browser hijacked qvo6.com malware

**Benutzer** · 2013-05-30, 15:38

Hello from a new member of this Forum.

Apologise in advance. I'm from Germany and English is not my mother language, so might get some problems for me to understand everything.

I'm on nearly the same problem as the user in thread *browser hijacked* http://forums.spybot.info/showthread...owser-hijacked a few days ago. ken545 was the friendly helper there.

Problem:
qvo6.com spam site gets opened in a tab when starting IE or Firefox.
Removing the link from the IE or Firefox setup doesn't help.

I've tried to fix it with spybot with no success.
Did the ERUNT process.
Followed the steps with Adwcleaner, OTL to analyse the problem source from the above thread until the instructions of post #17
http://forums.spybot.info/showthread...l=1#post441426
Did nothing to OTL cause I do not have the *1-click run* problem in my log files. I've stopped there at #17.

This is my DDS.txt as follows, and the other are attached including aswMBR.txt
attach.zip
aswMBR.txt

Virus scanner was disabled when I did the steps from the other thread. Also there is a wanted tool installed that looks like malware, but is not
Extensions\\gacela2@nurago.com: C:\Program Files\Digital Trends Club\ <<---- wanted and known extension, doesn't harm

Looking forward to your kind help

Regards
Peter
-----------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by HEF01 at 14:38:16 on 2013-05-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3060.637 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Windows\system32\cjpcsc.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe
C:\Program Files\HI-epanelLSPService\HI-epanelLSPService.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
C:\Program Files\Twonky\TwonkyServer\twonkyproxy.exe
C:\Program Files\Twonky\TwonkyServer\twonkystarter.exe
C:\Program Files\Twonky\TwonkyServer\twonkywebdav.exe
C:\Program Files\Mobile Partner Manager\AssistantServices.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\LENOVO\HOTKEY\shtctky.exe
C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe
C:\Program Files\Lenovo\Access Connections\ACTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HI-epanelLSPService\HI-epanel-WatchDog.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Mobile Partner Manager\UIExec.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Users\HEF01\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Users\HEF01\AppData\Local\Akamai\netsession_win.exe
C:\Users\HEF01\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\HEF01\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe
C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
C:\Program Files\Wertpapieranalyse 2012\wm60.exe
C:\Program Files\Bagusoft Password Safe\pwsafe.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\Program Files\Lexware\Quicken\2012\qw.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Users\HEF01\Downloads\OTL.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uProxyServer = localhost:21320
uProxyOverride = <local>;192.168.*.*
BHO: Digital Trends Club: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - c:\program files\digital trends club\Gacela2.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: loadtbs: {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - LocalServer32 - <no file>
TB: loadtbs: {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - LocalServer32 - <no file>
uRun: [Google Update] "c:\users\hef01\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe" -automount
uRun: [SkyDrive] "c:\users\hef01\appdata\local\microsoft\skydrive\SkyDrive.exe" /background
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Akamai NetSession Interface] "c:\users\hef01\appdata\local\akamai\netsession_win.exe"
mRun: [IMSS] "c:\program files\intel\intel(r) management engine components\imss\PIconStartup.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [LENOVO.TPKNRRES] c:\program files\lenovo\communications utility\TPKNRRES.exe
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [RotateImage] c:\program files\integrated camera driver\RCIMGDIR.exe
mRun: [ACTray] c:\program files\lenovo\access connections\ACTray.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HI-epanel-WatchDog] "c:\program files\hi-epanellspservice\HI-epanel-WatchDog.exe" /Debug
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [FLxHCIm] "c:\program files\fresco logic inc\fresco logic usb3.0 host controller\host\FLxHCIm.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [UIExec] "c:\program files\mobile partner manager\UIExec.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [Del224411197] cmd.exe /Q /D /c del "c:\users\hef01\appdata\local\temp\0.del"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\hef01\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\key-or~1.lnk - c:\program files\aidex\keyorganizer\KeyOrganizer.exe
StartupFolder: c:\users\hef01\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\hef01\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} - c:\program files\digital trends club\Gacela2.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
LSP: c:\windows\system32\HI-epanelLSPService.DLL
LSP: bmnet.dll
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.178.36/codebase/DVM_IPCam2.ocx
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.178.1
TCP: Interfaces\{B124AEFE-892C-45A4-BB75-ED6063CFEE11} : DHCPNameServer = 212.166.210.80 212.73.32.67
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\349414D234845434B4D284546423 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\349414F503731323 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\5416379724F687D2837323441383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\64259445A51224F6870264F6E60275C414E40273237303 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\64259445A51224F6870264F6E60275C414E40273339303 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\8405531333434343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C30E95C5-1EAB-47D9-8269-FEAC4967E119}\D6F63757378696 : DHCPNameServer = 192.168.178.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: psfus - c:\program files\thinkvantage fingerprint software\psqlpwd.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli ACGina c:\program files\thinkvantage fingerprint software\psqlpwd.dll
IFEO: avnotify.exe - null.exe
IFEO: ipmgui.exe - null.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hef01\appdata\roaming\mozilla\firefox\profiles\xxhc2iuc.default-1361923398100\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\siz\sizchip-plugin\mozilla-20\npS-Chip-Add-On-Mozilla-2021.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\vlc\npvlc.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\hef01\appdata\local\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\users\hef01\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-17 21:17; fb_add_on@avm.de; c:\users\hef01\appdata\roaming\mozilla\firefox\profiles\xxhc2iuc.default-1361923398100\extensions\fb_add_on@avm.de
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-1-4 25416]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2013-3-20 50248]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2013-3-20 41544]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-12-28 22344]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-5-25 36000]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2011-4-16 14949]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2013-3-20 15944]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-3-20 186952]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-3-19 7936]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-6-27 13680]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-5-25 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-5-25 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-5-25 83392]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2012-8-23 104240]
R2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2011-4-16 506288]
R2 EaseUS Agent;EaseUS Agent Service;c:\program files\easeus\todo backup\bin\Agent.exe [2013-3-20 68168]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-1-5 48640]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\thinkvantage fingerprint software\smihlp.sys [2011-5-30 11976]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2011-9-8 132864]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\drivers\AmpPal.sys [2012-7-18 143360]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\drivers\avmaura.sys [2013-4-21 105728]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2012-11-15 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-11-15 29472]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2012-2-2 388264]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-1-4 72832]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-1-4 125696]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-30 22856]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\Netwsn00.sys [2012-9-30 10383360]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-4-1 22640]
R3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\drivers\qcfilterlno2k.sys [2010-6-25 5248]
R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\drivers\qcusbnetlno2k.sys [2011-5-23 375296]
R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\drivers\qcusbserlno2k.sys [2011-5-23 190848]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2013-4-3 38200]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2012-12-5 25088]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-10-9 38336]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2012-7-18 509456]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\alcohol soft\alcohol 52\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\drivers\AmpPal.sys [2012-7-18 143360]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\drivers\cjusb.sys [2011-4-16 28144]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-9-8 280640]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-1-4 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-1-4 348160]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2010-11-19 174080]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2010-11-19 38400]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-2-14 49664]
S3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-1-4 9216]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-8 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\drivers\tapoas.sys [2012-7-15 26112]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-8 49664]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2012-1-4 114688]
S3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\drivers\zteusbvoice.sys [2012-1-4 105856]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="c:\program files\macromedia\dreamweaver 4\Dreamweaver.exe" "%1"
.
=============== Created Last 30 ================
.
2013-05-30 11:35:07 -------- d-----w- c:\users\hef01\appdata\roaming\Malwarebytes
2013-05-30 11:34:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-30 11:34:45 -------- d-----w- c:\programdata\Malwarebytes
2013-05-30 11:34:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-30 10:40:44 -------- d-----w- c:\windows\ERUNT
2013-05-30 10:40:30 -------- d-----w- C:\JRT
2013-05-29 23:51:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-29 23:51:02 15224 ----a-w- c:\windows\system32\sdnclean.exe
2013-05-29 23:50:58 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-05-28 13:59:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-05-28 13:59:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-05-28 13:59:25 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-05-28 13:59:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-05-28 13:59:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-05-28 08:29:37 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{71b3c438-1eb4-4750-86c1-59f2f24b38c3}\offreg.dll
2013-05-28 08:07:29 7016152 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{71b3c438-1eb4-4750-86c1-59f2f24b38c3}\mpengine.dll
2013-05-23 19:28:00 -------- d-----w- c:\users\hef01\.thumbnails
2013-05-23 19:23:50 -------- d-----w- c:\users\hef01\appdata\local\fontconfig
2013-05-23 19:23:49 -------- d-----w- c:\users\hef01\.gimp-2.8
2013-05-23 19:23:48 -------- d-----w- c:\users\hef01\appdata\local\gegl-0.2
2013-05-23 19:19:41 -------- d-----w- c:\program files\GIMP 2
2013-05-23 19:18:48 -------- d-----w- c:\program files\common files\337
2013-05-23 19:18:45 -------- d-----w- c:\programdata\eSafe
2013-05-23 19:17:41 -------- d-----w- c:\users\hef01\appdata\local\Temp6d0f0d5e9b2f9168be1f2b87cf34f9e2
2013-05-23 19:17:36 -------- d-----w- c:\users\hef01\ChromeExtensions
2013-05-23 19:17:36 -------- d-----w- c:\users\hef01\appdata\local\Tempe46dda8bb39b9c8e8cfd4432b6411a3c
2013-05-23 19:17:36 -------- d-----w- c:\users\hef01\appdata\local\Tempd24b12627639ae220aaee1670257cc72
2013-05-23 19:17:35 -------- d-----w- c:\users\hef01\appdata\roaming\eIntaller
2013-05-21 13:57:00 383616 ----a-w- c:\windows\system32\HI-epanelLSPService64.dll
2013-05-21 13:57:00 316032 ----a-w- c:\windows\system32\HI-epanelLSPService.dll
2013-05-20 15:01:17 -------- d-----w- c:\users\hef01\appdata\roaming\IPCamWizard
2013-05-20 15:01:14 -------- d-----w- c:\program files\IP Camera Wizard
2013-05-15 07:46:43 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 07:46:43 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 07:46:38 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 07:46:29 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 07:46:29 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 07:46:21 101720 ----a-w- c:\windows\system32\consent.exe
2013-05-15 07:46:20 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 07:46:20 1796096 ----a-w- c:\windows\system32\authui.dll
2013-05-14 22:08:09 9195912 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-11 10:37:28 209472 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-05-06 23:56:24 59816 ----a-r- c:\users\hef01\appdata\roaming\microsoft\installer\{1d2ff661-4402-4d75-aa40-b23fcaf81d32}\ARPPRODUCTICON.exe
2013-05-06 16:13:26 126976 ----a-w- c:\windows\system32\GPEapSim.dll
2013-05-06 16:09:49 13824 ----a-w- c:\windows\system32\drivers\ZTEusbccid.sys
2013-05-06 16:09:32 -------- d-----w- c:\windows\system32\SupportAppCB
2013-05-06 16:09:20 -------- d-----w- c:\program files\Mobile Partner Manager
2013-05-06 08:07:14 -------- d-----w- c:\program files\common files\SPBA
2013-05-04 00:08:20 39936 ----a-w- c:\windows\system32\capi2032.dll
2013-05-03 22:49:49 62736 ----a-w- c:\program files\common files\system\ole db\msdatl2.dll
2013-05-03 22:49:49 5392 ----a-w- c:\program files\common files\system\ole db\OLEDB32X.DLL
2013-05-03 22:49:41 7952 ----a-w- c:\windows\system32\odbccp32.cpl
2013-05-02 14:15:52 227656 ----a-w- c:\windows\system32\ddBACCTM.cpl
2013-05-02 14:15:50 825672 ----a-w- c:\windows\system32\Ddbaccpl.cpl
2013-05-01 23:19:48 54576 ----a-w- c:\windows\system32\FritzPort.dll
2013-05-01 23:19:48 54576 ----a-w- c:\windows\system32\FritzColorPort.dll
2013-05-01 23:19:48 451888 ----a-w- c:\windows\system32\HHActiveX.dll
2013-05-01 23:19:48 42288 ----a-w- c:\windows\system32\Fridru32.dll
2013-05-01 23:19:47 -------- d-----w- c:\users\hef01\appdata\roaming\FRITZ!fax für FRITZ!Box
2013-05-01 23:19:47 -------- d-----w- c:\programdata\ISDNWatch
2013-05-01 23:19:47 -------- d-----w- c:\program files\FRITZ!
2013-05-01 23:13:14 328704 ----a-w- c:\windows\IsUn0407.exe
2013-05-01 01:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
==================== Find3M ====================
.
2013-05-14 22:08:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 22:08:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-07 07:54:15 532208 ----a-w- c:\windows\system32\SynCOM.dll
2013-05-07 07:54:15 143088 ----a-w- c:\windows\system32\SynTPCo16.dll
2013-05-07 07:54:10 175856 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-05-07 07:54:09 355056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-05-02 00:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-23 04:54:00 3752744 ------w- c:\windows\system32\PWMCP32V.cpl
2013-04-23 04:54:00 2692904 ------w- c:\windows\PWMBTHLV.EXE
2013-04-23 04:54:00 25416 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2013-04-23 04:54:00 19712 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2013-04-21 10:03:07 105728 ----a-w- c:\windows\system32\drivers\avmaura.sys
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-05 05:28:24 1767424 ----a-w- c:\windows\system32\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-04-05 04:29:45 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-04-05 03:38:25 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-04-04 03:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-22 00:26:10 4082688 ----a-w- c:\windows\system32\qtintf70.dll
2013-03-19 17:06:54 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-10 17:11:52 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-10 17:11:52 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: WDC_WD75 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8381A000]<< >>UNKNOWN [0x8C200000]<< >>UNKNOWN [0x8C3E5000]<< >>UNKNOWN [0x83FA4000]<< >>UNKNOWN [0x83C2D000]<< >>UNKNOWN [0x8C41D000]<< >>UNKNOWN [0x8C0B5000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83850BC5] -> \Device\Harddisk0\DR0[0x89266A28]
\Driver\Disk[0x89264238] -> IRP_MJ_CREATE -> 0x8C20439F
3 [0x8C20459E] -> ntkrnlpa!IofCallDriver[0x83850BC5] -> [0x8732C950]
\Driver\ACPI[0x8657AE48] -> IRP_MJ_CREATE -> 0x83FAD4CC
5 [0x83FAD3D4] -> ntkrnlpa!IofCallDriver[0x83850BC5] -> \Device\Ide\IAAStorageDevice-1[0x87378028]
\Driver\iaStor[0x87319B00] -> IRP_MJ_CREATE -> 0x8C486F20
kernel: MBR read successfully
_asm { JMP 0x10; }
user & kernel MBR OK
error: Read Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:39:31,37 ===============

