| |
| |||||||
Log-Analyse und Auswertung: Google/Bing ... redirect Virus rocketnewsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.06.2012, 17:16
| #1 |
 |  Google/Bing ... redirect Virus rocketnews Hallo zusammen, seit ein paar Tagen werde ich bei Google und Bing suchen immer umgeleitet, wenn ich einen Link zu einem Ergebnis anklicke. Die Recherche hier im Board hat ergeben, dass dies offensichtlich ein häufiger vorkommender Virus ist. Ich habe mit OTL einen Scan durchgeführt. Hier die Logs: OTL: Code:
ATTFilter OTL logfile created on: 25.06.2012 17:58:54 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 57,96% Memory free 7,80 Gb Paging File | 5,79 Gb Available in Paging File | 74,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 58,61 Gb Free Space | 49,20% Space Free | Partition Type: NTFS Drive E: | 232,83 Gb Total Space | 7,33 Gb Free Space | 3,15% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Daniel Meyer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Miranda IM\miranda32.exe ( ) PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Program Files (x86)\Miranda IM\Plugins\srmm.dll () MOD - C:\Program Files (x86)\Miranda IM\zlib.dll () MOD - C:\Program Files (x86)\Miranda IM\Plugins\icq.dll () MOD - C:\Program Files (x86)\Miranda IM\Plugins\dbx_mmap.dll () MOD - C:\Program Files (x86)\Miranda IM\Plugins\clist_classic.dll () MOD - C:\Program Files (x86)\Miranda IM\Plugins\chat.dll () MOD - C:\Program Files (x86)\Miranda IM\Plugins\aim.dll () MOD - C:\Program Files (x86)\Miranda IM\Plugins\irc.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe () SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe () SRV:64bit: - (ATService) -- C:\Windows\SysNative\ATService.exe (AuthenTec, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vToolbarUpdater11.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe () SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (mitsijm2013) -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe ( ) SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.) SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (V0540Dev) -- C:\Windows\SysNative\drivers\V0540Vid.sys (Creative Technology Ltd.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=111304&babsrc=HP_ss&mntrId=daaaa37f00000000000000234df3323d IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 F6 08 80 DF FE CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=daaaa37f00000000000000234df3323d IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={E8ADBD8F-1DA8-47E5-80D9-6B824DD48AA3}&mid=b0129ede5ced47d181a1d16a0b17dbce-f3e2cb4b492b86c35d9d014c8db077542acdb7f5&lang=de&ds=AVG&pr=fr&d=2012-06-10 23:40:46&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bf1576d6f-8019-43e7-ab83-36267ee975f3%7D&mid=b0129ede5ced47d181a1d16a0b17dbce-f3e2cb4b492b86c35d9d014c8db077542acdb7f5&ds=AVG&v=11.1.0.7&lang=de&pr=fr&d=2012-06-10%2023%3A40%3A46&sap=ku&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bf1576d6f-8019-43e7-ab83-36267ee975f3%7D&mid=b0129ede5ced47d181a1d16a0b17dbce-f3e2cb4b492b86c35d9d014c8db077542acdb7f5&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2012-03-10%2018%3A38%3A15&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.06.12 16:59:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.10 23:40:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.01 17:10:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.10 23:40:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 15:16:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 17:36:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.01 17:10:17 | 000,000,000 | ---D | M] [2012.03.10 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Meyer\AppData\Roaming\mozilla\Extensions [2012.06.04 18:07:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Meyer\AppData\Roaming\mozilla\Firefox\Profiles\xgqn3clh.default\extensions [2012.03.12 20:23:16 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Daniel Meyer\AppData\Roaming\mozilla\Firefox\Profiles\xgqn3clh.default\extensions\DeviceDetection@logitech.com [2012.06.04 18:07:28 | 000,000,853 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\11-suche.xml [2012.06.04 18:07:28 | 000,002,209 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\englische-ergebnisse.xml [2012.06.04 18:07:28 | 000,010,506 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\gmx-suche.xml [2012.06.04 18:07:28 | 000,002,368 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\lastminute.xml [2012.03.10 22:46:19 | 000,003,915 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\sweetim.xml [2012.06.04 18:07:28 | 000,005,489 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\webde-suche.xml [2012.04.26 21:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.06.10 23:40:12 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK [2012.06.10 23:40:49 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7 [2012.03.11 10:25:12 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.03.10 22:46:20 | 000,162,686 | ---- | M] () (No name found) -- C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2012.06.04 18:07:26 | 000,578,889 | ---- | M] () (No name found) -- C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.06.16 15:16:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.16 15:16:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.10 23:40:44 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.03.26 17:07:14 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.16 15:16:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.16 15:16:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.16 15:16:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.16 15:16:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.16 