Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Google Redirect Problem

Google Redirect Problem


Plagegeister aller Art und deren Bekämpfung: Google Redirect Problem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 13.04.2012, 09:01   #1
ellowkwent
 
Google Redirect Problem - Böse

Google Redirect Problem


Hallo Leute,

ich habe mir vor einigen Tagen irgendwas unschönes eingefangen, nämlich so n schönen Google Redirect (Trojaner).

Hab jetzt einige Zeit hie rum Forum gelesen und auch schon mit diversen Tools versucht das Problem zu lokalisieren/beheben. Da nix gefunden wurde habe ich es mit Combofix versucht. Das Programm läuft erstmal normal durch bis zu dem Punkt wo es anfängt Datein zu löschen. Bei dem Löschen der Autostart.inf?! glaub so war die Endung hat er sich komplett aufgehangen. Habe ihn dann 30 min in Ruhe gelassen, aber nix passiert. Komplett eingefroren. Dann habe ich neugestartet und das Tool nochmal laufen lassen. Auch hier wieder an derselben Stelle eingefroren. Ich habe natürlich nichts in der Zeit gemacht, also wirklich gar nix, nicht mal die Maus bewegt.

Jetzt ist mein Gedanke, dass vielleicht die Maleware für den Absturz des Tools sorgt.

Habt ihr eine Idee wie ich weiter verfahren kann, damit dieser nervige Redirect endlich verschwindet?

Danke schonmal vorab!

Alt 13.04.2012, 16:20   #2
markusg
/// Malware-holic
 
Google Redirect Problem - Standard

Google Redirect Problem


ja, vor allem, finger weg von combofix wenn man von malware entfernung keine anung hatt.
steht ja auch in jeder anleitung, und das wohl kaum umsonst.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 16.04.2012, 09:24   #3
ellowkwent
 
Google Redirect Problem - Standard

Google Redirect Problem


OTL.TXT:
Code:
ATTFilter
OTL logfile created on: 16.04.2012 10:04:36 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\l.achterberg\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 57,89% Memory free
7,60 Gb Paging File | 5,41 Gb Available in Paging File | 71,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,81 Gb Total Space | 56,52 Gb Free Space | 52,43% Space Free | Partition Type: NTFS
Drive Q: | 10,25 Gb Total Space | 3,53 Gb Free Space | 34,47% Space Free | Partition Type: NTFS
 
Computer Name: ACHTERBERG | User Name: l.achterberg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.16 09:52:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\l.achterberg\Desktop\OTL.exe
PRC - [2012.04.04 07:53:56 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.02.17 09:26:46 | 000,107,000 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.09 10:02:14 | 000,155,648 | ---- | M] (GN Netcom A/S) -- C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraSkypeDriver.exe
PRC - [2011.09.09 10:02:02 | 000,150,016 | ---- | M] (GN Netcom A/S) -- C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe
PRC - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2010.02.05 12:02:10 | 000,097,280 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpsec.exe
PRC - [2010.01.29 14:27:58 | 001,032,192 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe
PRC - [2009.12.11 12:22:06 | 000,255,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2009.12.11 12:22:04 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2009.12.11 11:58:56 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2009.12.11 11:58:54 | 000,397,312 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2009.12.08 10:56:18 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2009.11.24 06:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.17 11:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2009.11.17 07:07:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.16 11:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.11.11 10:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009.11.09 06:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\cammute.exe
PRC - [2009.10.01 11:08:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 11:08:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.10.01 09:14:32 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2009.08.28 14:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.05.27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.05 09:28:28 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.06.30 13:22:40 | 000,086,016 | ---- | M] (NCP engineering GmbH) -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.04 07:54:04 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu
MOD - [2012.02.23 19:23:59 | 012,079,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\3c5ebc7acef28749f02bbc1f1c24f51f\System.Web.ni.dll
MOD - [2012.02.23 19:23:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MOD - [2012.02.23 19:23:28 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\295b3156b838ca161a64a5456522438b\System.Xml.Linq.ni.dll
MOD - [2012.02.23 19:16:17 | 013,138,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7390d789557549200e474b9bbeca3d1a\System.Windows.Forms.ni.dll
MOD - [2012.02.23 19:16:06 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MOD - [2012.02.23 19:16:05 | 001,653,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\aa90407cafb9b4a0dc5e3fdff170fee9\System.Drawing.ni.dll
MOD - [2012.02.23 19:16:03 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MOD - [2012.02.23 19:16:00 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef8c44c3c8766f219f576faab54c8dc7\WindowsBase.ni.dll
MOD - [2012.02.23 19:15:59 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MOD - [2012.02.23 19:15:55 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MOD - [2012.02.23 19:15:48 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.01.29 14:27:58 | 001,032,192 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe
MOD - [2010.01.21 19:26:38 | 000,097,792 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpmif32.dll
MOD - [2009.12.11 11:57:38 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Access Connections\ACNewBiosHelper.dll
MOD - [2009.11.27 12:11:00 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.dll
MOD - [2009.10.21 13:29:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpdlg.dll
MOD - [2009.07.20 05:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009.05.27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
MOD - [2002.06.28 11:16:42 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpcfg.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2009.11.18 07:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.10.09 12:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.16 10:01:53 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.16 21:18:32 | 001,017,360 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\Trend Micro\Client Server Security Agent\TmListen.exe -- (TmListen)
SRV - [2011.07.26 00:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.06.13 20:36:48 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.25 10:29:20 | 001,389,576 | ---- | M] (NCP Engineering GmbH) [Auto | Running] -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe -- (ncprwsnt)
SRV - [2010.02.05 12:02:10 | 000,097,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpsec.exe -- (NcpSec)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.12.11 12:22:06 | 000,255,336 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2009.12.11 12:22:04 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009.12.10 20:11:00 | 000,161,128 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2009.12.10 20:11:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2009.12.08 10:56:18 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo)
SRV - [2009.11.17 11:06:04 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009.11.16 11:19:38 | 000,062,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009.11.09 06:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV - [2009.10.01 11:08:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 11:08:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.29 17:25:48 | 000,126,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.09.21 16:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.09.21 16:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009.08.28 14:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.06.30 13:22:40 | 000,086,016 | ---- | M] (NCP engineering GmbH) [Auto | Running] -- C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe -- (ncpclcfg)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.04 21:56:49 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2011.12.04 21:56:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011.12.04 21:56:48 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011.12.04 21:56:48 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011.09.09 10:00:28 | 000,038,768 | ---- | M] (GN Netcom A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JabraBcDfuWhqlXPx64.sys -- (JabraDFU)
DRV:64bit: - [2011.06.23 17:34:44 | 000,090,896 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011.06.23 17:34:34 | 000,069,904 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011.06.23 17:34:24 | 000,146,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.30 23:59:06 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.06.22 12:13:42 | 010,345,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.22 03:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.04.23 01:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.23 11:31:32 | 000,151,272 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ncplelhp.sys -- (ncplelhp)
DRV:64bit: - [2010.02.23 11:31:32 | 000,151,272 | ---- | M] (NCP Engineering GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ncplelhp.sys -- (ncpfilt)
DRV:64bit: - [2010.01.20 15:14:06 | 000,682,040 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.12.10 20:11:00 | 000,030,320 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2009.12.10 20:11:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2009.12.10 18:37:56 | 000,294,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009.12.08 10:14:40 | 000,240,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys -- (qcusbnetlno2k) Gobi 2000 USB-NDIS miniport(05C6-9205)
DRV:64bit: - [2009.12.08 10:14:40 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys -- (qcusbserlno2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205)
DRV:64bit: - [2009.12.08 10:14:40 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys -- (qcfilterlno2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9205)
DRV:64bit: - [2009.11.20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 07:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009.10.27 08:54:40 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2009.10.26 05:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.09 12:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009.10.09 12:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009.09.29 17:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.24 13:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.09.15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.02 04:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 08:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.05.12 11:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.13 14:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {47548C79-CE59-4BFE-8A80-A74DD1990C69}
IE:64bit: - HKLM\..\SearchScopes\{47548C79-CE59-4BFE-8A80-A74DD1990C69}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D42B05E9-A4BB-4875-919F-A49E4B997598}
IE - HKLM\..\SearchScopes\{D42B05E9-A4BB-4875-919F-A49E4B997598}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {D42B05E9-A4BB-4875-919F-A49E4B997598}
IE - HKCU\..\SearchScopes\{9D2F85D5-E215-4CE9-B5D3-87C33A40F5C7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\l.achterberg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\l.achterberg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\l.achterberg\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012.04.11 12:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Client Server Security Agent\UIFramework\Toolbar\firefoxextension [2011.12.19 15:00:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012.03.30 16:29:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.11 14:09:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.10 08:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.12 08:45:57 | 000,000,000 | ---D | M]
 