**Benutzer** · 2013-06-14, 21:07

Still suffering from that crap.

Nobody able to help ??

**oldman960** · 2013-07-01, 21:36

Hi Benutzer, welcome to the forum.

To make cleaning this machine easier

Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

**Benutzer** · 2013-07-01, 22:11

Hello oldman960,
many thanks for your kind offer to help.
I did the download and scan, with no result on malicious stuff.

Here is the window of TDSSKiller I had at the end of the process and below the report.
tdsskiller.jpg

21:50:38.0500 14664 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:50:39.0129 14664 ============================================================
21:50:39.0129 14664 Current date / time: 2013/07/01 21:50:39.0129
21:50:39.0129 14664 SystemInfo:
21:50:39.0129 14664
21:50:39.0129 14664 OS Version: 6.1.7601 ServicePack: 1.0
21:50:39.0129 14664 Product type: Workstation
21:50:39.0130 14664 ComputerName: HEF01-THINK
21:50:39.0130 14664 UserName: HEF01
21:50:39.0130 14664 Windows directory: C:\Windows
21:50:39.0130 14664 System windows directory: C:\Windows
21:50:39.0130 14664 Processor architecture: Intel x86
21:50:39.0130 14664 Number of processors: 4
21:50:39.0130 14664 Page size: 0x1000
21:50:39.0130 14664 Boot type: Normal boot
21:50:39.0130 14664 ============================================================
21:50:40.0236 14664 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
21:50:40.0243 14664 ============================================================
21:50:40.0243 14664 \Device\Harddisk0\DR0:
21:50:40.0243 14664 MBR partitions:
21:50:40.0243 14664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x259AF1
21:50:40.0243 14664 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x259B30, BlocksNum 0x55F694D0
21:50:40.0243 14664 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x561C3000, BlocksNum 0x13836F0
21:50:40.0243 14664 ============================================================
21:50:40.0265 14664 C: <-> \Device\Harddisk0\DR0\Partition2
21:50:40.0331 14664 D: <-> \Device\Harddisk0\DR0\Partition3
21:50:40.0513 14664 ============================================================
21:50:40.0513 14664 Initialize success
21:50:40.0513 14664 ============================================================
21:52:17.0155 6752 ============================================================
21:52:17.0155 6752 Scan started
21:52:17.0155 6752 Mode: Manual; SigCheck; TDLFS;
21:52:17.0155 6752 ============================================================
21:52:19.0650 6752 ================ Scan services =============================
21:52:19.0835 6752 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:52:19.0991 6752 1394ohci - ok
21:52:20.0047 6752 [ 400E37A671FFC7FF3E713B72C4E23D3F ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
21:52:20.0140 6752 5U877 - ok
21:52:20.0175 6752 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:52:20.0209 6752 ACPI - ok
21:52:20.0242 6752 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:52:20.0331 6752 AcpiPmi - ok
21:52:20.0430 6752 [ 6C4B9E202A497782070CE383CBD5D737 ] AcPrfMgrSvc C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
21:52:20.0455 6752 AcPrfMgrSvc - ok
21:52:20.0489 6752 [ B3BF04C7E3E4FB0925BB4F8422763A3D ] AcSvc C:\Program Files\Lenovo\Access Connections\AcSvc.exe
21:52:20.0537 6752 AcSvc - ok
21:52:20.0651 6752 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:52:20.0674 6752 AdobeARMservice - ok
21:52:20.0784 6752 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:52:20.0813 6752 AdobeFlashPlayerUpdateSvc - ok
21:52:20.0869 6752 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:52:20.0983 6752 adp94xx - ok
21:52:21.0015 6752 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:52:21.0068 6752 adpahci - ok
21:52:21.0083 6752 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:52:21.0123 6752 adpu320 - ok
21:52:21.0151 6752 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:52:21.0263 6752 AeLookupSvc - ok
21:52:21.0360 6752 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:52:21.0461 6752 AFD - ok
21:52:21.0525 6752 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:52:21.0560 6752 agp440 - ok
21:52:21.0580 6752 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:52:21.0638 6752 aic78xx - ok
21:52:21.0669 6752 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:52:21.0740 6752 ALG - ok
21:52:21.0750 6752 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:52:21.0780 6752 aliide - ok
21:52:21.0957 6752 [ 8AD87BCFE33EC53BC477C7573CCA4D52 ] AllShare Framework DMS C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe
21:52:21.0987 6752 AllShare Framework DMS - ok
21:52:22.0029 6752 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:52:22.0062 6752 amdagp - ok
21:52:22.0073 6752 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:52:22.0103 6752 amdide - ok
21:52:22.0120 6752 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:52:22.0191 6752 AmdK8 - ok
21:52:22.0238 6752 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:52:22.0275 6752 AmdPPM - ok
21:52:22.0331 6752 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:52:22.0365 6752 amdsata - ok
21:52:22.0407 6752 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:52:22.0444 6752 amdsbs - ok
21:52:22.0460 6752 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:52:22.0494 6752 amdxata - ok
21:52:22.0543 6752 [ BFBC089F347B3935350D37053483AA64 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
21:52:22.0626 6752 AMPPAL - ok
21:52:22.0684 6752 [ BFBC089F347B3935350D37053483AA64 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
21:52:22.0709 6752 AMPPALP - ok
21:52:22.0813 6752 [ 7C98E014AAE992088F7C22B2024191DD ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
21:52:22.0911 6752 AMPPALR3 - ok
21:52:23.0000 6752 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:52:23.0034 6752 AntiVirSchedulerService - ok
21:52:23.0082 6752 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:52:23.0103 6752 AntiVirService - ok
21:52:23.0145 6752 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:52:23.0315 6752 AppID - ok
21:52:23.0386 6752 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:52:23.0499 6752 AppIDSvc - ok
21:52:23.0549 6752 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
21:52:23.0645 6752 Appinfo - ok
21:52:23.0668 6752 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
21:52:23.0775 6752 AppMgmt - ok
21:52:23.0800 6752 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:52:23.0835 6752 arc - ok
21:52:23.0853 6752 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:52:23.0890 6752 arcsas - ok
21:52:23.0905 6752 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:52:24.0071 6752 AsyncMac - ok
21:52:24.0127 6752 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:52:24.0158 6752 atapi - ok
21:52:24.0209 6752 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:52:24.0302 6752 AudioEndpointBuilder - ok
21:52:24.0358 6752 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:52:24.0418 6752 Audiosrv - ok
21:52:24.0474 6752 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:52:24.0507 6752 avgntflt - ok
21:52:24.0564 6752 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:52:24.0603 6752 avipbb - ok
21:52:24.0657 6752 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:52:24.0687 6752 avkmgr - ok
21:52:24.0732 6752 [ D4920FA1E0DC90FF97D970971410EE64 ] avmaura C:\Windows\system32\DRIVERS\avmaura.sys
21:52:24.0795 6752 avmaura - ok
21:52:24.0860 6752 [ 2A37D2DD959166531F7172CD1DE21964 ] avmike C:\Program Files\FRITZ!Fernzugang\avmike.exe
21:52:24.0884 6752 avmike - ok
21:52:24.0971 6752 [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
21:52:24.0991 6752 AxAutoMntSrv - ok
21:52:25.0039 6752 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:52:25.0133 6752 AxInstSV - ok
21:52:25.0203 6752 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:52:25.0310 6752 b06bdrv - ok
21:52:25.0330 6752 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:52:25.0395 6752 b57nd60x - ok
21:52:25.0458 6752 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:52:25.0607 6752 BDESVC - ok
21:52:25.0654 6752 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:52:25.0754 6752 Beep - ok
21:52:25.0814 6752 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:52:25.0900 6752 BFE - ok
21:52:25.0948 6752 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:52:26.0049 6752 BITS - ok
21:52:26.0124 6752 [ 66F655B08EED3230E059D197C8A1969B ] bizVSerial C:\Windows\system32\drivers\bizVSerialNT.sys
21:52:26.0144 6752 bizVSerial ( UnsignedFile.Multi.Generic ) - warning
21:52:26.0144 6752 bizVSerial - detected UnsignedFile.Multi.Generic (1)
21:52:26.0159 6752 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:52:26.0222 6752 blbdrive - ok
21:52:26.0278 6752 [ D002033C1A37F6AF51B5F0BA6D0211BC ] BMLoad C:\Windows\system32\drivers\BMLoad.sys
21:52:26.0301 6752 BMLoad ( UnsignedFile.Multi.Generic ) - warning
21:52:26.0301 6752 BMLoad - detected UnsignedFile.Multi.Generic (1)
21:52:26.0347 6752 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:52:26.0442 6752 bowser - ok
21:52:26.0448 6752 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:52:26.0543 6752 BrFiltLo - ok
21:52:26.0598 6752 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:52:26.0635 6752 BrFiltUp - ok
21:52:26.0680 6752 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:52:26.0793 6752 Browser - ok
21:52:26.0841 6752 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:52:26.0944 6752 Brserid - ok
21:52:26.0962 6752 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:52:27.0009 6752 BrSerWdm - ok
21:52:27.0025 6752 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:52:27.0070 6752 BrUsbMdm - ok
21:52:27.0077 6752 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:52:27.0127 6752 BrUsbSer - ok
21:52:27.0177 6752 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:52:27.0370 6752 BthEnum - ok
21:52:27.0391 6752 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:52:27.0429 6752 BTHMODEM - ok
21:52:27.0463 6752 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:52:27.0501 6752 BthPan - ok
21:52:27.0545 6752 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:52:27.0637 6752 BTHPORT - ok
21:52:27.0671 6752 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:52:27.0744 6752 bthserv - ok
21:52:27.0788 6752 [ 79EBA8852D377115E725D241545F3576 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
21:52:27.0819 6752 BTHSSecurityMgr - ok
21:52:27.0831 6752 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:52:27.0874 6752 BTHUSB - ok
21:52:27.0917 6752 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
21:52:27.0946 6752 btusbflt - ok
21:52:27.0980 6752 [ F8B4F60768328FAA2FFE2727F66809F8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:52:28.0012 6752 btwaudio - ok
21:52:28.0041 6752 [ FA7446DD38DE84D4988D1F2EBB854589 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
21:52:28.0080 6752 btwavdt - ok
21:52:28.0157 6752 [ 5C24AEC670B9CCE7F2AF6DE74677CEB4 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
21:52:28.0233 6752 btwdins - ok
21:52:28.0254 6752 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:52:28.0277 6752 btwl2cap - ok
21:52:28.0291 6752 [ D5862FBC1CBC0404614FD9D85C8D880E ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:52:28.0317 6752 btwrchid - ok
21:52:28.0340 6752 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:52:28.0419 6752 cdfs - ok
21:52:28.0470 6752 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:52:28.0575 6752 cdrom - ok
21:52:28.0615 6752 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:52:28.0676 6752 CertPropSvc - ok
21:52:28.0735 6752 [ 17DEE799B508DCF61A3B60DBE1CBAABB ] certsrv C:\Program Files\FRITZ!Fernzugang\certsrv.exe
21:52:28.0753 6752 certsrv - ok
21:52:28.0761 6752 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:52:28.0804 6752 circlass - ok
21:52:28.0867 6752 [ BDF4915D53BDEF80738A30AC3F7CDC76 ] cjpcsc C:\Windows\system32\cjpcsc.exe
21:52:28.0901 6752 cjpcsc - ok
21:52:28.0929 6752 [ 997CBCE9E5DCFD9216452F609AE74B18 ] cjusb C:\Windows\system32\DRIVERS\cjusb.sys
21:52:28.0953 6752 cjusb - ok
21:52:28.0981 6752 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:52:29.0013 6752 CLFS - ok
21:52:29.0058 6752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:52:29.0098 6752 clr_optimization_v2.0.50727_32 - ok
21:52:29.0153 6752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:52:29.0186 6752 clr_optimization_v4.0.30319_32 - ok
21:52:29.0210 6752 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:52:29.0241 6752 CmBatt - ok
21:52:29.0254 6752 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:52:29.0284 6752 cmdide - ok
21:52:29.0330 6752 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
21:52:29.0400 6752 CNG - ok
21:52:29.0464 6752 [ 2FE437862D0CAA879B3C01EF353EDDA7 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
21:52:29.0543 6752 CnxtHdAudService - ok
21:52:29.0563 6752 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:52:29.0594 6752 Compbatt - ok
21:52:29.0640 6752 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:52:29.0686 6752 CompositeBus - ok
21:52:29.0707 6752 COMSysApp - ok
21:52:29.0727 6752 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:52:29.0766 6752 crcdisk - ok
21:52:29.0807 6752 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:52:29.0891 6752 CryptSvc - ok
21:52:29.0931 6752 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
21:52:30.0052 6752 CSC - ok
21:52:30.0093 6752 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
21:52:30.0135 6752 CscService - ok
21:52:30.0155 6752 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:52:30.0232 6752 DcomLaunch - ok
21:52:30.0253 6752 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:52:30.0323 6752 defragsvc - ok
21:52:30.0363 6752 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:52:30.0434 6752 DfsC - ok
21:52:30.0491 6752 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:52:30.0583 6752 Dhcp - ok
21:52:30.0616 6752 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:52:30.0684 6752 discache - ok
21:52:30.0699 6752 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:52:30.0734 6752 Disk - ok
21:52:30.0772 6752 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:52:30.0857 6752 Dnscache - ok
21:52:30.0895 6752 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:52:30.0988 6752 dot3svc - ok
21:52:31.0042 6752 [ 3C2FEC38D9D825C69C29FE5EB7339CB5 ] DozeHDD C:\Windows\system32\DRIVERS\DozeHDD.sys
21:52:31.0069 6752 DozeHDD - ok