15:16:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe () O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = @biocpl.dll,-1 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{516A8256-299A-4196-A51A-D033203A27C7}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71773EE7-6DC2-41D3-AAF3-0FD8A05AED34}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.24 15:00:00 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.24 15:00:00 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.24 15:00:00 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.24 14:59:58 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.24 14:59:58 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.24 14:59:58 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.24 14:59:57 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.24 14:59:57 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2012.06.24 09:03:28 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel Meyer\Desktop\OTL.exe [2012.06.21 21:24:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\Autodesk,_Inc [2012.06.21 20:34:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\Documents\Lautsprecherbau [2012.06.21 20:29:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\Granta Design [2012.06.21 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.06.21 20:12:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\Documents\Inventor [2012.06.21 20:11:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\Documents\Autodesk [2012.06.21 20:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2012.06.21 20:09:03 | 000,000,000 | ---D | C] -- C:\Temp [2012.06.21 20:09:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk [2012.06.21 20:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2012.06.21 20:07:44 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\Autodesk [2012.06.21 20:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2012.06.21 20:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2012.06.21 20:07:22 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2012.06.21 20:07:22 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2012.06.21 20:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2012.06.21 20:07:21 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2012.06.21 20:07:21 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2012.06.21 20:07:21 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2012.06.21 20:07:21 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2012.06.21 20:07:21 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2012.06.21 20:07:21 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2012.06.21 20:07:21 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2012.06.21 20:07:21 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2012.06.21 20:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2012.06.21 19:59:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Roaming\Autodesk [2012.06.21 19:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2012.06.16 15:16:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.06.16 15:16:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.06.16 15:16:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.06.16 15:16:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.06.16 15:16:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.06.16 15:16:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.06.16 15:16:41 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.06.16 15:16:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.06.16 15:16:39 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.06.16 15:16:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.06.16 15:16:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.06.16 15:16:39 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.06.16 15:16:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.06.16 10:57:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\Macromedia [2012.06.16 10:49:22 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.06.16 10:49:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.06.16 10:49:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.06.16 10:49:20 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.06.16 10:49:19 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.06.16 10:49:19 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.06.16 10:49:18 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012.06.16 10:49:16 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2012.06.16 10:49:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2012.06.12 17:10:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM [2012.06.12 16:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.06.10 23:40:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\AVG Secure Search [2012.06.10 23:40:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012.05.28 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\Documents\Zeugnisse [2012.05.26 20:19:58 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\ElevatedDiagnostics ========== Files - Modified Within 30 Days ========== [2012.06.25 17:50:59 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 17:50:59 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.25 17:49:24 | 100,686,497 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.06.25 17:48:12 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.25 17:48:12 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.25 17:48:12 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.25 17:48:12 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.25 17:48:12 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.25 17:43:52 