[2011.12.16 11:47:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\l.achterberg\AppData\Roaming\mozilla\Extensions
[2011.12.16 11:47:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\l.achterberg\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012.04.11 14:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\l.achterberg\AppData\Roaming\mozilla\Firefox\Profiles\gfadt21w.default\extensions
[2012.04.11 14:02:43 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\l.achterberg\AppData\Roaming\mozilla\Firefox\Profiles\gfadt21w.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2012.03.30 16:30:42 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\l.achterberg\AppData\Roaming\mozilla\Firefox\Profiles\gfadt21w.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2012.03.30 16:30:42 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\l.achterberg\AppData\Roaming\mozilla\Firefox\Profiles\gfadt21w.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012.03.30 16:30:41 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\l.achterberg\AppData\Roaming\mozilla\Firefox\Profiles\gfadt21w.default\extensions\support@lastpass.com
[2012.04.12 08:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.12 08:46:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.03.21 11:32:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.12 08:45:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\l.achterberg\AppData\Local\Google\Chrome\Application\18.0.1025.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\l.achterberg\AppData\Local\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\l.achterberg\AppData\Local\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\l.achterberg\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\l.achterberg\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\l.achterberg\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Programme\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Programme\Trend Micro\Client Server Security Agent\UIFrameWork\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Lenovo ThinkVantage Toolbox) - {D5F11930-C4B8-4248-88C3-43621271B3FA} - C:\Programme\PC-Doctor\ATLPcdToolbar.dll (PC-Doctor, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Programme\Trend Micro\Client Server Security Agent\UIFrameWork\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NtrigApplet] C:\Programme\N-trig\N-trig Software Bundle\NtrigApplet.exe (N-trig LLC)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [lmfvMDBr3jNvGGM] C:\Users\l.achterberg\AppData\Roaming\bstr55uhjzd.exe File not found
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NcpBudgetGui] C:\Program Files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe ()
O4 - HKLM..\Run: [NcpMonitor] C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpmon.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpPopup] C:\Program Files (x86)\WatchGuard\Mobile VPN\ncppopup.exe ()
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKCU..\Run: [5kS43ADO0bzprWo] C:\Users\l.achterberg\AppData\Roaming\soundblaster_fx648.exe File not found
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\l.achterberg\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\l.achterberg\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKCU..\Run: [lmfvMDBr3jNvGGM] C:\Users\l.achterberg\AppData\Roaming\bstr55uhjzd.exe File not found
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Spotify] C:\Users\l.achterberg\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\l.achterberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3CXPhone.lnk = C:\Program Files (x86)\3CXPhone\3CXPhone.exe (3CX Ltd)
O4 - Startup: C:\Users\l.achterberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\l.achterberg\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: RF - Formular ausfüllen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RF - Formular speichern - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: RF - Menü anpassen - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: RF - RoboForm-Leiste ein/aus - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://a2pwin01.ads2people.de:4343/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://a2pwin01.ads2people.de:4343/officescan/console/ClientInstall/setupini.cab (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://a2pwin01.ads2people.de:4343/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://a2pwin01.ads2people.de:4343/officescan/console/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} https://a2pwin01.ads2people.de:4343/SMB/console/html/root/AtxEnc.cab?ver=17,0,0,2365 (Encrypt Class)
O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} https://a2pwin01.ads2people.de:4343/SMB/console/html/root/AtxConsole.cab?ver=17,0,0,2365 (Security Server Management-Konsole)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.11 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads2people.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD7382CA-8FC4-4DB6-B2B0-0F4502DCA68B}: DhcpNameServer = 192.168.2.11 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F30EB7FE-C076-43FA-920B-8291EEEC7F6C}: DhcpNameServer = 192.168.2.11 127.0.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Programme\Trend Micro\AMSP\module\20004\1.6.1242\6.6.1089\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Programme\Trend Micro\Client Server Security Agent\UIFrameWork\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Programme\Trend Micro\Client Server Security Agent\UIFrameWork\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Jing - hkey= - key= - C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.16 10:01:14 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.16 09:52:41 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\l.achterberg\Desktop\OTL.exe
[2012.04.13 09:37:01 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.04.13 08:58:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.04.13 08:58:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.04.13 08:58:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.04.13 08:57:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.04.13 08:57:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.04.13 08:56:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.12 08:53:49 | 000,000,000 | ---D | C] -- C:\Users\l.achterberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.04.12 08:53:39 | 000,000,000 | ---D | C] -- C:\Users\l.achterberg\AppData\Local\Facebook
[2012.04.12 08:45:57 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.12 08:45:57 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.12 08:45:57 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.12 08:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.04.11 14:22:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.04.11 14:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.04.11 14:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.04.11 14:11:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.04.11 14:01:57 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.04 07:53:58 | 000,053,656 | ---- | C] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll
[2012.04.04 07:53:56 | 000,024,984 | ---- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2012.04.02 11:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E858860D47D10D0059E569B4EB2331
[2012.03.27 11:22:23 | 000,000,000 | ---D | C] -- C:\Users\l.achterberg\Documents\20zwoelf
[2012.03.27 11:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2012.03.27 09:19:25 | 000,000,000 | -H-D | C] -- C:\Users\l.achterberg\AppData\Roaming\Apple Computer
[2012.03.27 09:19:25 | 000,000,000 | -H-D | C] -- C:\Users\l.achterberg\AppData\Local\Apple Computer
[2012.03.27 09:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.03.27 09:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.03.27 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.03.27 09:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.03.27 09:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.03.27 09:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.03.27 09:15:04 | 000,000,000 | -H-D | C] -- C:\Users\l.achterberg\AppData\Local\Apple
[2012.03.27 09:15:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.03.27 09:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.03.27 09:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.03.27 09:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.03.27 08:49:36 | 000,000,000 | ---D | C] -- C:\Users\l.achterberg\Desktop\Ads2People
[2012.03.26 12:06:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.03.26 12:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012.03.21 14:39:56 | 000,000,000 | ---D | C] -- C:\totalcmd
[2012.03.21 14:39:56 | 000,000,000 | ---D | C] -- C:\Users\l.achterberg\AppData\Roaming\GHISLER
[2012.03.21 11:33:18 | 000,000,000 | ---D | C] -- C:\Users\l.achterberg\Documents\iMacros
[2012.03.20 16:38:58 | 000,000,000 | -H-D | C] -- C:\Users\l.achterberg\AppData\Local\Spotify
[2012.03.20 16:38:34 | 000,000,000 | ---D | C] -- C:\Users\l.achterberg\AppData\Roaming\Spotify
[2012.03.20 09:27:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.20 09:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.20 09:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\l.achterberg\*.tmp files -> C:\Users\l.achterberg\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.16 10:02:44 | 000,000,000 | ---- | M] () -- C:\Users\l.achterberg\Desktop\FCEB2000
[2012.04.16 10:02:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.16 10:01:34 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.16 10:01:31 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.16 10:01:14 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.16 09:52:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\l.achterberg\Desktop\OTL.exe
[2012.04.16 09:37:33 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2658738740-1199320177-649426742-1614UA.job
[2012.04.16 09:23:04 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.16 09:23:04 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.16 09:18:59 | 000,002,022 | ---- | M] () -- C:\Users\l.achterberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3CXPhone.lnk
[2012.04.16 09:14:52 | 000,006,518 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.04.16 09:14:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.16 09:14:22 | 3060,514,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.13 14:58:02 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2658738740-1199320177-649426742-1614UA.job
[2012.04.13 14:13:24 | 000,046,792 | ---- | M] () -- C:\Users\l.achterberg\Desktop\SEM Vertrag ARTES Kunsthandelsgesellschaft mbH.pdf
[2012.04.13 14:13:04 | 000,045,274 | ---- | M] () -- C:\Users\l.achterberg\Desktop\SEM Vertrag Edition Max Büchner GmbH.pdf
[2012.04.13 08:58:01 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2658738740-1199320177-649426742-1614Core.job
[2012.04.12 16:44:52 | 000,310,175 | ---- | M] () -- C:\Users\l.achterberg\Desktop\export ddi.csv
[2012.04.12 15:19:16 | 000,019,801 | ---- | M] () -- C:\Users\l.achterberg\Desktop\algastro.png
[2012.04.12 15:18:09 | 000,020,522 | ---- | M] () -- C:\Users\l.achterberg\Desktop\algastro_shop_lang_r.jpg
[2012.04.12 13:54:30 | 000,027,874 | ---- | M] () -- C:\Users\l.achterberg\Desktop\geld.png
[2012.04.12 08:53:49 | 000,001,312 | ---- | M] () -- C:\Users\l.achterberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.04.12 08:45:34 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.04.12 08:45:34 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.04.12 08:45:34 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.04.12 08:45:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.04.11 14:11:59 | 000,001,269 | ---- | M] () -- C:\Users\l.achterberg\Desktop\Spybot - Search & Destroy.lnk
[2012.04.11 14:03:42 | 001,641,844 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.11 14:03:42 | 000,707,864 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.11 14:03:42 | 000,663,142 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.11 14:03:42 | 000,151,616 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.11 14:03:42 | 000,124,562 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.11 06:42:28 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2658738740-1199320177-649426742-1614Core.job
[2012.04.11 05:00:00 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.04.10 09:38:09 | 000,002,405 | ---- | M] () -- C:\Users\l.achterberg\Desktop\Google Chrome.lnk
[2012.04.04 07:53:58 | 000,053,656 | ---- | M] (Adobe Systems Inc) -- C:\Windows\SysNative\AdobePDF.dll
[2012.04.04 07:53:56 | 000,024,984 | ---- | M] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2012.04.02 08:31:31 | 000,437,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.30 15:29:52 | 000,000,208 | -H-- | M] () -- C:\ProgramData\-Y8YnwzklJehheZr
[2012.03.30 15:29:52 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-Y8YnwzklJehheZ
[2012.03.20 16:38:57 | 000,001,813 | ---- | M] () -- C:\Users\l.achterberg\Desktop\Spotify.lnk
[2012.03.20 09:04:23 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\l.achterberg\*.tmp files -> C:\Users\l.achterberg\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.16 10:02:44 | 000,000,000 | ---- | C] () -- C:\Users\l.achterberg\Desktop\FCEB2000
[2012.04.13 14:13:21 | 000,046,792 | ---- | C] () -- C:\Users\l.achterberg\Desktop\SEM Vertrag ARTES Kunsthandelsgesellschaft mbH.pdf
[2012.04.13 14:12:59 | 000,045,274 | ---- | C] () -- C:\Users\l.achterberg\Desktop\SEM Vertrag Edition Max Büchner GmbH.pdf
[2012.04.13 08:58:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.13 08:58:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.13 08:58:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.13 08:58:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.13 08:58:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.12 16:44:47 | 000,310,175 | ---- | C] () -- C:\Users\l.achterberg\Desktop\export ddi.csv
[2012.04.12 15:19:16 | 000,019,801 | ---- | C] () -- C:\Users\l.achterberg\Desktop\algastro.png
[2012.04.12 15:18:07 | 000,020,522 | ---- | C] () -- C:\Users\l.achterberg\Desktop\algastro_shop_lang_r.jpg
[2012.04.12 13:54:30 | 000,027,874 | ---- | C] () -- C:\Users\l.achterberg\Desktop\geld.png
[2012.04.12 08:53:49 | 000,001,312 | ---- | C] () -- C:\Users\l.achterberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.04.12 08:53:44 | 000,000,956 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2658738740-1199320177-649426742-1614UA.job
[2012.04.12 08:53:44 | 000,000,934 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2658738740-1199320177-649426742-1614Core.job
[2012.04.11 14:11:59 | 000,001,269 | ---- | C] () -- C:\Users\l.achterberg\Desktop\Spybot - Search & Destroy.lnk
[2012.04.11 14:01:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.30 15:29:52 | 000,000,208 | -H-- | C] () -- C:\ProgramData\-Y8YnwzklJehheZr
[2012.03.30 15:29:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-Y8YnwzklJehheZ
[2012.03.27 09:15:01 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.03.21 14:39:57 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2012.03.21 14:39:57 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2012.03.21 14:39:57 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2012.03.21 14:39:57 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2012.03.21 14:39:57 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2012.03.20 16:38:57 | 000,001,813 | ---- | C] () -- C:\Users\l.achterberg\Desktop\Spotify.lnk
[2012.03.20 16:38:57 | 000,001,799 | ---- | C] () -- C:\Users\l.achterberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011.12.05 17:59:25 | 000,018,984 | ---- | C] () -- C:\Windows\cfgall.ini
[2011.12.04 23:24:48 | 001,619,738 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.02 17:47:38 | 000,006,518 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.04.21 15:10:38 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.04.21 15:10:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011.04.21 15:10:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011.04.21 15:10:37 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.04.21 15:10:36 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.12.02 17:48:01 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.02.20 09:34:11 | 000,000,000 | ---D | M] -- C:\132d179cc455bb9ce563aa05
[2009.07.24 19:28:56 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.04.13 09:37:01 | 000,000,000 | --SD | M] -- C:\ComboFix
[2012.04.12 08:53:50 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.04.21 14:08:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.19 13:53:48 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.12.19 15:32:22 | 000,000,000 | -HSD | M] -- C:\found.001
[2012.03.30 16:29:26 | 000,000,000 | ---D | M] -- C:\Intel
[2012.04.10 08:40:50 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.04.11 14:50:04 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.04.12 08:45:28 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.04.16 09:14:52 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.04.21 14:08:40 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.04.13 08:57:25 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.04.21 14:09:16 | 000,000,000 | RHSD | M] -- C:\RRbackups
[2012.03.30 16:29:43 | 000,000,000 | ---D | M] -- C:\SEM Editor
[2012.03.30 16:19:05 | 000,000,000 | ---D | M] -- C:\swshare
[2012.03.30 16:30:23 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2012.04.16 10:07:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.04.11 01:06:00 | 000,000,000 | -H-D | M] -- C:\temp
[2012.04.11 14:24:12 | 000,000,000 | ---D | M] -- C:\totalcmd
[2011.12.02 17:47:55 | 000,000,000 | R--D | M] -- C:\Users
[2012.04.13 09:37:01 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.04.21 21:38:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.04.21 21:38:52 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.04.21 21:38:52 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2011.04.21 21:38:52 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.11.20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\SWTOOLS\DRIVERS\IMSM\iaStor.sys
[2009.11.20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.11.20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e54f8fa7ebe76bcf\iaStor.sys
[2009.11.20 08:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_9251c3dc1239ae29\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.12.19 14:32:01 | 000,000,061 | -H-- | M] () -- C:\Users\l.achterberg\.path.wla
[2012.04.16 10:16:47 | 003,670,016 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat
[2012.04.16 10:16:47 | 000,262,144 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat.LOG1
[2011.12.02 17:47:56 | 000,000,000 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat.LOG2
[2011.12.04 19:40:24 | 000,065,536 | -HS- | M] () -- C:\Users\l.achterberg\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.12.04 19:40:24 | 000,524,288 | -HS- | M] () -- C:\Users\l.achterberg\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.12.04 19:40:24 | 000,524,288 | -HS- | M] () -- C:\Users\l.achterberg\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.03.30 16:39:05 | 000,065,536 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat{02146ee6-7a71-11e1-9a7d-78dd08a8cdb7}.TM.blf
[2012.03.30 16:39:04 | 000,524,288 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat{02146ee6-7a71-11e1-9a7d-78dd08a8cdb7}.TMContainer00000000000000000001.regtrans-ms
[2012.03.30 16:39:05 | 000,524,288 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat{02146ee6-7a71-11e1-9a7d-78dd08a8cdb7}.TMContainer00000000000000000002.regtrans-ms
[2011.12.19 14:05:31 | 000,065,536 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat{608a5b6f-2a39-11e1-9ee9-78dd08a8cdb7}.TM.blf
[2011.12.19 14:05:31 | 000,524,288 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat{608a5b6f-2a39-11e1-9ee9-78dd08a8cdb7}.TMContainer00000000000000000001.regtrans-ms
[2011.12.19 14:05:31 | 000,524,288 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat{608a5b6f-2a39-11e1-9ee9-78dd08a8cdb7}.TMContainer00000000000000000002.regtrans-ms
[2012.04.10 08:43:47 | 000,065,536 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat{bd08af99-82d7-11e1-8718-02004e435049}.TM.blf
[2012.04.10 08:43:47 | 000,524,288 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat{bd08af99-82d7-11e1-8718-02004e435049}.TMContainer00000000000000000001.regtrans-ms
[2012.04.10 08:43:47 | 000,524,288 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.dat{bd08af99-82d7-11e1-8718-02004e435049}.TMContainer00000000000000000002.regtrans-ms
[2011.12.02 17:47:56 | 000,000,020 | -HS- | M] () -- C:\Users\l.achterberg\ntuser.ini
[1 C:\Users\l.achterberg\*.tmp files -> C:\Users\l.achterberg\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
__________________
Alt 16.04.2012, 09:26   #4
ellowkwent
 