21:52:31.0129 6752 [ A318DF063DF2BC2C5F81644997068631 ] DozeSvc C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
21:52:31.0175 6752 DozeSvc - ok
21:52:31.0213 6752 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:52:31.0285 6752 DPS - ok
21:52:31.0307 6752 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:52:31.0352 6752 drmkaud - ok
21:52:31.0397 6752 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:52:31.0487 6752 DXGKrnl - ok
21:52:31.0533 6752 [ BBE75ED2A421A637C783ED5962E36C7A ] e1kexpress C:\Windows\system32\DRIVERS\e1k6232.sys
21:52:31.0566 6752 e1kexpress - ok
21:52:31.0601 6752 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:52:31.0669 6752 EapHost - ok
21:52:31.0791 6752 [ 98CB51EC5384635EA6B303D5648EEF1F ] EaseUS Agent C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
21:52:31.0841 6752 EaseUS Agent - ok
21:52:31.0931 6752 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:52:32.0119 6752 ebdrv - ok
21:52:32.0157 6752 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:52:32.0245 6752 EFS - ok
21:52:32.0312 6752 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:52:32.0482 6752 ehRecvr - ok
21:52:32.0499 6752 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:52:32.0564 6752 ehSched - ok
21:52:32.0587 6752 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:52:32.0652 6752 elxstor - ok
21:52:32.0694 6752 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:52:32.0729 6752 ErrDev - ok
21:52:32.0774 6752 [ 22FDB5D0073C0D9FA76AD2C6BB690168 ] EUBAKUP C:\Windows\system32\drivers\eubakup.sys
21:52:32.0804 6752 EUBAKUP - ok
21:52:32.0840 6752 [ 5EB44A9E55A729A73F7C736F340B8441 ] EUBKMON C:\Windows\system32\drivers\EUBKMON.sys
21:52:32.0865 6752 EUBKMON - ok
21:52:32.0888 6752 [ 01E0F73657216A1014B72A5CCB8B06F0 ] EUDSKACS C:\Windows\system32\drivers\eudskacs.sys
21:52:32.0913 6752 EUDSKACS - ok
21:52:32.0940 6752 [ B5C2C3CC10A886A612479C96A80B95CD ] EUFDDISK C:\Windows\system32\drivers\EuFdDisk.sys
21:52:32.0976 6752 EUFDDISK - ok
21:52:33.0015 6752 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:52:33.0086 6752 EventSystem - ok
21:52:33.0158 6752 [ BA0438030506CD093286A5DF7D1385A5 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:52:33.0250 6752 EvtEng - ok
21:52:33.0300 6752 [ B0B03560D4DB067B60789FC385762510 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
21:52:33.0388 6752 ewusbnet - ok
21:52:33.0439 6752 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
21:52:33.0522 6752 ew_hwusbdev - ok
21:52:33.0541 6752 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:52:33.0623 6752 exfat - ok
21:52:33.0643 6752 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:52:33.0734 6752 fastfat - ok
21:52:33.0777 6752 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:52:33.0869 6752 Fax - ok
21:52:33.0887 6752 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:52:33.0920 6752 fdc - ok
21:52:33.0939 6752 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:52:34.0018 6752 fdPHost - ok
21:52:34.0036 6752 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:52:34.0110 6752 FDResPub - ok
21:52:34.0127 6752 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:52:34.0160 6752 FileInfo - ok
21:52:34.0171 6752 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:52:34.0259 6752 Filetrace - ok
21:52:34.0324 6752 FirebirdGuardianDefaultInstance - ok
21:52:34.0329 6752 FirebirdServerDefaultInstance - ok
21:52:34.0347 6752 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:52:34.0391 6752 flpydisk - ok
21:52:34.0430 6752 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:52:34.0461 6752 FltMgr - ok
21:52:34.0514 6752 [ 39C78996EBC9580A0173A12A015258A2 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
21:52:34.0570 6752 FLxHCIc - ok
21:52:34.0630 6752 [ D2CB1DCF5D10074E801AAE1A10DBB37B ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
21:52:34.0689 6752 FLxHCIh - ok
21:52:34.0728 6752 [ 784FFBA7EE5C5F3A396407E4712F72F0 ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
21:52:34.0746 6752 FNETURPX ( UnsignedFile.Multi.Generic ) - warning
21:52:34.0746 6752 FNETURPX - detected UnsignedFile.Multi.Generic (1)
21:52:34.0801 6752 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
21:52:34.0922 6752 FontCache - ok
21:52:34.0968 6752 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:52:35.0020 6752 FontCache3.0.0.0 - ok
21:52:35.0042 6752 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:52:35.0081 6752 FsDepends - ok
21:52:35.0130 6752 [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:52:35.0173 6752 fssfltr - ok
21:52:35.0279 6752 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:52:35.0415 6752 fsssvc - ok
21:52:35.0457 6752 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:52:35.0489 6752 Fs_Rec - ok
21:52:35.0528 6752 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:52:35.0564 6752 fvevol - ok
21:52:35.0591 6752 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:52:35.0624 6752 gagp30kx - ok
21:52:35.0668 6752 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:52:35.0749 6752 gpsvc - ok
21:52:35.0781 6752 [ 2FC26B450D640F72E59F43DF1D48F439 ] Guard Agent C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
21:52:35.0857 6752 Guard Agent - ok
21:52:35.0927 6752 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:52:35.0950 6752 gupdate - ok
21:52:35.0978 6752 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:52:35.0998 6752 gupdatem - ok
21:52:36.0051 6752 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:52:36.0088 6752 gusvc - ok
21:52:36.0102 6752 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:52:36.0203 6752 hcw85cir - ok
21:52:36.0248 6752 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:52:36.0312 6752 HdAudAddService - ok
21:52:36.0340 6752 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:52:36.0396 6752 HDAudBus - ok
21:52:36.0415 6752 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
21:52:36.0473 6752 HECI - ok
21:52:36.0611 6752 [ 8D5012A70F02C30434FDFB6A2E248ADA ] HI-epanel-Reporting-Service C:\Program Files\Digital Trends Club\HI-epanel-Reporting.exe
21:52:36.0860 6752 HI-epanel-Reporting-Service - ok
21:52:36.0905 6752 [ 1036C3EB8810E3E371ED5B1B376F8867 ] HI-epanel-Update-Service C:\Program Files\Digital Trends Club\HI-epanel-Updater.exe
21:52:37.0014 6752 HI-epanel-Update-Service - ok
21:52:37.0140 6752 [ 9C457B83495827F883BCE1479D77AC12 ] HI-epanelLSPService C:\Program Files\HI-epanelLSPService\HI-epanelLSPService.exe
21:52:37.0304 6752 HI-epanelLSPService - ok
21:52:37.0321 6752 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:52:37.0366 6752 HidBatt - ok
21:52:37.0389 6752 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:52:37.0444 6752 HidBth - ok
21:52:37.0469 6752 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:52:37.0520 6752 HidIr - ok
21:52:37.0548 6752 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:52:37.0633 6752 hidserv - ok
21:52:38.0706 6752 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:52:38.0789 6752 HidUsb - ok
21:52:38.0854 6752 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:52:38.0927 6752 hkmsvc - ok
21:52:38.0963 6752 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:52:39.0081 6752 HomeGroupListener - ok
21:52:39.0136 6752 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:52:39.0209 6752 HomeGroupProvider - ok
21:52:39.0256 6752 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:52:39.0292 6752 HpSAMD - ok
21:52:39.0329 6752 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
21:52:39.0421 6752 HsfXAudioService - ok
21:52:39.0469 6752 [ CAAA4433360FD337CF68A1B0719F9CC1 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:52:39.0564 6752 HSF_DPV - ok
21:52:39.0583 6752 [ CB049FA2CE718F7468BE50F3D7192370 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:52:39.0636 6752 HSXHWAZL - ok
21:52:39.0686 6752 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:52:39.0794 6752 HTTP - ok
21:52:39.0831 6752 [ 00B363D211909FB85BC6300A3214AC03 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
21:52:39.0959 6752 huawei_enumerator - ok
21:52:39.0991 6752 [ 1C09309A3D793C57EF87AC60C6BBD739 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:52:40.0092 6752 hwdatacard - ok
21:52:40.0129 6752 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:52:40.0153 6752 hwpolicy - ok
21:52:40.0225 6752 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:52:40.0296 6752 i8042prt - ok
21:52:40.0391 6752 [ 287FD6BE9A9938F103789CE0267B7980 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:52:40.0425 6752 iaStor - ok
21:52:40.0543 6752 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:52:40.0695 6752 iaStorV - ok
21:52:40.0735 6752 [ D5FBD39C4ABEB8999C654E7B2DE36EDD ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:52:40.0875 6752 IBMPMDRV - ok
21:52:40.0903 6752 [ A6CC6D80CC88721B3A3D47309D370886 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
21:52:40.0996 6752 IBMPMSVC - ok
21:52:41.0102 6752 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:52:41.0367 6752 idsvc - ok
21:52:41.0568 6752 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:52:41.0919 6752 igfx - ok
21:52:41.0943 6752 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:52:41.0976 6752 iirsp - ok
21:52:42.0035 6752 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:52:42.0120 6752 IKEEXT - ok
21:52:42.0168 6752 [ 2DB41BA61D5E44D0667CF126D35DCF34 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
21:52:42.0231 6752 Impcd - ok
21:52:42.0268 6752 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:52:42.0297 6752 intelide - ok
21:52:42.0342 6752 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:52:42.0387 6752 intelppm - ok
21:52:42.0418 6752 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:52:42.0514 6752 IPBusEnum - ok
21:52:42.0533 6752 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:52:42.0612 6752 IpFilterDriver - ok
21:52:42.0748 6752 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:52:42.0832 6752 iphlpsvc - ok
21:52:42.0869 6752 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:52:42.0921 6752 IPMIDRV - ok
21:52:42.0940 6752 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:52:43.0044 6752 IPNAT - ok
21:52:43.0066 6752 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:52:43.0133 6752 IRENUM - ok
21:52:43.0177 6752 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:52:43.0211 6752 isapnp - ok
21:52:43.0282 6752 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:52:43.0373 6752 iScsiPrt - ok
21:52:43.0413 6752 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:52:43.0435 6752 IviRegMgr - ok
21:52:43.0455 6752 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:52:43.0489 6752 kbdclass - ok
21:52:43.0531 6752 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:52:43.0573 6752 kbdhid - ok
21:52:43.0582 6752 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:52:43.0611 6752 KeyIso - ok
21:52:43.0657 6752 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:52:43.0682 6752 KSecDD - ok
21:52:43.0714 6752 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:52:43.0758 6752 KSecPkg - ok
21:52:43.0883 6752 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:52:43.0997 6752 KtmRm - ok
21:52:44.0054 6752 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:52:44.0147 6752 LanmanServer - ok
21:52:44.0170 6752 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:52:44.0251 6752 LanmanWorkstation - ok
21:52:44.0378 6752 [ 4FA5CC9894985D5FBDE54274A845658C ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
21:52:44.0409 6752 LENOVO.CAMMUTE - ok
21:52:44.0490 6752 [ 7CFE36AF06E9C0984021796EDC8AC207 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
21:52:44.0529 6752 LENOVO.MICMUTE - ok
21:52:44.0549 6752 [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
21:52:44.0578 6752 lenovo.smi - ok
21:52:44.0648 6752 [ 4CBD2A666168C4A9A4EB0797A2E29BFD ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
21:52:44.0682 6752 LENOVO.TPKNRSVC - ok
21:52:44.0751 6752 [ 158B67696EC8602CE71F9AA4F14AA96F ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
21:52:44.0795 6752 Lenovo.VIRTSCRLSVC - ok
21:52:44.0850 6752 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:52:44.0942 6752 lltdio - ok
21:52:44.0970 6752 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:52:45.0066 6752 lltdsvc - ok
21:52:45.0078 6752 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:52:45.0143 6752 lmhosts - ok
21:52:45.0270 6752 [ 25884CA77F8D926B69167BC231D3726E ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:52:45.0301 6752 LMS - ok
21:52:45.0331 6752 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:52:45.0376 6752 LSI_FC - ok
21:52:45.0404 6752 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:52:45.0441 6752 LSI_SAS - ok
21:52:45.0478 6752 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:52:45.0515 6752 LSI_SAS2 - ok
21:52:45.0546 6752 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:52:45.0584 6752 LSI_SCSI - ok
21:52:45.0602 6752 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:52:45.0681 6752 luafv - ok
21:52:45.0739 6752 [ 59A2783ABA6019BED0C843C706E10A6A ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
21:52:45.0786 6752 massfilter - ok
21:52:45.0850 6752 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
21:52:45.0887 6752 MatSvc - ok
21:52:45.0918 6752 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:52:45.0952 6752 MBAMProtector - ok
21:52:46.0115 6752 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:52:46.0166 6752 MBAMScheduler - ok
21:52:46.0209 6752 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:52:46.0282 6752 MBAMService - ok
21:52:46.0327 6752 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:52:46.0367 6752 Mcx2Svc - ok
21:52:46.0411 6752 [ A027DE1E6C11BD2DAF61F6F276B2299F ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:52:46.0437 6752 mdmxsdk - ok
21:52:46.0464 6752 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:52:46.0503 6752 megasas - ok
21:52:46.0550 6752 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:52:46.0601 6752 MegaSR - ok
21:52:46.0650 6752 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:52:46.0725 6752 MMCSS - ok
21:52:46.0750 6752 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:52:46.0829 6752 Modem - ok
21:52:46.0878 6752 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:52:46.0938 6752 monitor - ok
21:52:46.0953 6752 motandroidusb - ok
21:52:46.0975 6752 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:52:47.0010 6752 mouclass - ok
21:52:47.0032 6752 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:52:47.0072 6752 mouhid - ok