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\Inblj.job [2012.06.25 17:43:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.25 17:43:41 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys [2012.06.24 23:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.24 09:03:28 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Meyer\Desktop\OTL.exe [2012.06.23 20:07:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.06.23 20:07:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.06.22 23:48:46 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.21 21:25:32 | 000,461,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.21 20:10:50 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2013 - Deutsch (German).lnk [2012.06.20 18:31:13 | 000,249,913 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.06.20 18:21:07 | 000,163,840 | RHS- | M] () -- C:\Windows\SysWow64\help8.dll [2012.06.11 11:27:24 | 000,000,416 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.06.11 11:27:24 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD2030.DAT [2012.06.03 00:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2012.06.03 00:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2012.06.03 00:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2012.06.02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2012.06.02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe ========== Files Created - No Company Name ========== [2012.06.21 20:10:50 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2013 - Deutsch (German).lnk [2012.06.21 20:03:48 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.20 18:21:07 | 000,163,840 | RHS- | C] () -- C:\Windows\SysWow64\help8.dll [2012.06.20 18:21:07 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\Inblj.job [2012.06.11 11:27:24 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.06.11 11:27:24 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2012.04.01 17:05:13 | 000,233,522 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.03.20 20:31:18 | 000,000,129 | ---- | C] () -- C:\Windows\LIBENMP3.INI [2012.03.20 20:31:18 | 000,000,075 | ---- | C] () -- C:\Windows\LIBENACM.INI [2012.03.20 20:31:18 | 000,000,048 | ---- | C] () -- C:\Windows\LIBENVRS.INI [2012.03.20 20:31:18 | 000,000,029 | ---- | C] () -- C:\Windows\LIBENWMA.INI [2012.03.20 19:53:13 | 000,001,118 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.03.20 19:50:02 | 000,002,132 | ---- | C] () -- C:\Windows\smp3m45w.ini [2012.03.10 22:09:17 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.03.10 22:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.10 22:08:18 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.11 20:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.02.11 20:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.02.11 20:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.06.2012 17:58:54 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Daniel Meyer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 57,96% Memory free
7,80 Gb Paging File | 5,79 Gb Available in Paging File | 74,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 58,61 Gb Free Space | 49,20% Space Free | Partition Type: NTFS
Drive E: | 232,83 Gb Total Space | 7,33 Gb Free Space | 3,15% Space Free | Partition Type: FAT32
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17431A5F-07AF-4D86-8D1C-372DEAADDF36}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{C7EA48ED-43BC-405D-88E7-F1F24C20DD80}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03999A91-4BE8-4FE8-B799-DEEEACD9A354}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{06D03EBB-F92C-4329-A8AA-A98CC3AD4941}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{125E1C0C-A989-45E5-9EA0-A7C859EE88D7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{165EC28B-95A2-4A54-A42E-A2A301E9D616}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{172F7FCC-02FB-4408-9AD2-46B9BD079DF9}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{1A294350-BFA2-46D7-AB45-06A0FA2C8265}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{1DCD5FA5-A318-41AB-BA0C-A9CCF8C6DED5}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\app\starmoney.exe |
"{25DB9508-33CF-4EAA-B1A3-C2830D012DAA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{29DF514F-AE7D-4443-A6E2-98CC63CBE684}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{30BD5345-4741-4B36-9000-B61F0E6BD8BC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{35F926C6-ED7A-4940-8AC5-8EFB72AA2214}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{3BF2DFF6-2A64-466E-8D12-0B67F76A98C1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{466DE148-8B5C-476B-82F9-BE36C9D0327D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{4A682077-7B15-4444-A77C-752F72DF1391}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5A9DBC3E-C038-49C7-9340-D85CBF5CC0B5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{60649670-3C40-47F6-8B61-F979D81594E3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{69DA3CF8-0B7E-4343-A2B1-FEEA2AAE066A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{6F4BDBB3-D731-423A-ABA0-1FF4BC50C8D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{7E636B6E-22D7-4340-B402-9A91A7505BD7}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{833501FF-1405-4284-958E-E30EF436075C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{89C19400-DE91-4F35-8A18-C2D1D05A688E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8CA16C7C-27CA-44A9-9333-51B4FB98173B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8F88372C-F28D-4BDF-8103-1621F4405EDE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8FB72092-9547-43B6-B813-A6F30722BCE4}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{9F9E7312-59D9-4B63-8DD5-5DE334FFACED}" = protocol=17 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{AA23EE5A-B78C-4071-9F63-02D294603B8E}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{AA54B080-3457-40C8-89CA-0AC625AFD16F}" = protocol=6 | dir=in | app=c:\program files (x86)\starmoney 8.0 s-edition\ouservice\starmoneyonlineupdate.exe |