Google Redirect Problem - Standard

Google Redirect Problem


EXTRA.TXT:
Code:
ATTFilter
OTL Extras logfile created on: 16.04.2012 10:04:36 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\l.achterberg\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 57,89% Memory free
7,60 Gb Paging File | 5,41 Gb Available in Paging File | 71,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 107,81 Gb Total Space | 56,52 Gb Free Space | 52,43% Space Free | Partition Type: NTFS
Drive Q: | 10,25 Gb Total Space | 3,53 Gb Free Space | 34,47% Space Free | Partition Type: NTFS
 
Computer Name: ACHTERBERG | User Name: l.achterberg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006EFC7F-7958-4125-973A-788B947C9D9D}" = Lenovo SimpleTap
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05A434D3-F69B-46E5-BA9A-CD24F6B95B52}" = 3CX MyPhone Desktop Components
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0A07E717-BB5D-4B99-840B-6C5DED52B277}" = Trend Micro Worry-Free Business Security Agent
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{AB4794A6-40D9-405F-B735-2F619000D20D}" = ThinkVantage Fingerprint Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C28F2126-8655-49BA-BA5E-0131404EA7C8}" = SugarOutlook
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"098EBB26BF07167AB12D1575EC24F883F9435E59" = Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"B65F6B58F0E37352721284FE7F009532B5DF1D2C" = Windows-Treiberpaket - Intel (e1kexpress) Net  (12/01/2009 11.5.7.0)
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows Vista/7
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"Wofie" = Trend Micro Worry-Free Business Security Agent
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{18C71DD4-0147-4318-8689-AE836278FBFE}" = N-trig DuoSense Multi-touch package for Windows 7
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24C152B6-544C-4B64-A4CA-575843C0CFE6}" = Article Wizard
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54F1EEE2-989D-47FB-A8AA-0E95484B9428}" = Jabra PC Suite 2.7.417
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6CA29A45-EF6D-4F73-997E-7CE03DBD4B69}" = Qualcomm Gobi 2000 Package for Lenovo
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C7750D1-ADE6-4DAD-A54E-871EB2ABFE98}" = ThinkVantage GPS
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{9202762E-4B4C-48C9-A6CC-C27F9F85190A}" = Mobile Broadband Connect
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A10B9E4E-9C40-4491-A3E1-C2B53DAB03C1}" = Facebook Messenger 2.0.4478.0
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.17
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5AC39F1-001D-4338-84C6-35109525588A}" = TweetDeck
"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{D1999042-FC82-4098-96B8-510A857C8EA8}" = Google AdWords Editor
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3DB09D2-67D0-444A-B2F9-2AF357639A9A}" = 3CXPhone
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"AI RoboForm" = RoboForm 7-6-2 (All Users)
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Lenovo Welcome_is1" = Lenovo Welcome
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NCP RWS/GA" = WatchGuard Mobile VPN
"WinLiveSuite_Wave3" = Windows Live Essentials
"Worklog Assistant_is1" = Worklog Assistant v1.0.1891
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.2.7.1
"Google Chrome" = Google Chrome
"SEM Editor" = SEM Editor
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Alt 16.04.2012, 10:13   #5
markusg
/// Malware-holic
 
Google Redirect Problem - Standard

Google Redirect Problem


Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2012, 10:31   #6
ellowkwent
 
Google Redirect Problem - Standard

Google Redirect Problem


Combofix ist ja genau das Problem. Das Tool hängt sich beim löschen der Autostart.inf jedes Mal auf. Das war ja das Prob, was ich eingangs im Thread auch geschrieben hatte

Alt 16.04.2012, 11:41   #7
markusg
/// Malware-holic
 
Google Redirect Problem - Standard

Google Redirect Problem


starte mal in den abgesicherten modus, melde dich dort in deinem konto an, und versuche combofix erneut
den modus erreichst du bei pc start, nach neustart, in dem du f8 drückst
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2012, 17:11   #8
ellowkwent
 
Google Redirect Problem - Standard

Google Redirect Problem


Und hier die Combofix.txt :