21:52:47.0107 6752 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:52:47.0145 6752 mountmgr - ok
21:52:47.0193 6752 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:52:47.0230 6752 MozillaMaintenance - ok
21:52:47.0255 6752 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:52:47.0295 6752 mpio - ok
21:52:47.0327 6752 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:52:47.0403 6752 mpsdrv - ok
21:52:47.0545 6752 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:52:47.0622 6752 MpsSvc - ok
21:52:47.0664 6752 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:52:47.0708 6752 MRxDAV - ok
21:52:47.0752 6752 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:52:47.0818 6752 mrxsmb - ok
21:52:47.0855 6752 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:52:47.0911 6752 mrxsmb10 - ok
21:52:47.0924 6752 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:52:47.0969 6752 mrxsmb20 - ok
21:52:48.0009 6752 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:52:48.0041 6752 msahci - ok
21:52:48.0091 6752 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:52:48.0129 6752 msdsm - ok
21:52:48.0143 6752 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:52:48.0199 6752 MSDTC - ok
21:52:48.0230 6752 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:52:48.0295 6752 Msfs - ok
21:52:48.0311 6752 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:52:48.0383 6752 mshidkmdf - ok
21:52:48.0401 6752 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:52:48.0430 6752 msisadrv - ok
21:52:48.0459 6752 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:52:48.0532 6752 MSiSCSI - ok
21:52:48.0544 6752 msiserver - ok
21:52:48.0564 6752 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:52:48.0625 6752 MSKSSRV - ok
21:52:48.0634 6752 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:52:48.0703 6752 MSPCLOCK - ok
21:52:48.0709 6752 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:52:48.0778 6752 MSPQM - ok
21:52:48.0797 6752 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:52:48.0825 6752 MsRPC - ok
21:52:48.0866 6752 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:52:48.0897 6752 mssmbios - ok
21:52:48.0903 6752 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:52:48.0966 6752 MSTEE - ok
21:52:48.0973 6752 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:52:49.0006 6752 MTConfig - ok
21:52:49.0021 6752 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:52:49.0046 6752 Mup - ok
21:52:49.0089 6752 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:52:49.0153 6752 napagent - ok
21:52:49.0181 6752 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:52:49.0220 6752 NativeWifiP - ok
21:52:49.0268 6752 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:52:49.0320 6752 NDIS - ok
21:52:49.0342 6752 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:52:49.0414 6752 NdisCap - ok
21:52:49.0481 6752 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:52:49.0547 6752 NdisTapi - ok
21:52:49.0582 6752 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:52:49.0644 6752 Ndisuio - ok
21:52:49.0681 6752 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:52:49.0757 6752 NdisWan - ok
21:52:49.0790 6752 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:52:49.0855 6752 NDProxy - ok
21:52:49.0874 6752 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:52:49.0947 6752 NetBIOS - ok
21:52:49.0982 6752 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:52:50.0080 6752 NetBT - ok
21:52:50.0099 6752 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:52:50.0127 6752 Netlogon - ok
21:52:50.0161 6752 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:52:50.0243 6752 Netman - ok
21:52:50.0261 6752 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:52:50.0339 6752 netprofm - ok
21:52:50.0381 6752 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:52:50.0418 6752 NetTcpPortSharing - ok
21:52:50.0548 6752 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
21:52:50.0834 6752 NETw5s32 - ok
21:52:50.0951 6752 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
21:52:51.0151 6752 netw5v32 - ok
21:52:51.0367 6752 [ 64177D4E118C93585F1F20D90A294291 ] NETwNs32 C:\Windows\system32\DRIVERS\Netwsn00.sys
21:52:51.0777 6752 NETwNs32 - ok
21:52:51.0796 6752 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:52:51.0828 6752 nfrd960 - ok
21:52:51.0867 6752 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:52:51.0906 6752 NlaSvc - ok
21:52:51.0964 6752 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
21:52:51.0993 6752 NPF - ok
21:52:52.0008 6752 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:52:52.0073 6752 Npfs - ok
21:52:52.0092 6752 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:52:52.0153 6752 nsi - ok
21:52:52.0172 6752 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:52:52.0243 6752 nsiproxy - ok
21:52:52.0302 6752 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:52:52.0413 6752 Ntfs - ok
21:52:52.0428 6752 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:52:52.0503 6752 Null - ok
21:52:52.0583 6752 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
21:52:52.0623 6752 NVHDA - ok
21:52:52.0825 6752 [ 1CCE9097830775F447DD78BD1B35FC8E ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:52:53.0313 6752 nvlddmkm - ok
21:52:53.0339 6752 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:52:53.0377 6752 nvraid - ok
21:52:53.0412 6752 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:52:53.0451 6752 nvstor - ok
21:52:53.0507 6752 [ 0136C91BBD22751D79940E62AC95195F ] nvsvc C:\Windows\system32\nvvsvc.exe
21:52:53.0561 6752 nvsvc - ok
21:52:53.0616 6752 [ 7A627EAEEEDDFEA0F0850AC49935E32F ] NvtlService C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
21:52:53.0644 6752 NvtlService ( UnsignedFile.Multi.Generic ) - warning
21:52:53.0645 6752 NvtlService - detected UnsignedFile.Multi.Generic (1)
21:52:53.0685 6752 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:52:53.0721 6752 nv_agp - ok
21:52:53.0775 6752 [ 1DB56FB91B2F7E5A236CA41018C749B4 ] NWIM C:\Windows\system32\DRIVERS\avmnwim.sys
21:52:53.0809 6752 NWIM - ok
21:52:53.0874 6752 [ 7B07F7DF3173B510DC917D60FF90287A ] nwtsrv C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
21:52:53.0895 6752 nwtsrv - ok
21:52:53.0929 6752 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:52:53.0973 6752 ohci1394 - ok
21:52:54.0028 6752 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:52:54.0106 6752 p2pimsvc - ok
21:52:54.0121 6752 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:52:54.0177 6752 p2psvc - ok
21:52:54.0202 6752 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:52:54.0246 6752 Parport - ok
21:52:54.0288 6752 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:52:54.0324 6752 partmgr - ok
21:52:54.0339 6752 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:52:54.0391 6752 Parvdm - ok
21:52:54.0411 6752 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:52:54.0452 6752 PcaSvc - ok
21:52:54.0535 6752 [ 2DD9D5A9150C7015AC7F215EFA59E44F ] PCDSRVC{3037D694-FD904ACA-06020200}_0 c:\program files\pc-doctor\pcdsrvc.pkms
21:52:54.0597 6752 PCDSRVC{3037D694-FD904ACA-06020200}_0 - ok
21:52:54.0636 6752 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:52:54.0665 6752 pci - ok
21:52:54.0700 6752 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:52:54.0730 6752 pciide - ok
21:52:54.0744 6752 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:52:54.0788 6752 pcmcia - ok
21:52:54.0799 6752 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:52:54.0832 6752 pcw - ok
21:52:54.0857 6752 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:52:54.0961 6752 PEAUTH - ok
21:52:54.0994 6752 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:52:55.0114 6752 PeerDistSvc - ok
21:52:55.0209 6752 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:52:55.0401 6752 pla - ok
21:52:55.0441 6752 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:52:55.0512 6752 PlugPlay - ok
21:52:55.0526 6752 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:52:55.0573 6752 PNRPAutoReg - ok
21:52:55.0596 6752 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:52:55.0629 6752 PNRPsvc - ok
21:52:55.0651 6752 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:52:55.0717 6752 PolicyAgent - ok
21:52:55.0763 6752 [ AC42F771CC29727BD1663F211E9AC507 ] Power C:\Windows\system32\umpo.dll
21:52:55.0817 6752 Power - ok
21:52:55.0925 6752 [ 3B16225148411403003BE4053CA2B463 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
21:52:56.0067 6752 Power Manager DBC Service - ok
21:52:56.0096 6752 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:52:56.0166 6752 PptpMiniport - ok
21:52:56.0190 6752 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:52:56.0234 6752 Processor - ok
21:52:56.0280 6752 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:52:56.0354 6752 ProfSvc - ok
21:52:56.0366 6752 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:52:56.0404 6752 ProtectedStorage - ok
21:52:56.0436 6752 [ 80DDC44934305224AEBFC37A264803C2 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
21:52:56.0463 6752 psadd - ok
21:52:56.0489 6752 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:52:56.0550 6752 Psched - ok
21:52:56.0609 6752 [ EAE5215A662EB1EF367717C434F452AD ] PwmEWSvc C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
21:52:56.0760 6752 PwmEWSvc - ok
21:52:56.0812 6752 [ 34A8537519C22AE23E0D2041B47B577D ] qcfilterlno2k C:\Windows\system32\DRIVERS\qcfilterlno2k.sys
21:52:56.0864 6752 qcfilterlno2k - ok
21:52:56.0928 6752 [ 65F798F08BC72C86D88FD2C02CFEFCC9 ] qcusbnetlno2k C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys
21:52:56.0987 6752 qcusbnetlno2k - ok
21:52:57.0005 6752 [ 4880521E79BA4C18013BC2F2331AF2FF ] qcusbserlno2k C:\Windows\system32\DRIVERS\qcusbserlno2k.sys
21:52:57.0060 6752 qcusbserlno2k - ok
21:52:57.0157 6752 [ D36BFE02494BC70707EEFCDC18FB16C7 ] QDLService2kLenovo C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
21:52:57.0301 6752 QDLService2kLenovo - ok
21:52:57.0343 6752 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:52:57.0454 6752 ql2300 - ok
21:52:57.0475 6752 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:52:57.0512 6752 ql40xx - ok
21:52:57.0535 6752 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:52:57.0606 6752 QWAVE - ok
21:52:57.0623 6752 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:52:57.0665 6752 QWAVEdrv - ok
21:52:57.0720 6752 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
21:52:57.0748 6752 RapiMgr - ok
21:52:57.0758 6752 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:52:57.0823 6752 RasAcd - ok
21:52:57.0849 6752 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:52:57.0919 6752 RasAgileVpn - ok
21:52:57.0939 6752 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:52:58.0019 6752 RasAuto - ok
21:52:58.0035 6752 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:52:58.0112 6752 Rasl2tp - ok
21:52:58.0163 6752 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:52:58.0237 6752 RasMan - ok
21:52:58.0252 6752 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:52:58.0318 6752 RasPppoe - ok
21:52:58.0336 6752 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:52:58.0401 6752 RasSstp - ok
21:52:58.0441 6752 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:52:58.0509 6752 rdbss - ok
21:52:58.0524 6752 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:52:58.0571 6752 rdpbus - ok
21:52:58.0606 6752 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:52:58.0675 6752 RDPCDD - ok
21:52:58.0699 6752 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:52:58.0807 6752 RDPDR - ok
21:52:58.0830 6752 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:52:58.0887 6752 RDPENCDD - ok
21:52:58.0906 6752 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:52:58.0971 6752 RDPREFMP - ok
21:52:59.0033 6752 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:52:59.0081 6752 RdpVideoMiniport - ok
21:52:59.0125 6752 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:52:59.0218 6752 RDPWD - ok
21:52:59.0276 6752 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:52:59.0319 6752 rdyboost - ok
21:52:59.0346 6752 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
21:52:59.0367 6752 regi - ok
21:52:59.0405 6752 [ 64CA2D28CA1AAFE1DCAEFD96A6D5174B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:52:59.0425 6752 RegSrvc - ok
21:52:59.0446 6752 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:52:59.0520 6752 RemoteAccess - ok
21:52:59.0544 6752 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:52:59.0610 6752 RemoteRegistry - ok
21:52:59.0636 6752 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:52:59.0690 6752 RFCOMM - ok
21:52:59.0721 6752 [ E891F07815AF88075705EF6A248711F6 ] rimspci C:\Windows\system32\DRIVERS\rimspe86.sys
21:52:59.0775 6752 rimspci - ok
21:52:59.0822 6752 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
21:52:59.0877 6752 rpcapd - ok
21:52:59.0900 6752 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:52:59.0977 6752 RpcEptMapper - ok
21:52:59.0995 6752 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:53:00.0033 6752 RpcLocator - ok
21:53:00.0072 6752 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:53:00.0133 6752 RpcSs - ok
21:53:00.0161 6752 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:53:00.0248 6752 rspndr - ok
21:53:00.0281 6752 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:53:00.0332 6752 s3cap - ok
21:53:00.0341 6752 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:53:00.0364 6752 SamSs - ok
21:53:00.0406 6752 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:53:00.0440 6752 sbp2port - ok
21:53:00.0456 6752 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:53:00.0524 6752 SCardSvr - ok
21:53:00.0534 6752 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:53:00.0595 6752 scfilter - ok
21:53:00.0644 6752 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:53:00.0789 6752 Schedule - ok
21:53:00.0823 6752 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:53:00.0876 6752 SCPolicySvc - ok
21:53:00.0924 6752 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:53:00.0970 6752 sdbus - ok
21:53:01.0008 6752 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:53:01.0078 6752 SDRSVC - ok
21:53:01.0189 6752 [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
21:53:01.0370 6752 SDScannerService - ok
21:53:01.0416 6752 [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
21:53:01.0518 6752 SDUpdateService - ok
21:53:01.0532 6752 [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
21:53:01.0558 6752 SDWSCService - ok