"{AC9DA0A1-99D0-4626-85A7-6E4ECE29AFDA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{B4E44A90-2E4D-4EC0-AA79-DBD738F5CF02}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{B640FFC5-1A5D-4E2D-B21A-9DE264443A36}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C1B75441-76F8-4D09-9FB9-9AB252E422E7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C3459306-CCD2-411C-95D1-C0C73A5C89BD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{CB6AA18A-0FE4-415B-9251-9BAF54BD6DF5}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{CC1C427C-1864-4C0F-A096-2763D486E3A3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D13F2B86-7CF5-4CE5-9A26-E9C86D3E843C}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D8D61DB6-F20B-47EB-A784-4BB95845B29D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{DAC06B8E-C8DF-4AFB-A960-8F81B366EA6C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{E2AFC132-BA93-45AA-9C84-67A19CEDB84A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E35618B9-5D23-495B-AEBD-C253C8D7C978}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{EAE3CD6A-09DE-4C78-A8E4-1859EFC85A3C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{F14BA120-F8F9-47E1-860F-DAA4C551B738}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{F19F1AA5-C6AB-4C8B-B43C-A555685E4970}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"TCP Query User{ECFF7912-D9F5-4C35-8263-A5D8DFD1D647}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"TCP Query User{FA34A1C7-9FEB-4275-930B-539ED6E1986B}C:\users\daniel meyer\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\daniel meyer\downloads\diablo-iii-setup-dede.exe |
"UDP Query User{6B575CC3-CE1A-4E59-812D-1BA69CBFE8FB}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe |
"UDP Query User{8122865D-8E87-4B0C-BC3F-F9EF98D2E938}C:\users\daniel meyer\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\daniel meyer\downloads\diablo-iii-setup-dede.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1C83CB66-D345-4D6C-95A2-63A03269ADA0}" = Lenovo Patch Utility 64 bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5E79DDFB-8AE6-E4B5-8A24-D358C2F2E349}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{792A9A32-718A-40D1-9867-A903F76AE2F8}" = Eco Materials Adviser for Autodesk Inventor 2013
"{7F4DD591-1764-0001-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2013
"{7F4DD591-1764-0001-1031-7107D70F3DB4}" = Autodesk Inventor Professional 2013 Language Pack - Deutsch (German)
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D25FF5C1-1764-469A-9794-69309387C193}" = Schnell-Deinstallations-Tool für Autodesk Inventor 2013
"{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}" = Intel(R) PROSet/Wireless WiFi-Software
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{EEAA321A-E086-C093-70E0-01E66F1491D9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"0481B164C8D1D26C560D6A5E717C5920D4362D60" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"ATI Uninstaller" = ATI Uninstaller
"Autodesk Inventor Professional 2013" = Autodesk Inventor Professional 2013 Deutsch (German)
"AVG" = AVG 2012
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"Creative VF0540" = Creative Live! Cam Video IM/Video Chat (VF0540) (1.01.03.00)
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"HECI" = Intel(R) Management Engine Interface
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"MESOL" = Intel® Active-Management-Technologie
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{023FADD0-F5EC-1E92-4AB5-0FCE3579C0C9}" = CCC Help Chinese Standard
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14AA72DA-DB40-4A34-93A6-401A81D7AF9E}" = Unreal Anthology
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1AEAB063-151F-74F9-B8EC-2CF39257C39B}" = CCC Help English
"{1E80AF84-EAEC-53A3-D5D8-B7DD01F8AA23}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney
"{22B83EB9-90A5-ABED-3256-1AEDC1A5A832}" = CCC Help Portuguese
"{23CAC9C6-F4E7-A978-46A7-8C6DC3EC0AAD}" = CCC Help Japanese
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}" = Autodesk Material Library Low Resolution Image Library 2013
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2AFFABEB-13E5-47EF-53F7-826616982D2C}" = Catalyst Control Center Localization All
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{4141D2C3-756B-1EF0-0977-B421B85F5870}" = Catalyst Control Center Graphics Previews Vista
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5522D1A6-98A7-C7A2-D7B9-A762AE4D09D8}" = PX Profile Update
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5781F83C-13F4-C8C8-F8AD-15FEBE496BB0}" = CCC Help Chinese Traditional
"{59F4533B-675E-4A9B-8057-7503970EDDDE}" = StarMoney 8.0 S-Edition
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76901A74-50AA-0132-B4DB-CA522F9E71B2}" = CCC Help Korean
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}" = System Migration Assistant
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{949320FC-F3AE-72D3-11C8-4F50DA7067C8}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}" = Lenovo Patch Utility
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE91C455-8C94-EB5A-0128-D7F44371B77E}" = ccc-core-static
"{B3114E23-91A6-DEF2-B8FB-5D782AF5439A}" = CCC Help Dutch
"{B388231D-672A-4169-A3DF-BD80266252AB}" = StarMoney
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C72A9BF9-0746-A0F6-E23E-104392FC3EED}" = CCC Help German