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-16.01 - l.achterberg 16.04.2012  17:08:10.2.4 - x64 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3892.3300 [GMT 2:00]
ausgeführt von:: c:\users\l.achterberg\Desktop\ComboFix.exe
AV: Trend Micro Security Agent *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Security Agent *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-16 bis 2012-04-16  ))))))))))))))))))))))))))))))
.
.
2012-04-16 15:39 . 2012-04-16 15:39	--------	d-----w-	c:\users\lennart\AppData\Local\temp
2012-04-16 15:39 . 2012-04-16 15:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-16 08:01 . 2012-04-16 08:01	8741536	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 06:53 . 2012-04-12 06:53	--------	d-----w-	c:\users\l.achterberg\AppData\Local\Facebook
2012-04-12 06:45 . 2012-04-12 06:45	476904	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-12 06:45 . 2012-04-12 06:45	--------	d-----w-	c:\program files (x86)\Java
2012-04-11 12:22 . 2012-04-11 12:50	--------	d-----w-	c:\windows\system32\appmgmt
2012-04-11 12:11 . 2012-04-11 14:48	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-04-11 12:11 . 2012-04-11 12:36	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-04-11 12:01 . 2012-04-16 08:01	418464	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-11 11:53 . 2012-04-11 11:53	--------	d-----w-	c:\users\lennart\AppData\Local\GN_Netcom_A_S
2012-04-11 11:53 . 2012-04-11 11:53	--------	d-----w-	c:\users\lennart\AppData\Local\Adobe
2012-04-11 11:53 . 2012-04-11 11:57	--------	d-----w-	c:\users\lennart\AppData\Roaming\Worklog Assistant for JIRA
2012-04-11 11:53 . 2012-04-11 11:53	--------	d-----w-	c:\users\lennart\AppData\Roaming\Apple Computer
2012-04-11 11:53 . 2012-04-11 11:53	--------	d-----w-	c:\users\lennart\AppData\Roaming\Logitech
2012-04-11 03:53 . 2012-04-13 09:18	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{862563BA-ED48-4EB2-BFEF-120462243315}\offreg.dll
2012-04-11 03:52 . 2012-03-20 01:51	8669240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{862563BA-ED48-4EB2-BFEF-120462243315}\mpengine.dll
2012-04-04 05:54 . 2012-04-04 05:54	182160	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53	53656	----a-w-	c:\windows\system32\AdobePDF.dll
2012-04-04 05:53 . 2012-04-04 05:53	24984	----a-w-	c:\windows\system32\AdobePDFUI.dll
2012-04-03 09:28 . 2012-04-10 06:42	--------	d-----w-	c:\users\l.achterberg\7AB01508C2B243C88B44514801E7CCC9.TMP
2012-04-02 09:55 . 2012-04-02 10:02	--------	d-----w-	c:\programdata\B7E858860D47D10D0059E569B4EB2331
2012-03-30 14:39 . 2012-01-14 04:06	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-03-27 09:20 . 2012-04-10 06:42	--------	d-----w-	c:\program files (x86)\IrfanView
2012-03-27 07:19 . 2012-03-27 07:41	--------	d--h--w-	c:\users\l.achterberg\AppData\Roaming\Apple Computer
2012-03-27 07:19 . 2012-03-27 07:19	--------	d--h--w-	c:\users\l.achterberg\AppData\Local\Apple Computer
2012-03-27 07:16 . 2012-03-27 07:16	--------	d-----w-	c:\program files\iPod
2012-03-27 07:16 . 2012-03-30 14:29	--------	d-----w-	c:\program files (x86)\iTunes
2012-03-27 07:16 . 2012-03-30 14:29	--------	d-----w-	c:\program files\iTunes
2012-03-27 07:16 . 2012-03-30 14:29	--------	d-----w-	c:\programdata\Apple Computer
2012-03-27 07:16 . 2012-03-27 07:19	--------	d-----w-	c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-03-27 07:15 . 2012-03-27 07:15	--------	d--h--w-	c:\users\l.achterberg\AppData\Local\Apple
2012-03-27 07:15 . 2012-03-27 07:15	--------	d-----w-	c:\program files (x86)\Apple Software Update
2012-03-27 07:14 . 2012-03-27 07:14	--------	d-----w-	c:\program files\Common Files\Apple
2012-03-27 07:13 . 2012-03-30 14:18	--------	d-----w-	c:\programdata\Apple
2012-03-27 07:13 . 2012-03-27 07:14	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2012-03-26 10:06 . 2012-03-26 10:06	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-03-26 10:06 . 2012-04-11 12:21	--------	d-----w-	c:\program files (x86)\Winamp
2012-03-21 12:39 . 2012-03-09 06:57	545	----a-w-	c:\windows\UC.PIF
2012-03-21 12:39 . 2012-03-09 06:57	545	----a-w-	c:\windows\RAR.PIF
2012-03-21 12:39 . 2012-03-09 06:57	545	----a-w-	c:\windows\NOCLOSE.PIF
2012-03-21 12:39 . 2012-03-09 06:57	545	----a-w-	c:\windows\LHA.PIF
2012-03-21 12:39 . 2012-03-09 06:57	545	----a-w-	c:\windows\ARJ.PIF
2012-03-21 12:39 . 2012-04-11 12:24	--------	d-----w-	C:\totalcmd
2012-03-21 12:39 . 2012-04-11 12:24	--------	d-----w-	c:\users\l.achterberg\AppData\Roaming\GHISLER
2012-03-20 14:38 . 2012-04-16 07:19	--------	d--h--w-	c:\users\l.achterberg\AppData\Local\Spotify
2012-03-20 14:38 . 2012-04-16 14:32	--------	d-----w-	c:\users\l.achterberg\AppData\Roaming\Spotify
2012-03-20 07:04 . 2012-03-20 07:04	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 08:01 . 2011-12-04 20:52	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-12 06:45 . 2012-02-13 11:32	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-03-12 07:24 . 2012-03-12 07:24	576536	----a-r-	c:\users\l.achterberg\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
2012-02-23 17:22 . 2012-02-23 17:22	1619738	----a-w-	c:\windows\SysWow64\PerfStringBackup.TMP
2012-01-29 04:10 . 2011-12-01 08:28	279656	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 910208]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-17 107000]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-04-04 1261472]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"Spotify"="c:\users\l.achterberg\AppData\Roaming\Spotify\Spotify.exe" [2012-03-20 4011184]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2010-08-19 3069192]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Facebook Update"="c:\users\l.achterberg\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-12 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-10-01 111640]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-12-10 1092968]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"NcpBudgetGui"="c:\program files (x86)\WatchGuard\Mobile VPN\NcpBudgetGui.exe" [2010-01-29 1032192]
"NcpPopup"="c:\program files (x86)\WatchGuard\Mobile VPN\ncppopup.exe" [2010-01-13 579072]
"NcpMonitor"="c:\program files (x86)\WatchGuard\Mobile VPN\ncpmon.exe" [2010-02-24 6637056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-04-04 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-04-04 815512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\users\l.achterberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
3CXPhone.lnk - c:\program files (x86)\3CXPhone\3CXPhone.exe [2011-8-31 532480]
Facebook Messenger.lnk - c:\users\l.achterberg\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe [2012-4-5 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848]
Jabra Device Service.lnk - c:\program files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe [2011-9-9 150016]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-12-5 1207312]
Worklog Assistant.lnk - c:\program files (x86)\Worklog Assistant\WorklogAssistant.exe [2011-12-4 4426240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2009-12-10 161128]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\LENOVO\HOTKEY\CAMMUTE.exe [2009-11-09 54632]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-11-17 44984]
R2 ncpclcfg;ncpclcfg;c:\program files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe [2008-06-30 86016]
R2 ncprwsnt;ncprwsnt;c:\program files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe [2010-02-25 1389576]
R2 NcpSec;NcpSec;c:\program files (x86)\WatchGuard\Mobile VPN\ncpsec.exe [2010-02-05 97280]
R2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [2009-12-08 331512]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
R2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-11-16 62904]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 253088]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 JabraDFU;Jabra Bluecore DFU driver;c:\windows\system32\Drivers\JabraBcDfuWhqlXPx64.sys [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ncpfilt;WatchGuard Filter;c:\windows\system32\DRIVERS\ncplelhp.sys [x]
R3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NtrigDigitizerUSBLowerFilter;N-trig HID Tablet Digitizer KMDF Filter Driver;c:\windows\system32\DRIVERS\NtrigDigitizerUSBLowerFilter.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-12-10 75112]
R3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\DRIVERS\qcfilterlno2k.sys [x]
R3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\DRIVERS\qcusbnetlno2k.sys [x]
R3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\DRIVERS\qcusbserlno2k.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 126392]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 08:01]
.
2012-04-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2658738740-1199320177-649426742-1614Core.job
- c:\users\l.achterberg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 06:53]
.
2012-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2658738740-1199320177-649426742-1614UA.job
- c:\users\l.achterberg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 06:53]
.
2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2658738740-1199320177-649426742-1614Core.job
- c:\users\l.achterberg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 20:20]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2658738740-1199320177-649426742-1614UA.job
- c:\users\l.achterberg\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 20:20]
.
2012-03-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdlauncher.exe [2009-11-14 07:29]
.
2012-04-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-11-14 07:30]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-11-17 69568]
"TpShocks"="TpShocks.exe" [2009-12-11 380776]
"NtrigApplet"="c:\program files\N-trig\N-trig Software Bundle\NtrigApplet.exe" [2009-12-10 2338304]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-08-26 5879608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 415256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-08-17 16415848]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-10-17 219480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: RF - Formular ausfüllen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RF - Formular speichern - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: RF - Menü anpassen - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF - RoboForm-Leiste ein/aus - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.11 127.0.0.1
DPF: {9BBB3919-F518-4D06-8209-299FC243FC44} - hxxps://a2pwin01.ads2people.de:4343/SMB/console/html/root/AtxEnc.cab?ver=17,0,0,2365
DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBEDCC} - hxxps://a2pwin01.ads2people.de:4343/SMB/console/html/root/AtxConsole.cab?ver=17,0,0,2365
FF - ProfilePath - c:\users\l.achterberg\AppData\Roaming\Mozilla\Firefox\Profiles\gfadt21w.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\l.achterberg\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-lmfvMDBr3jNvGGM - c:\users\l.achterberg\AppData\Roaming\bstr55uhjzd.exe
Wow6432Node-HKCU-Run-5kS43ADO0bzprWo - c:\users\l.achterberg\AppData\Roaming\soundblaster_fx648.exe
Wow6432Node-HKLM-Run-lmfvMDBr3jNvGGM - c:\users\l.achterberg\AppData\Roaming\bstr55uhjzd.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SEM Editor - c:\users\l.achterberg\Documents\!Ads2People!\SEM Editor\jiuninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-16  18:02:58
ComboFix-quarantined-files.txt  2012-04-16 16:02
.
Vor Suchlauf: 12 Verzeichnis(se), 59.478.212.608 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 59.266.912.256 Bytes frei
.
- - End Of File - - 2DB483A9819F8D1D6FEF28CB3DBC3876
--- --- ---
Alt 16.04.2012, 17:15   #9
markusg
/// Malware-holic
 
Google Redirect Problem - Standard

Google Redirect Problem


malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2012, 18:08   #10
ellowkwent
 
Google Redirect Problem - Standard

Google Redirect Problem


Maleware findet nix, das gibt es doch nicht.

Zitat:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.16.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
l.achterberg :: ACHTERBERG [Administrator]

Schutz: Aktiviert

16.04.2012 18:32:55
mbam-log-2012-04-16 (18-32-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 367502
Laufzeit: 25 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 16.04.2012, 18:14   #11
markusg
/// Malware-holic
 
Google Redirect Problem - Standard

Google Redirect Problem


download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2012, 20:09   #12
ellowkwent
 
Google Redirect Problem - Standard

Google Redirect Problem


Versuch das Tool jetzt seit ner Stunde zum Laufen bekommen - ohne Chance. Weder als Admin, noch im Safe Mode, noch nach Neustart, etc. Habs mir jetzt noch von zwei anderen Quellen runtergeladen. Ohne Ergebniss.

Ich starte das Tool und es passiert dann aber gar nix. auch in den Prozessen im Task Manager taucht es nicht auf!

Alt 16.04.2012, 20:11   #13
markusg
/// Malware-holic
 
Google Redirect Problem - Standard

Google Redirect Problem


benenne die exe mal um, in einen namen deiner wahl, hauptsache das .exe bleibt stehen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.04.2012, 20:32   #14
ellowkwent
 
Google Redirect Problem - Standard

Google Redirect Problem


Jo, hat geklappt und er hat auch was gefunden.