**Benutzer** · 2013-07-01, 22:12

21:53:01.0577 6752 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:53:01.0639 6752 secdrv - ok
21:53:01.0662 6752 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:53:01.0731 6752 seclogon - ok
21:53:01.0746 6752 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:53:01.0811 6752 SENS - ok
21:53:01.0823 6752 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:53:01.0870 6752 SensrSvc - ok
21:53:01.0886 6752 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:53:01.0932 6752 Serenum - ok
21:53:01.0952 6752 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:53:02.0000 6752 Serial - ok
21:53:02.0035 6752 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:53:02.0079 6752 sermouse - ok
21:53:02.0124 6752 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:53:02.0193 6752 SessionEnv - ok
21:53:02.0225 6752 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
21:53:02.0269 6752 sffdisk - ok
21:53:02.0290 6752 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:53:02.0332 6752 sffp_mmc - ok
21:53:02.0347 6752 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
21:53:02.0381 6752 sffp_sd - ok
21:53:02.0393 6752 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:53:02.0435 6752 sfloppy - ok
21:53:02.0470 6752 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:53:02.0563 6752 SharedAccess - ok
21:53:02.0582 6752 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:53:02.0650 6752 ShellHWDetection - ok
21:53:02.0684 6752 [ DA9E304518531DE07E56507DF91BAABC ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
21:53:02.0724 6752 Shockprf - ok
21:53:02.0762 6752 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:53:02.0798 6752 sisagp - ok
21:53:02.0809 6752 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:53:02.0842 6752 SiSRaid2 - ok
21:53:02.0855 6752 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:53:02.0892 6752 SiSRaid4 - ok
21:53:03.0050 6752 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
21:53:03.0264 6752 Skype C2C Service - ok
21:53:03.0318 6752 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:53:03.0450 6752 SkypeUpdate - ok
21:53:03.0487 6752 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:53:03.0554 6752 Smb - ok
21:53:03.0602 6752 [ A8C0ECBDECF82CFAEBA28991A1217415 ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
21:53:03.0630 6752 SmbDrvI - ok
21:53:03.0688 6752 [ 3C4A61CCB2CF32ED6E09F559B4ADB6CF ] smihlp2 C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
21:53:03.0710 6752 smihlp2 - ok
21:53:03.0743 6752 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:53:03.0791 6752 SNMPTRAP - ok
21:53:03.0797 6752 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:53:03.0826 6752 spldr - ok
21:53:03.0865 6752 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:53:03.0961 6752 Spooler - ok
21:53:04.0066 6752 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:53:04.0233 6752 sppsvc - ok
21:53:04.0297 6752 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:53:04.0363 6752 sppuinotify - ok
21:53:04.0405 6752 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\Windows\System32\Drivers\sptd.sys
21:53:04.0491 6752 sptd - ok
21:53:04.0551 6752 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:53:04.0596 6752 SQLWriter - ok
21:53:04.0637 6752 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:53:04.0720 6752 srv - ok
21:53:04.0737 6752 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:53:04.0799 6752 srv2 - ok
21:53:04.0829 6752 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:53:04.0879 6752 SrvHsfHDA - ok
21:53:04.0912 6752 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:53:04.0992 6752 SrvHsfV92 - ok
21:53:05.0015 6752 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:53:05.0080 6752 SrvHsfWinac - ok
21:53:05.0096 6752 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:53:05.0130 6752 srvnet - ok
21:53:05.0192 6752 [ 6A09C136CF33547820CB963E4D5AAF9E ] SSCBFS3 C:\Windows\system32\DRIVERS\sscbfs3.sys
21:53:05.0250 6752 SSCBFS3 - ok
21:53:05.0284 6752 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:53:05.0360 6752 SSDPSRV - ok
21:53:05.0403 6752 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:53:05.0426 6752 ssmdrv - ok
21:53:05.0439 6752 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:53:05.0509 6752 SstpSvc - ok
21:53:05.0577 6752 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
21:53:05.0599 6752 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
21:53:05.0599 6752 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
21:53:05.0687 6752 [ 17FC2EAD763F0237457817A753A5A676 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:53:05.0750 6752 Stereo Service - ok
21:53:05.0779 6752 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:53:05.0811 6752 stexstor - ok
21:53:05.0859 6752 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:53:05.0937 6752 StiSvc - ok
21:53:05.0979 6752 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:53:06.0011 6752 storflt - ok
21:53:06.0021 6752 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
21:53:06.0089 6752 StorSvc - ok
21:53:06.0103 6752 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:53:06.0133 6752 storvsc - ok
21:53:06.0213 6752 [ 9D4A85334D002B6A6FDB7C5F3E3722EB ] SUService C:\Program Files\Lenovo\System Update\SUService.exe
21:53:06.0240 6752 SUService - ok
21:53:06.0274 6752 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:53:06.0307 6752 swenum - ok
21:53:06.0331 6752 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:53:06.0398 6752 swprv - ok
21:53:06.0445 6752 [ 47EB81005ACCFF4075D2A0133185429B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:53:06.0498 6752 SynTP - ok
21:53:06.0578 6752 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:53:06.0689 6752 SysMain - ok
21:53:06.0726 6752 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:53:06.0786 6752 TabletInputService - ok
21:53:06.0820 6752 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:53:06.0902 6752 TapiSrv - ok
21:53:06.0942 6752 [ 827C8058C284FF0013E4462EFE2591A3 ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
21:53:06.0999 6752 tapoas - ok
21:53:07.0015 6752 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:53:07.0084 6752 TBS - ok
21:53:07.0143 6752 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:53:07.0249 6752 Tcpip - ok
21:53:07.0290 6752 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:53:07.0352 6752 TCPIP6 - ok
21:53:07.0389 6752 [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
21:53:07.0403 6752 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
21:53:07.0403 6752 tcpipBM - detected UnsignedFile.Multi.Generic (1)
21:53:07.0433 6752 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:53:07.0480 6752 tcpipreg - ok
21:53:07.0515 6752 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:53:07.0590 6752 TDPIPE - ok
21:53:07.0625 6752 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:53:07.0665 6752 TDTCP - ok
21:53:07.0701 6752 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:53:07.0761 6752 tdx - ok
21:53:08.0127 6752 [ 57DDE1395F86EE048AB25717EEB8CAEB ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
21:53:08.0301 6752 TeamViewer8 - ok
21:53:08.0342 6752 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
21:53:08.0388 6752 teamviewervpn - ok
21:53:08.0426 6752 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:53:08.0462 6752 TermDD - ok
21:53:08.0531 6752 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:53:08.0622 6752 TermService - ok
21:53:08.0679 6752 [ AB10AFD7809ABA275A8E20F215C5C0BD ] TGCM_ImportWiFiSvc C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
21:53:08.0703 6752 TGCM_ImportWiFiSvc - ok
21:53:08.0723 6752 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:53:08.0777 6752 Themes - ok
21:53:08.0827 6752 [ 6EF4145EC552A95E01BE4EA31A9AC21F ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
21:53:08.0910 6752 ThinkVantage Registry Monitor Service - ok
21:53:08.0941 6752 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:53:09.0000 6752 THREADORDER - ok
21:53:09.0030 6752 [ 8F58C4FBF3F6E5B816C47201EDE90DCE ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
21:53:09.0058 6752 TPDIGIMN - ok
21:53:09.0093 6752 [ 116156A5835224407A6DC8C44B6EF4EE ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
21:53:09.0129 6752 TPHDEXLGSVC - ok
21:53:09.0191 6752 [ AF2B31F71D685E8C5EAAA680B57D3773 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
21:53:09.0226 6752 TPHKLOAD - ok
21:53:09.0256 6752 [ 5B62F45C87CC0FB176C5358EEA6CFB4C ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
21:53:09.0290 6752 TPHKSVC - ok
21:53:09.0309 6752 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
21:53:09.0347 6752 TPM - ok
21:53:09.0377 6752 [ 8177EA8E81E397E8A2D7E213EB9FEE8F ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
21:53:09.0405 6752 TPPWRIF - ok
21:53:09.0425 6752 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:53:09.0507 6752 TrkWks - ok
21:53:09.0563 6752 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:53:09.0635 6752 TrustedInstaller - ok
21:53:09.0653 6752 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:53:09.0713 6752 tssecsrv - ok
21:53:09.0743 6752 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:53:09.0796 6752 TsUsbFlt - ok
21:53:09.0826 6752 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:53:09.0886 6752 tunnel - ok
21:53:09.0910 6752 [ C0847EDCCCEF8D4F5354E82EC9E90159 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
21:53:09.0937 6752 TurboB - ok
21:53:09.0982 6752 [ 8629F69817902D9D0F00EB3247AABA51 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:53:10.0019 6752 TurboBoost - ok
21:53:10.0096 6752 [ 4581A61AD590BC3CCDF2759D0BDD69FC ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
21:53:10.0194 6752 TVT Backup Service - ok
21:53:10.0227 6752 [ 3078906E991F29305E8066911153717E ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
21:53:10.0255 6752 TVTI2C - ok
21:53:10.0288 6752 TwonkyProxy - ok
21:53:10.0313 6752 TwonkyServer - ok
21:53:10.0320 6752 TwonkyWebDav - ok
21:53:10.0342 6752 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:53:10.0377 6752 uagp35 - ok
21:53:10.0391 6752 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:53:10.0479 6752 udfs - ok
21:53:10.0549 6752 [ EC23505F255D0DA9230A3237EF5839AD ] UI Assistant Service C:\Program Files\Mobile Partner Manager\AssistantServices.exe
21:53:10.0595 6752 UI Assistant Service ( UnsignedFile.Multi.Generic ) - warning
21:53:10.0595 6752 UI Assistant Service - detected UnsignedFile.Multi.Generic (1)
21:53:10.0623 6752 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:53:10.0665 6752 UI0Detect - ok
21:53:10.0685 6752 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:53:10.0717 6752 uliagpkx - ok
21:53:10.0760 6752 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:53:10.0795 6752 umbus - ok
21:53:10.0819 6752 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:53:10.0864 6752 UmPass - ok
21:53:10.0895 6752 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
21:53:10.0951 6752 UmRdpService - ok
21:53:11.0042 6752 [ 2B971A72C0D6BD8A710E2748353773DD ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:53:11.0167 6752 UNS - ok