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1143A4E-753F-4B70-B5C3-69156D57CC7B}" = Catalyst Control Center - Branding
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DF69DC26-5534-6CCF-7BD4-3314A67FA6CD}" = CCC Help French
"{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{EC19E668-785C-1F2A-1A25-266A46A5462C}" = Catalyst Control Center InstallProxy
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F39E5AF2-6A57-BA8E-21C4-B422B3CCBDE5}" = CCC Help Swedish
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Diablo III" = Diablo III
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"MediaMonkey_is1" = MediaMonkey 4.0
"Miranda IM" = Miranda IM 0.9.52
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel PROSet Wireless
"SIMPLE 4.5W" = SIMPLE 4.5W
"VLC media player" = VLC media player 2.0.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.06.2012 12:33:10 | Computer Name = *** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige
XML-Syntax.
Error - 21.06.2012 12:40:03 | Computer Name = *** | Source = SPP | ID = 16388
Description =
Error - 21.06.2012 15:25:40 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 22.06.2012 17:35:27 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 23.06.2012 13:58:38 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 23.06.2012 16:45:33 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 23.06.2012 17:10:43 | Computer Name = *** | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Lenovo\Access Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0. Ungültige
XML-Syntax.
Error - 24.06.2012 02:48:12 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 24.06.2012 14:08:15 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 25.06.2012 11:43:56 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 18.06.2012 16:42:25 | Computer Name = *** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 19.06.2012 16:44:59 | Computer Name = *** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 20.06.2012 16:30:26 | Computer Name = *** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 21.06.2012 15:24:39 | Computer Name = *** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 21.06.2012 15:37:26 | Computer Name = *** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 22.06.2012 17:49:25 | Computer Name = *** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 23.06.2012 14:47:40 | Computer Name = *** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 23.06.2012 19:05:30 | Computer Name = *** | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 24.06.2012 14:08:06 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?24.?06.?2012 um 17:06:17 unerwartet heruntergefahren.
Error - 24.06.2012 17:21:42 | Computer Name = DanielMeyer-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
< End of report >
Gruß |
|
28.06.2012, 11:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Google/Bing ... redirect Virus rocketnews Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
28.06.2012, 16:58
| #3 |
| | Google/Bing ... redirect Virus rocketnews Vielen Dank schon mal für die Antwort. Hier das log von malwarebytes:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.28.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] Schutz: Aktiviert 28.06.2012 17:38:31 mbam-log-2012-06-28 (17-56-06).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 354582 Laufzeit: 17 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Daten: @biocpl.dll,-1 -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) MfG Und hier das ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=aba945bed752e04aab5a0d9b444ba404
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 04:41:44
# local_time=2012-06-28 06:41:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 9501838 9501838 0 0
# compatibility_mode=5893 16776574 100 94 9502568 92529155 0 0
# compatibility_mode=8192 67108863 100 0 135 135 0 0
# scanned=152812
# found=1
# cleaned=0
# scan_time=2399
C:\Users\Daniel Meyer\AppData\Local\Mozilla\Firefox\Profiles\xgqn3clh.default\Cache\A\7F\A71F0d01 HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
Mfg |
|
29.06.2012, 11:14
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google/Bing ... redirect Virus rocketnews Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.06.2012, 17:10
| #5 |
| | Google/Bing ... redirect Virus rocketnews Hallo Arne, ich habe Malwarebytes erst auf die Anfrage hin installiert, daher habe ich nur dieses eine Log. gruß Daniel |
|
01.07.2012, 15:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google/Bing ... redirect Virus rocketnews Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Google/Bing ... redirect Virus rocketnews |
|
02.07.2012, 16:48
| #7 |
| | Google/Bing ... redirect Virus rocketnews Hallo, hier ist das neue OTL Log, Code:
ATTFilter OTL logfile created on: 02.07.2012 17:30:53 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Daniel Meyer\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 67,42% Memory free 7,80 Gb Paging File | 6,14 Gb Available in Paging File | 78,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119,14 Gb Total Space | 58,53 Gb Free Space | 49,13% Space Free | Partition Type: NTFS Drive E: | 232,83 Gb Total Space | 7,33 Gb Free Space | 3,15% Space Free | Partition Type: FAT32 Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Daniel Meyer\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe () SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe () SRV:64bit: - (ATService) -- C:\Windows\SysNative\ATService.exe (AuthenTec, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (vToolbarUpdater11.1.