Hier der Log:
Code:
ATTFilter
21:23:09.0020 0404	TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
21:23:09.0051 0404	============================================================
21:23:09.0051 0404	Current date / time: 2012/04/16 21:23:09.0051
21:23:09.0051 0404	SystemInfo:
21:23:09.0051 0404	
21:23:09.0051 0404	OS Version: 6.1.7601 ServicePack: 1.0
21:23:09.0051 0404	Product type: Workstation
21:23:09.0051 0404	ComputerName: ACHTERBERG
21:23:09.0051 0404	UserName: l.achterberg
21:23:09.0051 0404	Windows directory: C:\Windows
21:23:09.0051 0404	System windows directory: C:\Windows
21:23:09.0051 0404	Running under WOW64
21:23:09.0051 0404	Processor architecture: Intel x64
21:23:09.0051 0404	Number of processors: 4
21:23:09.0051 0404	Page size: 0x1000
21:23:09.0051 0404	Boot type: Safe boot
21:23:09.0051 0404	============================================================
21:23:09.0426 0404	Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:23:09.0426 0404	\Device\Harddisk0\DR0:
21:23:09.0426 0404	MBR used
21:23:09.0426 0404	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
21:23:09.0426 0404	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0xD7A1000
21:23:09.0426 0404	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD9F9800, BlocksNum 0x147DAB0
21:23:09.0441 0404	Initialize success
21:23:09.0441 0404	============================================================
21:23:16.0571 1356	============================================================
21:23:16.0571 1356	Scan started
21:23:16.0571 1356	Mode: Manual; SigCheck; TDLFS; 
21:23:16.0571 1356	============================================================
21:23:17.0195 1356	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:23:17.0257 1356	1394ohci - ok
21:23:17.0273 1356	5U877           (df986d28a45acf98a51faccdd39d8d9f) C:\Windows\system32\DRIVERS\5U877.sys
21:23:17.0288 1356	5U877 - ok
21:23:17.0304 1356	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:23:17.0319 1356	ACPI - ok
21:23:17.0335 1356	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:23:17.0351 1356	AcpiPmi - ok
21:23:17.0366 1356	AcPrfMgrSvc     (028cfcf636826b03994af1fe5b48d0e8) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
21:23:17.0366 1356	AcPrfMgrSvc - ok
21:23:17.0382 1356	AcSvc           (45c79cf6c4a2f7b28affa1f39b1904fb) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
21:23:17.0397 1356	AcSvc - ok
21:23:17.0397 1356	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:23:17.0413 1356	AdobeARMservice - ok
21:23:17.0444 1356	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:23:17.0460 1356	AdobeFlashPlayerUpdateSvc - ok
21:23:17.0475 1356	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:23:17.0491 1356	adp94xx - ok
21:23:17.0522 1356	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:23:17.0538 1356	adpahci - ok
21:23:17.0538 1356	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:23:17.0553 1356	adpu320 - ok
21:23:17.0569 1356	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:23:17.0647 1356	AeLookupSvc - ok
21:23:17.0663 1356	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:23:17.0678 1356	AFD - ok
21:23:17.0709 1356	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:23:17.0709 1356	agp440 - ok
21:23:17.0725 1356	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:23:17.0741 1356	ALG - ok
21:23:17.0741 1356	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:23:17.0756 1356	aliide - ok
21:23:17.0772 1356	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:23:17.0787 1356	amdide - ok
21:23:17.0803 1356	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:23:17.0819 1356	AmdK8 - ok
21:23:17.0834 1356	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:23:17.0850 1356	AmdPPM - ok
21:23:17.0865 1356	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:23:17.0865 1356	amdsata - ok
21:23:17.0897 1356	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:23:17.0897 1356	amdsbs - ok
21:23:17.0912 1356	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:23:17.0928 1356	amdxata - ok
21:23:17.0928 1356	Amsp            (24c5aab82e681147e8f3d33fd416dac8) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
21:23:17.0959 1356	Amsp - ok
21:23:17.0975 1356	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:23:18.0053 1356	AppID - ok
21:23:18.0068 1356	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:23:18.0099 1356	AppIDSvc - ok
21:23:18.0489 1356	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:23:18.0521 1356	Appinfo - ok
21:23:18.0536 1356	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:23:18.0536 1356	Apple Mobile Device - ok
21:23:18.0552 1356	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
21:23:18.0567 1356	AppMgmt - ok
21:23:18.0599 1356	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:23:18.0599 1356	arc - ok
21:23:18.0614 1356	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:23:18.0614 1356	arcsas - ok
21:23:18.0630 1356	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:23:18.0645 1356	aspnet_state - ok
21:23:18.0661 1356	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:23:18.0692 1356	AsyncMac - ok
21:23:18.0723 1356	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:23:18.0739 1356	atapi - ok
21:23:18.0755 1356	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:23:18.0786 1356	AudioEndpointBuilder - ok
21:23:18.0801 1356	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:23:18.0833 1356	AudioSrv - ok
21:23:18.0864 1356	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:23:18.0879 1356	AxInstSV - ok
21:23:19.0363 1356	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:23:19.0379 1356	b06bdrv - ok
21:23:19.0394 1356	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:23:19.0410 1356	b57nd60a - ok
21:23:19.0425 1356	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:23:19.0425 1356	BDESVC - ok
21:23:19.0441 1356	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:23:19.0472 1356	Beep - ok
21:23:19.0503 1356	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:23:19.0550 1356	BFE - ok
21:23:19.0566 1356	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
21:23:19.0613 1356	BITS - ok
21:23:19.0628 1356	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:23:19.0644 1356	blbdrive - ok
21:23:19.0675 1356	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:23:19.0675 1356	bowser - ok
21:23:19.0691 1356	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:23:19.0706 1356	BrFiltLo - ok
21:23:19.0737 1356	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:23:19.0737 1356	BrFiltUp - ok
21:23:19.0753 1356	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:23:19.0784 1356	BridgeMP - ok
21:23:19.0800 1356	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:23:19.0831 1356	Browser - ok
21:23:19.0862 1356	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:23:19.0878 1356	Brserid - ok
21:23:19.0893 1356	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:23:19.0893 1356	BrSerWdm - ok
21:23:19.0909 1356	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:23:19.0925 1356	BrUsbMdm - ok
21:23:19.0940 1356	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:23:19.0956 1356	BrUsbSer - ok
21:23:19.0971 1356	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:23:19.0971 1356	BthEnum - ok
21:23:20.0003 1356	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:23:20.0003 1356	BTHMODEM - ok
21:23:20.0018 1356	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:23:20.0034 1356	BthPan - ok
21:23:20.0049 1356	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:23:20.0065 1356	BTHPORT - ok
21:23:20.0081 1356	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:23:20.0112 1356	bthserv - ok
21:23:20.0143 1356	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:23:20.0143 1356	BTHUSB - ok
21:23:20.0159 1356	btusbflt        (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
21:23:20.0159 1356	btusbflt - ok
21:23:20.0174 1356	btwaudio        (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
21:23:20.0190 1356	btwaudio - ok
21:23:20.0205 1356	btwavdt         (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\drivers\btwavdt.sys
21:23:20.0205 1356	btwavdt - ok
21:23:20.0237 1356	btwdins         (e45b07aa29d8b9b1e98e9f74fc4c8db0) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
21:23:20.0252 1356	btwdins - ok
21:23:20.0268 1356	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:23:20.0268 1356	btwl2cap - ok
21:23:20.0299 1356	btwrchid        (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
21:23:20.0299 1356	btwrchid - ok
21:23:20.0299 1356	catchme - ok
21:23:20.0315 1356	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:23:20.0346 1356	cdfs - ok
21:23:20.0361 1356	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:23:20.0377 1356	cdrom - ok
21:23:20.0393 1356	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:23:20.0424 1356	CertPropSvc - ok
21:23:20.0439 1356	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:23:20.0455 1356	circlass - ok
21:23:20.0455 1356	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:23:20.0471 1356	CLFS - ok
21:23:20.0486 1356	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:23:20.0502 1356	clr_optimization_v2.0.50727_32 - ok
21:23:20.0502 1356	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:23:20.0517 1356	clr_optimization_v2.0.50727_64 - ok
21:23:20.0517 1356	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:23:20.0549 1356	clr_optimization_v4.0.30319_32 - ok
21:23:20.0549 1356	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:23:20.0564 1356	clr_optimization_v4.0.30319_64 - ok
21:23:20.0580 1356	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:23:20.0580 1356	CmBatt - ok
21:23:20.0611 1356	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:23:20.0611 1356	cmdide - ok
21:23:20.0627 1356	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:23:20.0642 1356	CNG - ok
21:23:20.0673 1356	CnxtHdAudService (d7d489acf6db4c64f88f1a65739770f7) C:\Windows\system32\drivers\CHDRT64.sys
21:23:20.0689 1356	CnxtHdAudService - ok
21:23:20.0705 1356	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:23:20.0705 1356	Compbatt - ok
21:23:20.0720 1356	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:23:20.0736 1356	CompositeBus - ok
21:23:20.0736 1356	COMSysApp - ok
21:23:20.0767 1356	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:23:20.0767 1356	crcdisk - ok
21:23:20.0783 1356	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:23:20.0814 1356	CryptSvc - ok
21:23:20.0845 1356	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:23:20.0861 1356	CSC - ok
21:23:20.0876 1356	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
21:23:20.0892 1356	CscService - ok
21:23:20.0907 1356	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:23:20.0939 1356	DcomLaunch - ok
21:23:20.0970 1356	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:23:21.0001 1356	defragsvc - ok
21:23:21.0032 1356	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:23:21.0063 1356	DfsC - ok
21:23:21.0079 1356	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:23:21.0110 1356	Dhcp - ok
21:23:21.0126 1356	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:23:21.0157 1356	discache - ok
21:23:21.0173 1356	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:23:21.0173 1356	Disk - ok
21:23:21.0188 1356	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:23:21.0204 1356	Dnscache - ok
21:23:21.0235 1356	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:23:21.0266 1356	dot3svc - ok
21:23:21.0282 1356	DozeSvc         (7d353f3087433a4638a7908d6228cdcf) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
21:23:21.0297 1356	DozeSvc - ok
21:23:21.0297 1356	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:23:21.0344 1356	DPS - ok
21:23:21.0344 1356	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:23:21.0360 1356	drmkaud - ok
21:23:21.0391 1356	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:23:21.0407 1356	DXGKrnl - ok
21:23:21.0422 1356	DzHDD64         (5bdef3faa1bfd9c9c5d3dc972049f0fa) C:\Windows\system32\DRIVERS\DzHDD64.sys
21:23:21.0422 1356	DzHDD64 - ok
21:23:21.0438 1356	e1kexpress      (f369e83f6cdab987ca2dd764278659a6) C:\Windows\system32\DRIVERS\e1k62x64.sys
21:23:21.0453 1356	e1kexpress - ok
21:23:21.0469 1356	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:23:21.0500 1356	EapHost - ok
21:23:21.0563 1356	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:23:21.0609 1356	ebdrv - ok
21:23:21.0625 1356	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:23:21.0641 1356	EFS - ok
21:23:21.0641 1356	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:23:21.0672 1356	ehRecvr - ok
21:23:21.0672 1356	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:23:21.0687 1356	ehSched - ok
21:23:21.0703 1356	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:23:21.0719 1356	elxstor - ok
21:23:21.0750 1356	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:23:21.0750 1356	ErrDev - ok
21:23:21.0765 1356	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:23:21.0812 1356	EventSystem - ok
21:23:21.0843 1356	EvtEng          (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:23:21.0875 1356	EvtEng - ok
21:23:21.0890 1356	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:23:21.0937 1356	exfat - ok
21:23:21.0953 1356	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:23:21.0999 1356	fastfat - ok
21:23:22.0031 1356	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:23:22.0046 1356	Fax - ok
21:23:22.0062 1356	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:23:22.0062 1356	fdc - ok
21:23:22.0077 1356	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:23:22.0109 1356	fdPHost - ok
21:23:22.0140 1356	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:23:22.0171 1356	FDResPub - ok
21:23:22.0171 1356	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:23:22.0187 1356	FileInfo - ok
21:23:22.0218 1356	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:23:22.0249 1356	Filetrace - ok
21:23:22.0249 1356	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:23:22.0265 1356	flpydisk - ok
21:23:22.0280 1356	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:23:22.0296 1356	FltMgr - ok
21:23:22.0311 1356	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:23:22.0343 1356	FontCache - ok
21:23:22.0358 1356	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:23:22.0358 1356	FontCache3.0.0.0 - ok
21:23:22.0374 1356	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:23:22.0374 1356	FsDepends - ok
21:23:22.0389 1356	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:23:22.0389 1356	Fs_Rec - ok
21:23:22.0421 1356	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:23:22.0436 1356	fvevol - ok
21:23:22.0436 1356	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:23:22.0452 1356	gagp30kx - ok
21:23:22.0467 1356	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:23:22.0514 1356	gpsvc - ok
21:23:22.0530 1356	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:23:22.0530 1356	hcw85cir - ok
21:23:22.0561 1356	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:23:22.0577 1356	HdAudAddService - ok
21:23:22.0592 1356	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:23:22.0608 1356	HDAudBus - ok
21:23:22.0623 1356	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:23:22.0639 1356	HECIx64 - ok
21:23:22.0639 1356	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:23:22.0655 1356	HidBatt - ok
21:23:22.0686 1356	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:23:22.0686 1356	HidBth - ok
21:23:22.0701 1356	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:23:22.0717 1356	HidIr - ok
21:23:22.0748 1356	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:23:22.0779 1356	hidserv - ok
21:23:22.0811 1356	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:23:22.0811 1356	HidUsb - ok
21:23:22.0826 1356	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:23:22.0857 1356	hkmsvc - ok
21:23:22.0873 1356	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:23:22.0889 1356	HomeGroupListener - ok
21:23:22.0904 1356	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:23:22.0920 1356	HomeGroupProvider - ok
21:23:22.0935 1356	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:23:22.0951 1356	HpSAMD - ok
21:23:22.0967 1356	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:23:23.0013 1356	HTTP - ok
21:23:23.0013 1356	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:23:23.0029 1356	hwpolicy - ok
21:23:23.0060 1356	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:23:23.0060 1356	i8042prt - ok
21:23:23.0076 1356	iaStor          (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\DRIVERS\iaStor.sys
21:23:23.0091 1356	iaStor - ok
21:23:23.0123 1356	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:23:23.0138 1356	iaStorV - ok
21:23:23.0154 1356	IBMPMDRV        (3761fab385f1c2f51b2fad48cfabbe9d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
21:23:23.0154 1356	IBMPMDRV - ok
21:23:23.0185 1356	IBMPMSVC        (fc22310f3862e2c7c8722ef4778d5cc3) C:\Windows\system32\ibmpmsvc.exe
21:23:23.0185 1356	IBMPMSVC - ok
21:23:23.0201 1356	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:23:23.0216 1356	idsvc - ok
21:23:23.0341 1356	igfx            (cca0460f3871d3753a881abc81141cd5) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:23:23.0513 1356	igfx - ok
21:23:23.0528 1356	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:23:23.0544 1356	iirsp - ok
21:23:23.0559 1356	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:23:23.0606 1356	IKEEXT - ok
21:23:23.0622 1356	Impcd           (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
21:23:23.0622 1356	Impcd - ok
21:23:23.0637 1356	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:23:23.0653 1356	intelide - ok
21:23:23.0669 1356	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:23:23.0684 1356	intelppm - ok
21:23:23.0700 1356	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:23:23.0731 1356	IPBusEnum - ok
21:23:23.0747 1356	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:23:23.0778 1356	IpFilterDriver - ok
21:23:23.0793 1356	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:23:23.0840 1356	iphlpsvc - ok
21:23:23.0856 1356	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:23:23.0871 1356	IPMIDRV - ok
21:23:23.0887 1356	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:23:23.0918 1356	IPNAT - ok
21:23:23.0934 1356	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:23:23.0949 1356	IRENUM - ok
21:23:23.0949 1356	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:23:23.0965 1356	isapnp - ok