21:53:11.0193 6752 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:53:11.0285 6752 upnphost - ok
21:53:11.0310 6752 [ 399D1015FCCC3FCB438A59CB9567E266 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:53:11.0382 6752 usbccgp - ok
21:53:11.0421 6752 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:53:11.0464 6752 usbcir - ok
21:53:11.0490 6752 [ 600B15106C0AE72D8583C5B710315AC6 ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:53:11.0519 6752 usbehci - ok
21:53:11.0543 6752 [ E5110252BE0B1D03CCCDF41ED31D02C1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:53:11.0574 6752 usbhub - ok
21:53:11.0596 6752 [ E82967C733660A90F0248100D157BE67 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:53:11.0630 6752 usbohci - ok
21:53:11.0642 6752 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:53:11.0676 6752 usbprint - ok
21:53:11.0697 6752 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:53:11.0732 6752 usbscan - ok
21:53:11.0770 6752 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:53:11.0847 6752 USBSTOR - ok
21:53:11.0854 6752 [ BC5421344CE62C0394D93157D5FE5EF3 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:53:11.0894 6752 usbuhci - ok
21:53:11.0928 6752 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:53:11.0969 6752 usbvideo - ok
21:53:11.0986 6752 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:53:12.0072 6752 UxSms - ok
21:53:12.0091 6752 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:53:12.0129 6752 VaultSvc - ok
21:53:12.0164 6752 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:53:12.0190 6752 vdrvroot - ok
21:53:12.0231 6752 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:53:12.0302 6752 vds - ok
21:53:12.0320 6752 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:53:12.0363 6752 vga - ok
21:53:12.0381 6752 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:53:12.0454 6752 VgaSave - ok
21:53:12.0503 6752 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:53:12.0549 6752 vhdmp - ok
21:53:12.0573 6752 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:53:12.0614 6752 viaagp - ok
21:53:12.0623 6752 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:53:12.0675 6752 ViaC7 - ok
21:53:12.0689 6752 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:53:12.0720 6752 viaide - ok
21:53:12.0734 6752 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:53:12.0776 6752 vmbus - ok
21:53:12.0787 6752 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:53:12.0817 6752 VMBusHID - ok
21:53:12.0947 6752 [ 1B0D441D8AB264D39C2B09130CC28045 ] VMCService C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
21:53:12.0968 6752 VMCService ( UnsignedFile.Multi.Generic ) - warning
21:53:12.0968 6752 VMCService - detected UnsignedFile.Multi.Generic (1)
21:53:13.0009 6752 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:53:13.0041 6752 volmgr - ok
21:53:13.0054 6752 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:53:13.0090 6752 volmgrx - ok
21:53:13.0108 6752 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:53:13.0164 6752 volsnap - ok
21:53:13.0179 6752 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:53:13.0217 6752 vsmraid - ok
21:53:13.0274 6752 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:53:13.0392 6752 VSS - ok
21:53:13.0409 6752 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:53:13.0450 6752 vwifibus - ok
21:53:13.0468 6752 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:53:13.0506 6752 vwififlt - ok
21:53:13.0530 6752 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:53:13.0564 6752 vwifimp - ok
21:53:13.0591 6752 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:53:13.0680 6752 W32Time - ok
21:53:13.0701 6752 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:53:13.0733 6752 WacomPen - ok
21:53:13.0778 6752 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:53:13.0840 6752 WANARP - ok
21:53:13.0845 6752 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:53:13.0897 6752 Wanarpv6 - ok
21:53:13.0962 6752 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:53:14.0131 6752 WatAdminSvc - ok
21:53:14.0168 6752 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:53:14.0303 6752 wbengine - ok
21:53:14.0331 6752 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:53:14.0370 6752 WbioSrvc - ok
21:53:14.0400 6752 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
21:53:14.0441 6752 WcesComm - ok
21:53:14.0486 6752 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:53:14.0547 6752 wcncsvc - ok
21:53:14.0560 6752 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:53:14.0628 6752 WcsPlugInService - ok
21:53:14.0634 6752 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:53:14.0666 6752 Wd - ok
21:53:14.0712 6752 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:53:14.0775 6752 Wdf01000 - ok
21:53:14.0790 6752 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:53:14.0869 6752 WdiServiceHost - ok
21:53:14.0875 6752 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:53:14.0911 6752 WdiSystemHost - ok
21:53:14.0946 6752 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:53:15.0023 6752 WebClient - ok
21:53:15.0040 6752 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:53:15.0122 6752 Wecsvc - ok
21:53:15.0140 6752 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:53:15.0214 6752 wercplsupport - ok
21:53:15.0236 6752 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:53:15.0310 6752 WerSvc - ok
21:53:15.0336 6752 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:53:15.0406 6752 WfpLwf - ok
21:53:15.0412 6752 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:53:15.0443 6752 WIMMount - ok
21:53:15.0504 6752 [ BC43A66ED6898F405A4ACF6179A5F9B1 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:53:15.0569 6752 winachsf - ok
21:53:15.0609 6752 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:53:15.0682 6752 WinDefend - ok
21:53:15.0695 6752 WinHttpAutoProxySvc - ok
21:53:15.0749 6752 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:53:15.0831 6752 Winmgmt - ok
21:53:15.0896 6752 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:53:16.0026 6752 WinRM - ok
21:53:16.0104 6752 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
21:53:16.0135 6752 WinUsb - ok
21:53:16.0175 6752 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:53:16.0253 6752 Wlansvc - ok
21:53:16.0361 6752 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:53:16.0462 6752 wlidsvc - ok
21:53:16.0508 6752 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:53:16.0546 6752 WmiAcpi - ok
21:53:16.0577 6752 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:53:16.0605 6752 wmiApSrv - ok
21:53:16.0673 6752 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:53:16.0786 6752 WMPNetworkSvc - ok
21:53:16.0802 6752 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:53:16.0889 6752 WPCSvc - ok
21:53:16.0917 6752 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:53:16.0982 6752 WPDBusEnum - ok
21:53:17.0001 6752 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:53:17.0072 6752 ws2ifsl - ok
21:53:17.0085 6752 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:53:17.0138 6752 wscsvc - ok
21:53:17.0144 6752 WSearch - ok
21:53:17.0219 6752 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:53:17.0340 6752 wuauserv - ok
21:53:17.0373 6752 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:53:17.0439 6752 WudfPf - ok
21:53:17.0488 6752 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:53:17.0539 6752 WUDFRd - ok
21:53:17.0580 6752 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:53:17.0611 6752 wudfsvc - ok
21:53:17.0649 6752 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:53:17.0728 6752 WwanSvc - ok
21:53:17.0779 6752 [ 311FAFFB280FCA0D4A7739E2474EAC9F ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
21:53:17.0804 6752 XAudio - ok
21:53:17.0932 6752 [ 26B3BA0D9AF3397B8E24ADC8DFDB3534 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:53:18.0141 6752 ZeroConfigService - ok
21:53:18.0178 6752 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
21:53:18.0240 6752 ZTEusbmdm6k - ok
21:53:18.0277 6752 [ 453A60F8DC22FC296BC482CBF3EFF213 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
21:53:18.0335 6752 ZTEusbnet - ok
21:53:18.0383 6752 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
21:53:18.0415 6752 ZTEusbnmea - ok
21:53:18.0451 6752 [ 3862318F85BE7A91957ADA5E814ED58C ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
21:53:18.0484 6752 ZTEusbser6k - ok
21:53:18.0552 6752 [ 966756D861161FCC04D8051F210B942F ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
21:53:18.0616 6752 ZTEusbvoice - ok
21:53:18.0676 6752 ================ Scan global ===============================
21:53:18.0716 6752 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:53:18.0764 6752 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:53:18.0797 6752 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:53:18.0818 6752 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:53:18.0845 6752 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:53:18.0855 6752 [Global] - ok
21:53:18.0856 6752 ================ Scan MBR ==================================
21:53:18.0869 6752 [ A7933FCB301C18F622F2BB98821DB8B8 ] \Device\Harddisk0\DR0
21:53:19.0262 6752 \Device\Harddisk0\DR0 - ok
21:53:19.0263 6752 ================ Scan VBR ==================================
21:53:19.0267 6752 [ B3A2E48C0193421A0DE21FEDFAB09C45 ] \Device\Harddisk0\DR0\Partition1
21:53:19.0271 6752 \Device\Harddisk0\DR0\Partition1 - ok
21:53:19.0276 6752 [ CE3BC1F1AF10D792EA4E8C8166FC9D03 ] \Device\Harddisk0\DR0\Partition2
21:53:19.0279 6752 \Device\Harddisk0\DR0\Partition2 - ok
21:53:19.0296 6752 [ 2B39859BCA3BFC9EACEA15DF7002FB77 ] \Device\Harddisk0\DR0\Partition3
21:53:19.0298 6752 \Device\Harddisk0\DR0\Partition3 - ok
21:53:19.0299 6752 ============================================================
21:53:19.0299 6752 Scan finished
21:53:19.0299 6752 ============================================================
21:53:19.0315 10108 Detected object count: 8
21:53:19.0315 10108 Actual detected object count: 8
21:53:35.0296 10108 bizVSerial ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0296 10108 bizVSerial ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0298 10108 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0298 10108 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0318 10108 FNETURPX ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0318 10108 FNETURPX ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0320 10108 NvtlService ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0320 10108 NvtlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0323 10108 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0323 10108 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0333 10108 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0333 10108 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0336 10108 UI Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0336 10108 UI Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:53:35.0338 10108 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
21:53:35.0338 10108 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
--------------------------------------

