DeviceDesc"="USB SD "
[HKEY_USERS\S-1-5-21-3528050018-778886744-3826563672-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\ppack\Downloads\sametime-connect-win-7.5.1.exe"="Setup Launcher "
[HKEY_USERS\S-1-5-21-3528050018-778886744-3826563672-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\ppack\Downloads\sametime-connect-win-7.5.1.exe"="Setup Launcher "
-= EOF =-
|
|
| Themen zu TREND MICRO Office Scan meldet Bedrohungen |
| abschalten, bedrohungen, benachrichtigungen, bild, entdeck, entdeckt, folge, folgende, gen, hallo zusammen, melde, meldet, meldung, micro, office, officescan, scan, seite, trend, trend micro, verstoß, zusammen |
WARNUNG an die MITLESER: 
Linear-Darstellung