21:23:23.0981 1356	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:23:23.0996 1356	iScsiPrt - ok
21:23:24.0012 1356	IviRegMgr       (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:23:24.0012 1356	IviRegMgr - ok
21:23:24.0043 1356	JabraDFU        (8baecd09cf6dabb25c0c1bd262e0f7f7) C:\Windows\system32\Drivers\JabraBcDfuWhqlXPx64.sys
21:23:24.0043 1356	JabraDFU - ok
21:23:24.0059 1356	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:23:24.0059 1356	kbdclass - ok
21:23:24.0074 1356	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:23:24.0090 1356	kbdhid - ok
21:23:24.0090 1356	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:23:24.0105 1356	KeyIso - ok
21:23:24.0121 1356	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:23:24.0137 1356	KSecDD - ok
21:23:24.0152 1356	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:23:24.0152 1356	KSecPkg - ok
21:23:24.0183 1356	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:23:24.0215 1356	ksthunk - ok
21:23:24.0230 1356	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:23:24.0261 1356	KtmRm - ok
21:23:24.0277 1356	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
21:23:24.0308 1356	LanmanServer - ok
21:23:24.0324 1356	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:23:24.0355 1356	LanmanWorkstation - ok
21:23:24.0386 1356	LBTServ         (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
21:23:24.0386 1356	LBTServ - ok
21:23:24.0402 1356	LENOVO.CAMMUTE  (a4aefd644cade44f99ceafa49004426c) C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
21:23:24.0402 1356	LENOVO.CAMMUTE - ok
21:23:24.0402 1356	LENOVO.MICMUTE  (e9953eeed1653d1cb9ec5c54ff8057db) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
21:23:24.0433 1356	LENOVO.MICMUTE - ok
21:23:24.0449 1356	lenovo.smi      (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
21:23:24.0464 1356	lenovo.smi - ok
21:23:24.0464 1356	LEqdUsb         (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
21:23:24.0480 1356	LEqdUsb - ok
21:23:24.0480 1356	LHidEqd         (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
21:23:24.0495 1356	LHidEqd - ok
21:23:24.0511 1356	LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
21:23:24.0527 1356	LHidFilt - ok
21:23:24.0527 1356	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:23:24.0573 1356	lltdio - ok
21:23:24.0589 1356	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:23:24.0620 1356	lltdsvc - ok
21:23:24.0636 1356	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:23:24.0667 1356	lmhosts - ok
21:23:24.0698 1356	LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
21:23:24.0698 1356	LMouFilt - ok
21:23:24.0698 1356	LMS             (1c05c59d588a94867671fd07b7062caf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:23:24.0714 1356	LMS - ok
21:23:24.0729 1356	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:23:24.0745 1356	LSI_FC - ok
21:23:24.0761 1356	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:23:24.0761 1356	LSI_SAS - ok
21:23:24.0776 1356	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:23:24.0792 1356	LSI_SAS2 - ok
21:23:24.0807 1356	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:23:24.0807 1356	LSI_SCSI - ok
21:23:24.0839 1356	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:23:24.0870 1356	luafv - ok
21:23:24.0901 1356	MBAMProtector - ok
21:23:24.0901 1356	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:23:24.0932 1356	MBAMService - ok
21:23:24.0932 1356	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:23:24.0948 1356	Mcx2Svc - ok
21:23:24.0963 1356	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:23:24.0979 1356	megasas - ok
21:23:24.0995 1356	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:23:24.0995 1356	MegaSR - ok
21:23:25.0026 1356	Microsoft SharePoint Workspace Audit Service - ok
21:23:25.0026 1356	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:23:25.0057 1356	MMCSS - ok
21:23:25.0088 1356	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:23:25.0119 1356	Modem - ok
21:23:25.0151 1356	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:23:25.0151 1356	monitor - ok
21:23:25.0166 1356	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:23:25.0182 1356	mouclass - ok
21:23:25.0182 1356	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:23:25.0197 1356	mouhid - ok
21:23:25.0229 1356	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:23:25.0229 1356	mountmgr - ok
21:23:25.0244 1356	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:23:25.0260 1356	mpio - ok
21:23:25.0260 1356	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:23:25.0307 1356	mpsdrv - ok
21:23:25.0322 1356	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:23:25.0353 1356	MpsSvc - ok
21:23:25.0369 1356	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:23:25.0385 1356	MRxDAV - ok
21:23:25.0416 1356	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:23:25.0416 1356	mrxsmb - ok
21:23:25.0431 1356	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:23:25.0447 1356	mrxsmb10 - ok
21:23:25.0478 1356	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:23:25.0478 1356	mrxsmb20 - ok
21:23:25.0494 1356	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:23:25.0494 1356	msahci - ok
21:23:25.0509 1356	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:23:25.0525 1356	msdsm - ok
21:23:25.0541 1356	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:23:25.0556 1356	MSDTC - ok
21:23:25.0572 1356	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:23:25.0603 1356	Msfs - ok
21:23:25.0619 1356	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:23:25.0650 1356	mshidkmdf - ok
21:23:25.0665 1356	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:23:25.0681 1356	msisadrv - ok
21:23:25.0681 1356	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:23:25.0728 1356	MSiSCSI - ok
21:23:25.0728 1356	msiserver - ok
21:23:25.0743 1356	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:23:25.0775 1356	MSKSSRV - ok
21:23:25.0790 1356	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:23:25.0821 1356	MSPCLOCK - ok
21:23:25.0853 1356	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:23:25.0884 1356	MSPQM - ok
21:23:25.0899 1356	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:23:25.0915 1356	MsRPC - ok
21:23:25.0915 1356	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:23:25.0931 1356	mssmbios - ok
21:23:25.0946 1356	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:23:25.0977 1356	MSTEE - ok
21:23:25.0977 1356	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:23:25.0993 1356	MTConfig - ok
21:23:26.0009 1356	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:23:26.0009 1356	Mup - ok
21:23:26.0040 1356	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:23:26.0071 1356	napagent - ok
21:23:26.0102 1356	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:23:26.0118 1356	NativeWifiP - ok
21:23:26.0133 1356	ncpclcfg        (f66579f9994cda1328ede5f36dbd1660) C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe
21:23:26.0133 1356	ncpclcfg ( UnsignedFile.Multi.Generic ) - warning
21:23:26.0133 1356	ncpclcfg - detected UnsignedFile.Multi.Generic (1)
21:23:26.0149 1356	ncpfilt         (a7f5e21610b21c8ea8f4c718e9dcca59) C:\Windows\system32\DRIVERS\ncplelhp.sys
21:23:26.0165 1356	ncpfilt - ok
21:23:26.0180 1356	ncplelhp        (a7f5e21610b21c8ea8f4c718e9dcca59) C:\Windows\system32\DRIVERS\ncplelhp.sys
21:23:26.0180 1356	ncplelhp - ok
21:23:26.0211 1356	ncprwsnt        (ef8bcedf23e4917f70d9237a2347d453) C:\Program Files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe
21:23:26.0243 1356	ncprwsnt - ok
21:23:26.0258 1356	NcpSec          (bcc6fdecda131a99a38430813aa84544) C:\Program Files (x86)\WatchGuard\Mobile VPN\ncpsec.exe
21:23:26.0258 1356	NcpSec ( UnsignedFile.Multi.Generic ) - warning
21:23:26.0258 1356	NcpSec - detected UnsignedFile.Multi.Generic (1)
21:23:26.0274 1356	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:23:26.0305 1356	NDIS - ok
21:23:26.0321 1356	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:23:26.0352 1356	NdisCap - ok
21:23:26.0367 1356	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:23:26.0399 1356	NdisTapi - ok
21:23:26.0430 1356	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:23:26.0461 1356	Ndisuio - ok
21:23:26.0461 1356	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:23:26.0508 1356	NdisWan - ok
21:23:26.0523 1356	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:23:26.0555 1356	NDProxy - ok
21:23:26.0555 1356	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:23:26.0601 1356	NetBIOS - ok
21:23:26.0617 1356	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:23:26.0664 1356	NetBT - ok
21:23:26.0679 1356	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:23:26.0695 1356	Netlogon - ok
21:23:26.0711 1356	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:23:26.0742 1356	Netman - ok
21:23:26.0757 1356	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:23:26.0757 1356	NetMsmqActivator - ok
21:23:26.0773 1356	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:23:26.0773 1356	NetPipeActivator - ok
21:23:26.0804 1356	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:23:26.0835 1356	netprofm - ok
21:23:26.0867 1356	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:23:26.0867 1356	NetTcpActivator - ok
21:23:26.0867 1356	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:23:26.0882 1356	NetTcpPortSharing - ok
21:23:26.0960 1356	NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
21:23:27.0069 1356	NETw5s64 - ok
21:23:27.0147 1356	netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:23:27.0241 1356	netw5v64 - ok
21:23:27.0241 1356	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:23:27.0257 1356	nfrd960 - ok
21:23:27.0272 1356	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:23:27.0335 1356	NlaSvc - ok
21:23:27.0335 1356	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:23:27.0366 1356	Npfs - ok
21:23:27.0397 1356	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:23:27.0428 1356	nsi - ok
21:23:27.0428 1356	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:23:27.0475 1356	nsiproxy - ok
21:23:27.0491 1356	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:23:27.0537 1356	Ntfs - ok
21:23:27.0553 1356	NtrigDigitizerUSBLowerFilter - ok
21:23:27.0584 1356	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:23:27.0615 1356	Null - ok
21:23:27.0615 1356	NVHDA           (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
21:23:27.0631 1356	NVHDA - ok
21:23:27.0756 1356	nvlddmkm        (432e12af35fddaaf640958b9b3c1a7ae) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:23:27.0990 1356	nvlddmkm - ok
21:23:28.0005 1356	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:23:28.0021 1356	nvraid - ok
21:23:28.0037 1356	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:23:28.0037 1356	nvstor - ok
21:23:28.0068 1356	nvsvc           (a82c849d9535cfb8d7f058859f4608cb) C:\Windows\system32\nvvsvc.exe
21:23:28.0083 1356	nvsvc - ok
21:23:28.0083 1356	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:23:28.0099 1356	nv_agp - ok
21:23:28.0130 1356	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:23:28.0130 1356	ohci1394 - ok
21:23:28.0146 1356	ose64           (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:23:28.0146 1356	ose64 - ok
21:23:28.0208 1356	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:23:28.0302 1356	osppsvc - ok
21:23:28.0333 1356	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:23:28.0349 1356	p2pimsvc - ok
21:23:28.0364 1356	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:23:28.0364 1356	p2psvc - ok
21:23:28.0380 1356	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:23:28.0395 1356	Parport - ok
21:23:28.0427 1356	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:23:28.0427 1356	partmgr - ok
21:23:28.0442 1356	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:23:28.0458 1356	PcaSvc - ok
21:23:28.0489 1356	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:23:28.0489 1356	pci - ok
21:23:28.0505 1356	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:23:28.0520 1356	pciide - ok
21:23:28.0520 1356	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:23:28.0536 1356	pcmcia - ok
21:23:28.0551 1356	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:23:28.0567 1356	pcw - ok
21:23:28.0583 1356	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:23:28.0629 1356	PEAUTH - ok
21:23:28.0645 1356	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
21:23:28.0676 1356	PeerDistSvc - ok
21:23:28.0692 1356	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:23:28.0723 1356	PerfHost - ok
21:23:28.0754 1356	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:23:28.0817 1356	pla - ok
21:23:28.0832 1356	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:23:28.0848 1356	PlugPlay - ok
21:23:28.0848 1356	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:23:28.0863 1356	PNRPAutoReg - ok
21:23:28.0879 1356	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:23:28.0895 1356	PNRPsvc - ok
21:23:28.0910 1356	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:23:28.0957 1356	PolicyAgent - ok
21:23:28.0973 1356	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:23:29.0004 1356	Power - ok
21:23:29.0004 1356	Power Manager DBC Service (d07d33d2293e4acae0cbf13108b92a4f) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
21:23:29.0019 1356	Power Manager DBC Service - ok
21:23:29.0019 1356	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:23:29.0051 1356	PptpMiniport - ok
21:23:29.0066 1356	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:23:29.0082 1356	Processor - ok
21:23:29.0097 1356	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:23:29.0129 1356	ProfSvc - ok
21:23:29.0144 1356	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:23:29.0144 1356	ProtectedStorage - ok
21:23:29.0160 1356	psadd           (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
21:23:29.0160 1356	psadd - ok
21:23:29.0191 1356	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:23:29.0222 1356	Psched - ok
21:23:29.0222 1356	qcfilterlno2k   (052031a92809b438683fdcf5b574234d) C:\Windows\system32\DRIVERS\qcfilterlno2k.sys
21:23:29.0238 1356	qcfilterlno2k - ok
21:23:29.0269 1356	qcusbnetlno2k   (d4168d8bebcf573b8ffb2a0c09094da3) C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys
21:23:29.0269 1356	qcusbnetlno2k - ok
21:23:29.0285 1356	qcusbserlno2k   (3a5625922508a972345f096cb163d55b) C:\Windows\system32\DRIVERS\qcusbserlno2k.sys
21:23:29.0300 1356	qcusbserlno2k - ok
21:23:29.0300 1356	QDLService2kLenovo (29fbb6f1d98cba159dd8a8830ba7835f) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
21:23:29.0316 1356	QDLService2kLenovo - ok
21:23:29.0347 1356	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:23:29.0394 1356	ql2300 - ok
21:23:29.0409 1356	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:23:29.0409 1356	ql40xx - ok
21:23:29.0425 1356	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:23:29.0441 1356	QWAVE - ok
21:23:29.0456 1356	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:23:29.0472 1356	QWAVEdrv - ok
21:23:29.0487 1356	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:23:29.0519 1356	RasAcd - ok
21:23:29.0534 1356	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:23:29.0565 1356	RasAgileVpn - ok
21:23:29.0581 1356	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:23:29.0612 1356	RasAuto - ok
21:23:30.0127 1356	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:23:30.0174 1356	Rasl2tp - ok
21:23:30.0205 1356	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:23:30.0236 1356	RasMan - ok
21:23:30.0267 1356	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:23:30.0299 1356	RasPppoe - ok
21:23:30.0314 1356	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:23:30.0345 1356	RasSstp - ok
21:23:30.0361 1356	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:23:30.0392 1356	rdbss - ok
21:23:30.0408 1356	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:23:30.0423 1356	rdpbus - ok
21:23:30.0439 1356	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:23:30.0470 1356	RDPCDD - ok
21:23:30.0486 1356	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:23:30.0486 1356	RDPDR - ok
21:23:30.0501 1356	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:23:30.0533 1356	RDPENCDD - ok
21:23:30.0548 1356	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:23:30.0579 1356	RDPREFMP - ok
21:23:30.0595 1356	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:23:30.0642 1356	RDPWD - ok
21:23:30.0657 1356	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:23:30.0673 1356	rdyboost - ok
21:23:30.0689 1356	RegSrvc         (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:23:30.0704 1356	RegSrvc - ok
21:23:30.0720 1356	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:23:30.0751 1356	RemoteAccess - ok
21:23:30.0782 1356	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:23:30.0813 1356	RemoteRegistry - ok
21:23:30.0845 1356	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:23:30.0860 1356	RFCOMM - ok
21:23:30.0860 1356	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:23:30.0891 1356	RpcEptMapper - ok
21:23:30.0907 1356	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:23:30.0923 1356	RpcLocator - ok
21:23:30.0938 1356	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:23:30.0969 1356	RpcSs - ok
21:23:30.0985 1356	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:23:31.0016 1356	rspndr - ok
21:23:31.0032 1356	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:23:31.0047 1356	s3cap - ok
21:23:31.0047 1356	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:23:31.0063 1356	SamSs - ok
21:23:31.0094 1356	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:23:31.0094 1356	sbp2port - ok
21:23:31.0110 1356	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
21:23:31.0141 1356	SBSDWSCService - ok
21:23:31.0157 1356	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:23:31.0203 1356	SCardSvr - ok
21:23:31.0219 1356	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:23:31.0250 1356	scfilter - ok
21:23:31.0281 1356	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:23:31.0328 1356	Schedule - ok
21:23:31.0344 1356	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:23:31.0375 1356	SCPolicySvc - ok
21:23:31.0406 1356	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:23:31.0422 1356	sdbus - ok
21:23:31.0422 1356	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:23:31.0437 1356	SDRSVC - ok