**oldman960** · 2013-07-02, 01:08

Hi Benutzer,

Download ComboFix from :

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
Right click on ComboFix.exe, click Run as Administrator & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. If after running combofix you recieve an message "Illegal operation attempted on a registery key that has been marked for deletion" or similar reboot the computer.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with the combofix log.

Thanks

**Benutzer** · 2013-07-02, 03:14

Thank You again. Process took a while. This is the log file:
.................
ComboFix 13-06-30.01 - HEF01 02.07.2013 1:53.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3060.1086 [GMT 2:00]
ausgeführt von:: c:\users\HEF01\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\5849\AddOnDownloaded\0e53a45b-5a41-43e5-96ab-776b00e48a6e.dll
c:\programdata\PCDr\5849\AddOnDownloaded\6189c538-c102-424b-b645-3fb824a63826.dll
c:\programdata\PCDr\5849\AddOnDownloaded\9ad80016-92d9-41a4-9436-c44907366397.dll
c:\programdata\Roaming
c:\users\HEF01\4.0
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_ctypes.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_elementtree.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_hashlib.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_multiprocessing.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_socket.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\_ssl.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\pyexpat.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\pysqlite2._sqlite.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\python27.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\pythoncom27.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\PyWinTypes27.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\select.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\unicodedata.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32api.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32com.shell.shell.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32crypt.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32event.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32file.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32inet.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32pdh.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32process.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32profile.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32security.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\win32ts.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\windows._cacheinvalidation.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._controls_.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._core_.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._gdi_.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._html2.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._misc_.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._windows_.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wx._wizard.pyd
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxbase294u_net_vc90.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxbase294u_vc90.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxmsw294u_adv_vc90.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxmsw294u_core_vc90.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxmsw294u_html_vc90.dll
c:\users\HEF01\AppData\Local\Temp\_MEI16602\wxmsw294u_webview_vc90.dll
c:\users\HEF01\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
c:\users\HEF01\AppData\Roaming\convert\convert.exe
c:\users\HEF01\Documents\~WRL0013.tmp
c:\users\HEF01\Documents\~WRL2155.tmp
c:\users\HEF01\Documents\~WRL3808.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\SET1033.tmp
c:\windows\system32\SET13B6.tmp
c:\windows\system32\SET1453.tmp
c:\windows\system32\SET1C7B.tmp
c:\windows\system32\SET45D6.tmp
c:\windows\system32\SET4749.tmp
c:\windows\system32\SET4F82.tmp
c:\windows\system32\SET5CD7.tmp
c:\windows\system32\SET6E8D.tmp
c:\windows\system32\SET8382.tmp
c:\windows\system32\SET9DF0.tmp
c:\windows\system32\SET9E2F.tmp
c:\windows\system32\SETB782.tmp
c:\windows\system32\SETBCC5.tmp
c:\windows\system32\SETC46B.tmp
c:\windows\system32\SETF0A.tmp
c:\windows\system32\Thumbs.db
D:\AUTORUN.INF
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-02 bis 2013-07-02 ))))))))))))))))))))))))))))))
.
.
2013-07-02 00:30 . 2013-07-02 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-30 21:50 . 2013-06-30 21:55 -------- d-----w- c:\users\HEF01\AppData\Local\SugarSync
2013-06-30 21:50 . 2013-01-30 11:12 225024 ----a-w- c:\windows\system32\SSCbFsNetRdr3.dll
2013-06-30 21:50 . 2013-01-30 11:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
2013-06-30 21:47 . 2013-01-30 11:11 295936 ----a-w- c:\windows\system32\drivers\sscbfs3.sys
2013-06-30 21:46 . 2013-06-30 21:50 -------- d-----w- c:\program files\SugarSync
2013-06-30 21:28 . 2013-06-30 21:28 53248 ----a-r- c:\users\HEF01\AppData\Roaming\Microsoft\Installer\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}\ARPPRODUCTICON.exe
2013-06-30 19:38 . 2013-07-01 23:57 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{495A0703-FCA3-455D-B817-109BF3084201}\offreg.dll
2013-06-29 22:26 . 2013-06-30 19:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-06-28 06:59 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{495A0703-FCA3-455D-B817-109BF3084201}\mpengine.dll
2013-06-22 15:19 . 2013-06-22 15:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-19 20:13 . 2013-06-19 20:13 45056 ----a-r- c:\users\HEF01\AppData\Roaming\Microsoft\Installer\{1C3147A7-4810-45FC-AD89-064D8023A514}\NewShortcut2_7024F073510147169F4B28E8B73F2DCF.exe
2013-06-19 20:13 . 2013-06-19 20:13 45056 ----a-r- c:\users\HEF01\AppData\Roaming\Microsoft\Installer\{1C3147A7-4810-45FC-AD89-064D8023A514}\NewShortcut1_9B3D64ED28EC4E27B62740E65B802B3A.exe
2013-06-19 20:13 . 2013-06-19 20:13 45056 ----a-r- c:\users\HEF01\AppData\Roaming\Microsoft\Installer\{1C3147A7-4810-45FC-AD89-064D8023A514}\ARPPRODUCTICON.exe
2013-06-19 20:13 . 2013-06-19 20:13 -------- d-----w- c:\program files\SEPA Account Converter
2013-06-15 10:26 . 2013-06-15 11:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-15 09:08 . 2013-06-15 09:08 -------- d-----w- c:\program files\ITN Converter
2013-06-14 22:39 . 2013-06-14 22:39 -------- d-----w- c:\programdata\boost_interprocess
2013-06-14 21:39 . 2013-06-14 21:39 -------- d-----w- c:\program files\K-Lite Codec Pack
2013-06-14 21:38 . 2013-06-14 21:38 -------- d-----w- C:\Upload
2013-06-14 21:38 . 2013-07-01 12:54 -------- d-----w- C:\Samsung Link
2013-06-14 19:08 . 2013-06-14 19:11 -------- d-----w- c:\program files\SDistTest
2013-06-14 07:39 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-14 07:39 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 17:45 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 17:45 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 17:45 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 17:45 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 17:45 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 17:45 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 17:45 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 17:45 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 17:45 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 17:44 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 17:44 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 17:44 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-02 19:58 . 2013-06-02 19:58 -------- d-----w- c:\users\HEF01\AppData\Roaming\AVM
2013-06-02 19:47 . 2013-06-02 19:58 -------- d-----w- c:\program files\FRITZ!Fernzugang einrichten
2013-06-02 19:23 . 2013-06-02 19:23 29184 ----a-r- c:\users\HEF01\AppData\Roaming\Microsoft\Installer\{8890396E-9E1B-4F8E-B465-5918B41CEEE9}\Icon37C19C2D1.exe
2013-06-02 19:23 . 2013-06-02 19:23 -------- d-----w- c:\programdata\AVM
2013-06-02 19:23 . 2013-06-02 19:30 -------- d-----w- c:\program files\FRITZ!Fernzugang
2013-06-02 19:22 . 2013-06-02 19:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 15:19 . 2012-11-21 00:19 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-22 15:19 . 2011-04-09 21:46 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 07:07 . 2012-08-10 17:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 07:07 . 2012-08-10 17:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 07:07 . 2013-05-14 22:08 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-20 19:48 . 2013-02-12 16:19 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-07 07:54 . 2013-04-03 18:49 532208 ----a-w- c:\windows\system32\SynCOM.dll
2013-05-07 07:54 . 2013-02-25 21:28 143088 ----a-w- c:\windows\system32\SynTPCo16.dll
2013-05-07 07:54 . 2013-02-25 21:28 175856 ----a-w- c:\windows\system32\SynTPAPI.dll
2013-05-07 07:54 . 2013-02-25 21:28 355056 ----a-w- c:\windows\system32\drivers\SynTP.sys
2013-05-02 19:18 . 2013-01-20 19:19 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-05-02 19:18 . 2013-01-20 19:18 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-05-02 19:18 . 2013-01-20 19:18 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-05-02 14:15 . 2013-05-02 14:15 227656 ----a-w- c:\windows\system32\ddBACCTM.cpl
2013-05-02 14:15 . 2013-05-02 14:15 825672 ----a-w- c:\windows\system32\Ddbaccpl.cpl
2013-05-02 00:06 . 2011-04-07 15:29 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-23 04:54 . 2010-01-04 20:15 2692904 ------w- c:\windows\PWMBTHLV.EXE
2013-04-23 04:54 . 2010-01-04 20:15 3752744 ------w- c:\windows\system32\PWMCP32V.cpl
2013-04-23 04:54 . 2010-01-04 20:15 25416 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2013-04-23 04:54 . 2010-01-04 20:15 19712 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2013-04-21 10:03 . 2013-04-21 10:03 105728 ----a-w- c:\windows\system32\drivers\avmaura.sys
2013-04-15 16:53 . 2013-04-15 16:53 46592 ----a-w- c:\windows\system32\boost_thread-vc90-mt-1_47.dll
2013-04-15 16:53 . 2013-04-15 16:53 38912 ----a-w- c:\windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 227840 ----a-w- c:\windows\system32\boost_serialization-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 704000 ----a-w- c:\windows\system32\boost_regex-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 12800 ----a-w- c:\windows\system32\boost_system-vc90-mt-1_47.dll
2013-04-15 16:52 . 2013-04-15 16:52 130048 ----a-w- c:\windows\system32\boost_filesystem-vc90-mt-1_47.dll
2013-04-13 04:45 . 2013-05-15 07:46 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 07:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 08:46 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 07:46 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 07:46 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 07:46 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 14:55 . 2013-05-21 13:57 383616 ----a-w- c:\windows\system32\HI-epanelLSPService64.dll
2013-04-04 14:55 . 2013-05-21 13:57 316032 ----a-w- c:\windows\system32\HI-epanelLSPService.dll
2013-04-04 12:50 . 2013-05-30 11:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-01 19:24 222832 ----a-w- c:\users\HEF01\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-01 19:24 222832 ----a-w- c:\users\HEF01\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-01 19:24 222832 ----a-w- c:\users\HEF01\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 11:12 159488 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 21:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-06-26 17:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-06 19676256]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]
"SkyDrive"="c:\users\HEF01\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-07-01 257136]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"Akamai NetSession Interface"="c:\users\HEF01\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"SugarSync"="c:\program files\SugarSync\SugarSync.exe" [2013-06-26 12419424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-05-03 112152]
"TpShocks"="TpShocks.exe" [2013-02-12 338216]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2013-04-23 4451624]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2013-03-18 63784]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 3110200]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2013-02-26 60920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"RotateImage"="c:\program files\Integrated Camera Driver\RCIMGDIR.exe" [2008-10-30 31744]