21:23:31.0437 1356	SeaPort         (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
21:23:31.0453 1356	SeaPort - ok
21:23:31.0469 1356	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:23:31.0500 1356	secdrv - ok
21:23:31.0531 1356	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:23:31.0562 1356	seclogon - ok
21:23:31.0562 1356	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:23:31.0609 1356	SENS - ok
21:23:31.0609 1356	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:23:31.0625 1356	SensrSvc - ok
21:23:31.0640 1356	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:23:31.0640 1356	Serenum - ok
21:23:31.0656 1356	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:23:31.0671 1356	Serial - ok
21:23:31.0687 1356	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:23:31.0687 1356	sermouse - ok
21:23:31.0718 1356	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:23:31.0765 1356	SessionEnv - ok
21:23:31.0781 1356	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:23:31.0796 1356	sffdisk - ok
21:23:31.0812 1356	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:23:31.0827 1356	sffp_mmc - ok
21:23:31.0843 1356	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:23:31.0859 1356	sffp_sd - ok
21:23:31.0874 1356	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:23:31.0874 1356	sfloppy - ok
21:23:31.0905 1356	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:23:31.0937 1356	SharedAccess - ok
21:23:31.0968 1356	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:23:31.0999 1356	ShellHWDetection - ok
21:23:32.0030 1356	Shockprf        (c45942985943fc4ab8a7ea7a92f29c00) C:\Windows\system32\DRIVERS\Apsx64.sys
21:23:32.0030 1356	Shockprf - ok
21:23:32.0046 1356	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:23:32.0046 1356	SiSRaid2 - ok
21:23:32.0061 1356	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:23:32.0077 1356	SiSRaid4 - ok
21:23:32.0077 1356	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:23:32.0093 1356	SkypeUpdate - ok
21:23:32.0108 1356	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:23:32.0155 1356	Smb - ok
21:23:32.0171 1356	smihlp          (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
21:23:32.0171 1356	smihlp - ok
21:23:32.0186 1356	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:23:32.0202 1356	SNMPTRAP - ok
21:23:32.0202 1356	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:23:32.0217 1356	spldr - ok
21:23:32.0233 1356	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:23:32.0280 1356	Spooler - ok
21:23:32.0327 1356	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:23:32.0420 1356	sppsvc - ok
21:23:32.0420 1356	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:23:32.0467 1356	sppuinotify - ok
21:23:32.0483 1356	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:23:32.0498 1356	srv - ok
21:23:32.0514 1356	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:23:32.0529 1356	srv2 - ok
21:23:32.0545 1356	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:23:32.0561 1356	SrvHsfHDA - ok
21:23:32.0592 1356	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:23:32.0623 1356	SrvHsfV92 - ok
21:23:32.0654 1356	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:23:32.0670 1356	SrvHsfWinac - ok
21:23:32.0701 1356	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:23:32.0701 1356	srvnet - ok
21:23:32.0717 1356	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:23:32.0763 1356	SSDPSRV - ok
21:23:32.0763 1356	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:23:32.0795 1356	SstpSvc - ok
21:23:32.0826 1356	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:23:32.0826 1356	stexstor - ok
21:23:32.0841 1356	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:23:32.0873 1356	stisvc - ok
21:23:32.0873 1356	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:23:32.0888 1356	storflt - ok
21:23:32.0904 1356	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
21:23:32.0919 1356	StorSvc - ok
21:23:32.0935 1356	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:23:32.0935 1356	storvsc - ok
21:23:32.0935 1356	SUService       (6ea2f517373771cac5188e82617c9c0b) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
21:23:32.0951 1356	SUService ( UnsignedFile.Multi.Generic ) - warning
21:23:32.0951 1356	SUService - detected UnsignedFile.Multi.Generic (1)
21:23:32.0966 1356	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:23:32.0982 1356	swenum - ok
21:23:32.0997 1356	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:23:33.0029 1356	swprv - ok
21:23:33.0044 1356	SynTP           (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
21:23:33.0060 1356	SynTP - ok
21:23:33.0091 1356	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:23:33.0122 1356	SysMain - ok
21:23:33.0138 1356	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:23:33.0153 1356	TabletInputService - ok
21:23:33.0169 1356	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:23:33.0216 1356	TapiSrv - ok
21:23:33.0231 1356	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:23:33.0263 1356	TBS - ok
21:23:33.0309 1356	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:23:33.0356 1356	Tcpip - ok
21:23:33.0387 1356	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:23:33.0419 1356	TCPIP6 - ok
21:23:33.0434 1356	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:23:33.0465 1356	tcpipreg - ok
21:23:33.0481 1356	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:23:33.0512 1356	TDPIPE - ok
21:23:33.0543 1356	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:23:33.0575 1356	TDTCP - ok
21:23:33.0590 1356	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:23:33.0621 1356	tdx - ok
21:23:33.0621 1356	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:23:33.0637 1356	TermDD - ok
21:23:33.0653 1356	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:23:33.0699 1356	TermService - ok
21:23:33.0715 1356	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:23:33.0715 1356	Themes - ok
21:23:33.0746 1356	ThinkVantage Registry Monitor Service (39ac444e07fdbd8c2e8e291a65d515d3) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
21:23:33.0762 1356	ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
21:23:33.0762 1356	ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
21:23:33.0777 1356	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:23:33.0809 1356	THREADORDER - ok
21:23:33.0824 1356	tmactmon        (95ab85cf9c7edc62845d21bb596b0093) C:\Windows\system32\DRIVERS\tmactmon.sys
21:23:33.0840 1356	tmactmon - ok
21:23:33.0855 1356	tmcomm          (0b975f08621cadf7f8ec164e1a991cf3) C:\Windows\system32\DRIVERS\tmcomm.sys
21:23:33.0855 1356	tmcomm - ok
21:23:33.0871 1356	tmevtmgr        (aea9012cfc3c4b2a167b210c523b9b65) C:\Windows\system32\DRIVERS\tmevtmgr.sys
21:23:33.0887 1356	tmevtmgr - ok
21:23:33.0902 1356	TmListen        (2c5bdcb2efab4ca5b88daf2c97a5794d) C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
21:23:33.0918 1356	TmListen - ok
21:23:33.0949 1356	tmtdi           (77b9bebb0769f45ef770297196ef3506) C:\Windows\system32\DRIVERS\tmtdi.sys
21:23:33.0949 1356	tmtdi - ok
21:23:33.0965 1356	TPDIGIMN        (6db3fae611554dc373e266ed50111b1c) C:\Windows\system32\DRIVERS\ApsHM64.sys
21:23:33.0965 1356	TPDIGIMN - ok
21:23:33.0996 1356	TPHDEXLGSVC     (47d2009fdc682833ee03b6dcba23fdd2) C:\Windows\system32\TPHDEXLG64.exe
21:23:33.0996 1356	TPHDEXLGSVC - ok
21:23:33.0996 1356	TPHKSVC         (12068221ca8264e4d1281520089e195c) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
21:23:34.0011 1356	TPHKSVC - ok
21:23:34.0011 1356	TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
21:23:34.0027 1356	TPM - ok
21:23:34.0058 1356	TPPWRIF         (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
21:23:34.0058 1356	TPPWRIF - ok
21:23:34.0074 1356	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:23:34.0105 1356	TrkWks - ok
21:23:34.0121 1356	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:23:34.0152 1356	TrustedInstaller - ok
21:23:34.0183 1356	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:23:34.0214 1356	tssecsrv - ok
21:23:34.0214 1356	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:23:34.0230 1356	TsUsbFlt - ok
21:23:34.0245 1356	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:23:34.0292 1356	tunnel - ok
21:23:34.0308 1356	TurboB          (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys
21:23:34.0323 1356	TurboB - ok
21:23:34.0323 1356	TurboBoost      (b670df651f00194434adc6b326743709) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:23:34.0323 1356	TurboBoost - ok
21:23:34.0355 1356	TVT Backup Service (b56da1aa776c15043d10f82b32aa000d) C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
21:23:34.0386 1356	TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
21:23:34.0386 1356	TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
21:23:34.0401 1356	TVTI2C          (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
21:23:34.0401 1356	TVTI2C - ok
21:23:34.0417 1356	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:23:34.0417 1356	uagp35 - ok
21:23:34.0448 1356	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:23:34.0495 1356	udfs - ok
21:23:34.0511 1356	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:23:34.0526 1356	UI0Detect - ok
21:23:34.0542 1356	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:23:34.0542 1356	uliagpkx - ok
21:23:34.0573 1356	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:23:34.0573 1356	umbus - ok
21:23:34.0589 1356	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:23:34.0589 1356	UmPass - ok
21:23:34.0604 1356	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
21:23:34.0620 1356	UmRdpService - ok
21:23:34.0651 1356	UNS             (ccc28fa0dfdfdb161624f1c63296418c) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:23:34.0698 1356	UNS - ok
21:23:34.0729 1356	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:23:34.0760 1356	upnphost - ok
21:23:34.0776 1356	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:23:34.0791 1356	usbaudio - ok
21:23:34.0823 1356	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:23:34.0823 1356	usbccgp - ok
21:23:34.0838 1356	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:23:34.0854 1356	usbcir - ok
21:23:34.0885 1356	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:23:34.0885 1356	usbehci - ok
21:23:34.0901 1356	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:23:34.0916 1356	usbhub - ok
21:23:34.0947 1356	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:23:34.0947 1356	usbohci - ok
21:23:34.0963 1356	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:23:34.0979 1356	usbprint - ok
21:23:34.0994 1356	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:23:35.0010 1356	USBSTOR - ok
21:23:35.0010 1356	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:23:35.0025 1356	usbuhci - ok
21:23:35.0041 1356	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:23:35.0057 1356	usbvideo - ok
21:23:35.0057 1356	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:23:35.0103 1356	UxSms - ok
21:23:35.0103 1356	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:23:35.0119 1356	VaultSvc - ok
21:23:35.0150 1356	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:23:35.0150 1356	vdrvroot - ok
21:23:35.0166 1356	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:23:35.0213 1356	vds - ok
21:23:35.0213 1356	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:23:35.0228 1356	vga - ok
21:23:35.0244 1356	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:23:35.0275 1356	VgaSave - ok
21:23:35.0291 1356	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:23:35.0291 1356	vhdmp - ok
21:23:35.0306 1356	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:23:35.0322 1356	viaide - ok
21:23:35.0337 1356	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:23:35.0353 1356	vmbus - ok
21:23:35.0369 1356	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:23:35.0369 1356	VMBusHID - ok
21:23:35.0400 1356	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:23:35.0400 1356	volmgr - ok
21:23:35.0415 1356	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:23:35.0431 1356	volmgrx - ok
21:23:35.0447 1356	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:23:35.0462 1356	volsnap - ok
21:23:35.0478 1356	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:23:35.0493 1356	vsmraid - ok
21:23:35.0525 1356	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:23:35.0571 1356	VSS - ok
21:23:35.0587 1356	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:23:35.0603 1356	vwifibus - ok
21:23:35.0618 1356	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:23:35.0634 1356	vwififlt - ok
21:23:35.0649 1356	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:23:35.0665 1356	vwifimp - ok
21:23:35.0681 1356	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:23:35.0727 1356	W32Time - ok
21:23:35.0743 1356	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:23:35.0759 1356	WacomPen - ok
21:23:35.0774 1356	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:23:35.0805 1356	WANARP - ok
21:23:35.0805 1356	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:23:35.0837 1356	Wanarpv6 - ok
21:23:35.0868 1356	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:23:35.0915 1356	wbengine - ok
21:23:35.0930 1356	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:23:35.0946 1356	WbioSrvc - ok
21:23:35.0961 1356	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:23:35.0993 1356	wcncsvc - ok
21:23:35.0993 1356	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:23:36.0008 1356	WcsPlugInService - ok
21:23:36.0024 1356	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:23:36.0024 1356	Wd - ok
21:23:36.0055 1356	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:23:36.0071 1356	Wdf01000 - ok
21:23:36.0086 1356	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:23:36.0117 1356	WdiServiceHost - ok
21:23:36.0117 1356	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:23:36.0133 1356	WdiSystemHost - ok
21:23:36.0149 1356	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:23:36.0164 1356	WebClient - ok
21:23:36.0195 1356	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:23:36.0227 1356	Wecsvc - ok
21:23:36.0258 1356	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:23:36.0289 1356	wercplsupport - ok
21:23:36.0305 1356	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:23:36.0336 1356	WerSvc - ok
21:23:36.0351 1356	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:23:36.0383 1356	WfpLwf - ok
21:23:36.0398 1356	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:23:36.0414 1356	WIMMount - ok
21:23:36.0414 1356	WinDefend - ok
21:23:36.0414 1356	WinHttpAutoProxySvc - ok
21:23:36.0429 1356	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:23:36.0476 1356	Winmgmt - ok
21:23:36.0507 1356	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:23:36.0570 1356	WinRM - ok
21:23:36.0601 1356	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
21:23:36.0601 1356	WinUsb - ok
21:23:36.0632 1356	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:23:36.0648 1356	Wlansvc - ok
21:23:36.0663 1356	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:23:36.0679 1356	WmiAcpi - ok
21:23:36.0695 1356	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:23:36.0710 1356	wmiApSrv - ok
21:23:36.0726 1356	WMPNetworkSvc - ok
21:23:36.0726 1356	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:23:36.0741 1356	WPCSvc - ok
21:23:36.0757 1356	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:23:36.0773 1356	WPDBusEnum - ok
21:23:36.0788 1356	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:23:36.0819 1356	ws2ifsl - ok
21:23:36.0851 1356	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
21:23:36.0866 1356	wscsvc - ok
21:23:36.0866 1356	WSearch - ok
21:23:36.0897 1356	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:23:36.0975 1356	wuauserv - ok
21:23:36.0991 1356	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:23:37.0022 1356	WudfPf - ok
21:23:37.0038 1356	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:23:37.0069 1356	WUDFRd - ok
21:23:37.0085 1356	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:23:37.0116 1356	wudfsvc - ok
21:23:37.0116 1356	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:23:37.0147 1356	WwanSvc - ok
21:23:37.0147 1356	MBR (0x1B8)     (79ca512faf7047652d71cbc50299fad4) \Device\Harddisk0\DR0
21:23:37.0163 1356	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:23:37.0163 1356	\Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:23:37.0178 1356	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:23:37.0178 1356	\Device\Harddisk0\DR0 - detected TDSS File System (1)
21:23:37.0178 1356	Boot (0x1200)   (bff3fb8ad63a2919bd36e68d22b03375) \Device\Harddisk0\DR0\Partition0
21:23:37.0178 1356	\Device\Harddisk0\DR0\Partition0 - ok
21:23:37.0178 1356	Boot (0x1200)   (fec0a2c916555253e974c8a7a6e3e956) \Device\Harddisk0\DR0\Partition1
21:23:37.0178 1356	\Device\Harddisk0\DR0\Partition1 - ok
21:23:37.0194 1356	Boot (0x1200)   (cd77069084fc92b439b8981094346309) \Device\Harddisk0\DR0\Partition2
21:23:37.0194 1356	\Device\Harddisk0\DR0\Partition2 - ok
21:23:37.0194 1356	============================================================
21:23:37.0194 1356	Scan finished
21:23:37.0194 1356	============================================================
21:23:37.0194 1328	Detected object count: 7
21:23:37.0194 1328	Actual detected object count: 7
21:27:19.0401 1328	ncpclcfg ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:19.0401 1328	ncpclcfg ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:27:19.0416 1328	NcpSec ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:19.0416 1328	NcpSec ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:27:19.0416 1328	SUService ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:19.0416 1328	SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:27:19.0432 1328	ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:19.0432 1328	ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:27:19.0432 1328	TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:27:19.0432 1328	TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:27:19.0447 1328	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
21:27:19.0447 1328	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip 
21:27:19.0463 1328	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:27:19.0463 1328	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Alt 16.04.2012, 20:41   #15
markusg
/// Malware-holic
 
Google Redirect Problem - Standard

Google Redirect Problem


alle funde mit tdss bitte bereinigen lassen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 1 von 2 1 2

Themen zu Google Redirect Problem
absturz, combofix, datei, diverse, eingefangen, forum, fängt, google, google redirect, komplett, leute, maleware, maus, min, natürlich, nervige, nichts, problem, programm, redirect, rum, schonmal, tools, trojaner, wirklich


« Smart HDD Trojaner | Trojan.Win32.Generic »


Ähnliche Themen: Google Redirect Problem


  1. Google Redirect - Malware - Google leitet falsch um
    Plagegeister aller Art und deren Bekämpfung - 26.12.2012 (21)
  2. Google Redirect
    Plagegeister aller Art und deren Bekämpfung - 06.12.2012 (27)
  3. Google redirect?
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (14)
  4. Redirect Google
    Log-Analyse und Auswertung - 05.11.2012 (27)
  5. Google Redirect Problem
    Plagegeister aller Art und deren Bekämpfung - 23.09.2012 (10)
  6. google leitet mich auf falsche Seiten um (google redirect?)
    Log-Analyse und Auswertung - 14.08.2012 (20)
  7. Google Redirect Virus bzw. Google Hijack + PC Langsam
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  8. Google Redirect
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  9. Google redirect Problem
    Log-Analyse und Auswertung - 17.10.2011 (4)
  10. Google-Redirect und Browser-Problem
    Log-Analyse und Auswertung - 18.04.2011 (3)
  11. Google Redirect
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (13)
  12. Google Redirect...
    Log-Analyse und Auswertung - 14.06.2009 (20)
  13. Firefox hat hat "google redirect Problem" & Desktophintergrund läßt sich nicht ändern
    Log-Analyse und Auswertung - 09.05.2009 (1)
  14. Redirect von Google
    Log-Analyse und Auswertung - 18.03.2009 (0)
  15. Google redirect
    Log-Analyse und Auswertung - 12.01.2009 (0)
  16. Google redirect Problem
    Log-Analyse und Auswertung - 18.09.2008 (2)
  17. Redirect von Google
    Plagegeister aller Art und deren Bekämpfung - 14.04.2006 (11)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Google Redirect Problem - Hallo Leute, ich habe mir vor einigen Tagen irgendwas unschönes eingefangen, nämlich so n schönen Google Redirect (Trojaner). Hab jetzt einige Zeit hie rum Forum gelesen und auch schon mit - Google Redirect Problem...
Archiv
Du betrachtest: Google Redirect Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55