"ACTray"="c:\program files\Lenovo\Access Connections\ACTray.exe" [2013-03-18 432424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-15 348664]
"HI-epanel-WatchDog"="c:\program files\HI-epanelLSPService\HI-epanel-WatchDog.exe" [2013-04-04 60544]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2013-01-25 70728]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2013-01-25 1372232]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 33792]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"UIExec"="c:\program files\Mobile Partner Manager\UIExec.exe" [2009-12-02 132096]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-05-07 2416368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"Samsung Link"="c:\program files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe" [2013-05-09 407384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\HEF01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\HEF01\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
Key-Organizer Fristenprüfung.lnk - c:\program files\AIDeX\KeyOrganizer\KeyOrganizer.exe DeadlineCheck [2013-2-20 726528]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2013-03-05 18:49 101160 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MediaManager Server.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MediaManager Server.lnk
backup=c:\windows\pss\MediaManager Server.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Quicken 2012 Zahlungserinnerung.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2012 Zahlungserinnerung.lnk
backup=c:\windows\pss\Quicken 2012 Zahlungserinnerung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TwonkyServer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TwonkyServer.lnk
backup=c:\windows\pss\TwonkyServer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2009-09-11 12:34 2403840 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 01:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2013-05-07 07:54 2416368 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\HEF01\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Message Center Plus"=c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe /start
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
2;2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2012-01-05 75624]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Mobile Partner Manager\AssistantServices.exe [2009-12-02 246272]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2012-07-17 143360]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2010-11-27 28144]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2013-04-23 280640]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-04-18 102784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-04-18 348160]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-19 174080]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-19 38400]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [2009-10-29 9216]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2011-06-13 267568]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-06-27 22640]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2013-04-23 1667368]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2013-04-23 1664808]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 26112]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 99768]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-04 1343400]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2011-04-18 114688]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [2011-04-18 105856]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2013-04-23 25416]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2013-01-25 50248]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2013-01-25 41544]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-12-28 22344]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [2007-05-31 14949]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2013-01-25 15944]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2013-01-25 186952]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-03-19 7936]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [2013-05-03 404360]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-07-17 509456]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe [2012-11-28 255904]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-08-23 104240]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe [2012-11-28 122272]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\system32\cjpcsc.exe [2011-02-08 506288]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbguard.exe [2006-10-31 77824]
S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2013-01-25 23624]
S2 HI-epanel-Reporting-Service;HI-epanel-Reporting-Service;c:\program files\Digital Trends Club\HI-epanel-Reporting.exe [2013-04-04 3022464]
S2 HI-epanel-Update-Service;HI-epanel-Update-Service;c:\program files\Digital Trends Club\HI-epanel-Updater.exe [2013-04-04 1377920]
S2 HI-epanelLSPService;HI-epanelLSPService;c:\program files\HI-epanelLSPService\HI-epanelLSPService.exe [2013-04-04 3302528]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2013-02-26 44024]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2012-08-24 127072]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2013-02-26 62456]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-03-06 40448]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [2012-11-28 154016]
S2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [2011-05-23 1688384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-10-26 48640]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-05-16 1817560]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-05-16 1033688]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-05-15 171928]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 11976]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-10 383264]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-13 4150112]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2011-06-14 201080]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2013-05-23 116216]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2012-12-04 125504]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-09-29 13752]
S2 TwonkyProxy;TwonkyProxy;c:\program files\Twonky\TwonkyServer\twonkyproxy.exe [2012-05-03 545608]
S2 TwonkyServer;TwonkyServer;c:\program files\Twonky\TwonkyServer\twonkystarter.exe [2012-05-03 541512]
S2 TwonkyWebDav;TwonkyWebDav;c:\program files\Twonky\TwonkyServer\twonkywebdav.exe [2012-05-03 271176]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-08-23 2778416]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-05-23 132864]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-07-17 143360]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2013-04-21 105728]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2012-02-02 388264]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_0\bin\fbserver.exe [2006-10-31 1990656]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 72832]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 125696]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [2012-09-30 10383360]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys [2011-07-05 334712]
S3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\DRIVERS\qcfilterlno2k.sys [2010-06-25 5248]
S3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\DRIVERS\qcusbnetlno2k.sys [2011-05-23 375296]
S3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\DRIVERS\qcusbserlno2k.sys [2011-05-23 190848]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-10-17 38200]
S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys [2013-01-30 295936]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-11-28 25088]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 38336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - BMLoad
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 07:07]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 17:16]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-07 17:16]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713427250-3853926042-2103360380-1005Core.job
- c:\users\HEF01\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 19:57]
.
2013-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-713427250-3853926042-2103360380-1005UA.job
- c:\users\HEF01\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-15 19:57]
.
2013-06-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2013-07-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>;192.168.*.*
uInternet Settings,ProxyServer = localhost:21320
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\HEF01\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\windows\system32\HI-epanelLSPService.DLL
LSP: bmnet.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} - hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.178.36/codebase/DVM_IPCam2.ocx
FF - ProfilePath - c:\users\HEF01\AppData\Roaming\Mozilla\Firefox\Profiles\xxhc2iuc.default-1361923398100\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-DealPly - c:\program files\DealPly\uninst.exe
AddRemove-FileZilla Client - c:\program files\FileZilla FTP Client\uninstall.exe
AddRemove-loadtbs-3.0 - c:\users\HEF01\AppData\Roaming\loadtbs\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020200}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(840)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
c:\windows\system32\bmnet.dll
.
- - - - - - - > 'Explorer.exe'(9296)
c:\windows\system32\SSCbFsMntNtf3.dll
c:\windows\system32\SSCbFsNetRdr3.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\LENOVO\HOTKEY\tpnumlk.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\vds.exe
c:\windows\system32\taskhost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\TeamViewer\Version8\TeamViewer.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\LENOVO\HOTKEY\shtctky.exe
c:\progra~1\LENOVO\HOTKEY\tpnumlkd.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
c:\program files\TeamViewer\Version8\tv_w32.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\vdsldr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-02 03:00:23 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-02 01:00
.
Vor Suchlauf: 23 Verzeichnis(se), 444.747.567.104 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 444.236.754.944 Bytes frei
.
- - End Of File - - 4ABDCBA45CDFA698FD33C3F725200ED1
A7933FCB301C18F622F2BB98821DB8B8

**oldman960** · 2013-07-02, 10:04

Hi Benutzer,

How's the computer? We may have removed a legitamate program. Is convert a program you use to convert weights and measures from one unit to another? Let me know, we can restore it.

A bit more to do.

Download OTL to your desktop.

Right click on OTL.exe and click "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
make sure the box beside "scan all users" is checked
When the window appears, underneath Output at the top change it to Minimal Output
Check the boxes beside LOP Check and Purity Check.
In the window under Custom Scans/Fixes copy and paste the following:

%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
/md5start
iexplore.*
explorer.*
winlogon.*
dll
zx.dll
hlp.dat
consrv.dll
services.*
/md5stop
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%PROGRAMFILES%\Internet Explorer\*.dat
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

**Benutzer** · 2013-07-02, 11:25

Originally Posted by oldman960

Hi Benutzer,

How's the computer? We may have removed a legitamate program. Is convert a program you use to convert weights and measures from one unit to another? Let me know, we can restore it.

Hi Oldman960,

before I go on with OTL, I've got a question.
Which convert do you mean please ? Is it this one ?
c:\users\HEF01\AppData\Roaming\convert\convert.exe
I ask cause I don't know what it's good for. I just had a look to the folder c:\users\HEF01\AppData\Roaming\convert\ It exists, but it's empty. No files like convert.exe inside.

Though I use several converter progs like pdf to text or coordinates for SatNav devices. (ITN Converter)
Nothing vital, so I could follow your instructions and delete what you say.

Please get back.

**oldman960** · 2013-07-02, 12:11

Hi Benutzer,

c:\users\HEF01\AppData\Roaming\convert\convert.exe

Yes that was the file. Combofix removed it. It may have been targeted just because of the location not because it was malicious. We can check it out and restore it later. I thought it might be the same program I have. The Convert I have converts metric to Imperial/US.

How is the computer?

Please continue.

Thread: browser hijacked qvo6.com malware

Thread Tools

Display

browser hijacked qvo6.com malware

part 2

Posting Permissions