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (mitsijm2013) -- C:\Programme\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe ( ) SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.) SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y62x64.sys (Intel Corporation) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (V0540Dev) -- C:\Windows\SysNative\drivers\V0540Vid.sys (Creative Technology Ltd.) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=111304&babsrc=HP_ss&mntrId=daaaa37f00000000000000234df3323d IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 F6 08 80 DF FE CC 01 [binary data] IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=daaaa37f00000000000000234df3323d IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={E8ADBD8F-1DA8-47E5-80D9-6B824DD48AA3}&mid=b0129ede5ced47d181a1d16a0b17dbce-f3e2cb4b492b86c35d9d014c8db077542acdb7f5&lang=de&ds=AVG&pr=fr&d=2012-06-10 23:40:46&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bf1576d6f-8019-43e7-ab83-36267ee975f3%7D&mid=b0129ede5ced47d181a1d16a0b17dbce-f3e2cb4b492b86c35d9d014c8db077542acdb7f5&ds=AVG&v=11.1.0.7&lang=de&pr=fr&d=2012-06-10%2023%3A40%3A46&sap=ku&q=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bf1576d6f-8019-43e7-ab83-36267ee975f3%7D&mid=b0129ede5ced47d181a1d16a0b17dbce-f3e2cb4b492b86c35d9d014c8db077542acdb7f5&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2012-03-10%2018%3A38%3A15&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.07.02 17:23:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012.06.10 23:40:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.01 17:10:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 17:23:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 15:16:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.21 17:36:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.01 17:10:17 | 000,000,000 | ---D | M] [2012.03.10 19:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Meyer\AppData\Roaming\mozilla\Extensions [2012.06.30 17:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel Meyer\AppData\Roaming\mozilla\Firefox\Profiles\xgqn3clh.default\extensions [2012.03.12 20:23:16 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Daniel Meyer\AppData\Roaming\mozilla\Firefox\Profiles\xgqn3clh.default\extensions\DeviceDetection@logitech.com [2012.06.30 00:03:07 | 000,000,853 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\11-suche.xml [2012.06.30 00:03:07 | 000,002,209 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\englische-ergebnisse.xml [2012.06.30 00:03:07 | 000,010,506 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\gmx-suche.xml [2012.06.30 00:03:07 | 000,002,368 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\lastminute.xml [2012.03.10 22:46:19 | 000,003,915 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\sweetim.xml [2012.06.30 00:03:07 | 000,005,489 | ---- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla\Firefox\Profiles\xgqn3clh.default\searchplugins\webde-suche.xml [2012.04.26 21:16:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.02 17:23:20 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK [2012.06.10 23:40:49 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7 [2012.03.10 22:46:20 | 000,162,686 | ---- | M] () (No name found) -- C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI [2012.06.30 00:03:00 | 000,578,962 | ---- | M] () (No name found) -- C:\USERS\DANIEL MEYER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XGQN3CLH.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI [2012.06.16 15:16:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.16 15:16:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.10 23:40:44 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.03.26 17:07:14 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.16 15:16:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.16 15:16:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.16 15:16:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.16 15:16:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.16 15:16:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll () O3 - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe () O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = @biocpl.dll,-1 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8:64bit: - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Web-Suche - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{516A8256-299A-4196-A51A-D033203A27C7}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71773EE7-6DC2-41D3-AAF3-0FD8A05AED34}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {04628F7F-C8F2-1BB5-1D34-189CA903E054} - Themes Setup ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {384BBA54-F589-7D80-052E-CD9A4394FE9F} - Internet Explorer ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4DB093D3-95DA-6E78-3703-D45780C2F318} - Themes Setup ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6743D54F-8319-9427-E223-0B957245FDAF} - Offline Browsing Pack ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FE79586F-9D9D-0DEB-A73F-EE8E66DF0190} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.02 17:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.06.28 17:59:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.28 17:37:40 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Roaming\Malwarebytes [2012.06.28 17:37:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.28 17:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.28 17:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.28 17:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.24 09:03:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel Meyer\Desktop\OTL.exe [2012.06.21 21:24:10 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\Autodesk,_Inc [2012.06.21 20:34:26 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\Documents\Lautsprecherbau [2012.06.21 20:29:07 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\Granta Design [2012.06.21 20:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2012.06.21 20:12:12 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\Documents\Inventor [2012.06.21 20:11:20 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\Documents\Autodesk [2012.06.21 20:11:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2012.06.21 20:09:03 | 000,000,000 | ---D | C] -- C:\Temp [2012.06.21 20:09:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk [2012.06.21 20:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared [2012.06.21 20:07:44 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\Autodesk [2012.06.21 20:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2012.06.21 20:07:33 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2012.06.21 20:07:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE [2012.06.21 20:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2012.06.21 19:59:23 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Roaming\Autodesk [2012.06.21 19:59:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2012.06.16 10:57:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\Macromedia [2012.06.12 17:10:24 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM [2012.06.10 23:40:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel Meyer\AppData\Local\AVG Secure Search [2012.06.10 23:40:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search ========== Files - Modified Within 30 Days ========== [2012.07.02 17:28:47 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel Meyer\Desktop\OTL.exe [2012.07.02 17:23:57 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.02 17:23:57 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.02 17:22:35 | 100,932,387 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.07.02 17:22:35 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.07.02 17:22:35 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.07.02 17:22:35 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.07.02 17:22:35 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.07.02 17:22:35 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.07.02 17:16:47 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\Inblj.job [2012.07.02 17:16:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.02 17:16:35 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys [2012.07.02 05:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.28 17:37:36 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 23:48:46 | 001,591,234 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.21 21:25:32 | 000,461,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.21 20:10:50 | 000,002,227 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2013 - Deutsch (German).lnk [2012.06.20 18:31:13 | 000,249,913 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.06.11 11:27:24 | 000,000,416 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012.06.11 11:27:24 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD2030.DAT ========== Files Created - No Company Name ========== [2012.06.28 17:37:36 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.21 20:10:50 | 000,002,227 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Inventor Professional 2013 - Deutsch (German).lnk [2012.06.21 20:03:48 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.20 18:21:07 | 000,000,310 | ---- | C] () -- C:\Windows\tasks\Inblj.job [2012.06.11 11:27:24 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.06.11 11:27:24 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT [2012.04.01 17:05:13 | 000,233,522 | ---- | C] () -- C:\Windows\hpoins47.dat [2012.03.20 20:31:18 | 000,000,129 | ---- | C] () -- C:\Windows\LIBENMP3.INI [2012.03.20 20:31:18 | 000,000,075 | ---- | C] () -- C:\Windows\LIBENACM.INI [2012.03.20 20:31:18 | 000,000,048 | ---- | C] () -- C:\Windows\LIBENVRS.INI [2012.03.20 20:31:18 | 000,000,029 | ---- | C] () -- C:\Windows\LIBENWMA.INI [2012.03.20 19:53:13 | 000,001,118 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.03.20 19:50:02 | 000,002,132 | ---- | C] () -- C:\Windows\smp3m45w.ini [2012.03.10 22:09:17 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.03.10 22:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.10 22:08:18 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.11 20:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2011.02.11 20:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2011.02.11 20:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin ========== LOP Check ========== [2012.06.21 20:29:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Autodesk [2012.03.10 19:38:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\AVG2012 [2012.03.26 17:07:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Babylon [2012.03.10 22:05:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\CachedFiles [2012.06.05 18:28:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\MediaMonkey [2012.03.11 09:52:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Miranda [2012.03.26 17:07:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\pdfforge [2012.03.10 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\PwrMgr [2012.03.10 19:38:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Thunderbird [2012.07.02 17:16:47 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\Inblj.job [2012.05.24 22:17:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.13 20:33:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Adobe [2012.03.10 22:18:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\ATI [2012.06.21 20:29:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Autodesk [2012.03.10 19:38:30 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\AVG2012 [2012.03.26 17:07:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Babylon [2012.03.10 22:05:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\CachedFiles [2012.05.02 20:51:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\dvdcss [2012.04.01 17:13:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\HP [2012.04.23 06:44:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\HpUpdate [2012.03.10 19:01:07 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Identities [2012.03.10 22:04:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\InstallShield [2012.03.10 22:03:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Intel [2012.03.11 09:49:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Macromedia [2012.06.28 17:37:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Malwarebytes [2011.04.12 09:54:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Media Center Programs [2012.06.05 18:28:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\MediaMonkey [2012.04.10 20:19:10 | 000,000,000 | --SD | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Microsoft [2012.03.11 09:52:11 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Miranda [2012.03.10 19:04:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Mozilla [2012.03.26 17:07:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\pdfforge [2012.03.10 22:22:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\PwrMgr [2012.07.02 17:29:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Skype [2012.03.10 19:38:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\Thunderbird [2012.06.05 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\vlc [2012.03.11 10:31:37 | 000,000,000 | ---D | M] -- C:\Users\Daniel Meyer\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.03.10 22:14:42 | 000,010,134 | R--- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Installer\{1C83CB66-D345-4D6C-95A2-63A03269ADA0}\ARPPRODUCTICON.exe [2012.03.10 22:10:48 | 000,010,134 | R--- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Installer\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}\ARPPRODUCTICON.exe [2012.03.10 22:10:48 | 000,010,134 | R--- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Installer\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}\ARPPRODUCTICON.exe [2012.03.10 22:09:17 | 000,010,134 | R--- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Installer\{5522D1A6-98A7-C7A2-D7B9-A762AE4D09D8}\ARPPRODUCTICON.exe [2012.03.10 22:09:28 | 000,010,134 | R--- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Installer\{A02153E8-8DF8-42E6-B7BF-D88EEA33565F}\ARPPRODUCTICON.exe [2012.03.10 22:14:42 | 000,010,134 | R--- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Installer\{A7BB9BBD-DFE4-4276-820A-7CD141FC09E6}\ARPPRODUCTICON.exe [2012.06.21 20:07:22 | 000,010,134 | R--- | M] () -- C:\Users\Daniel Meyer\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.08.07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Lenovo\System Update\session\6iio10ww\IaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Daniel |
|
03.07.2012, 11:01
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google/Bing ... redirect Virus rocketnews Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111304&babsrc=HP_ss&mntrId=daaaa37f00000000000000234df3323d
IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 F6 08 80 DF FE CC 01 [binary data]
IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=daaaa37f00000000000000234df3323d
IE - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={E8ADBD8F-1DA8-47E5-80D9-6B824DD48AA3}&mid=b0129ede5ced47d181a1d16a0b17dbce-f3e2cb4b492b86c35d9d014c8db077542acdb7f5&lang=de&ds=AVG&pr=fr&d=2012-06-10 23:40:46&v=11.1.0.7&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
[2012.03.26 17:07:14 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3 - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = @biocpl.dll,-1
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\Windows\tasks\Inblj.job
C:\Users\Daniel Meyer\AppData\Roaming\Babylon
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.07.2012, 17:06
| #9 |
| | Google/Bing ... redirect Virus rocketnews Ich habe den Fix angewendet, das System wurde neu gestartet und hier ist das Log: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-3444563756-3052769380-1124892696-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3444563756-3052769380-1124892696-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3444563756-3052769380-1124892696-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3444563756-3052769380-1124892696-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-3444563756-3052769380-1124892696-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowCpl deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3444563756-3052769380-1124892696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl\\1 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\Windows\tasks\Inblj.job moved successfully.
C:\Users\Daniel Meyer\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: ***
->Temp folder emptied: 357392268 bytes
->Temporary Internet Files folder emptied: 122075147 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 959293835 bytes
->Flash cache emptied: 23976 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 233547681 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36048085 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.629,00 mb
[EMPTYFLASH]
User: All Users
User: ***
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.1 log created on 07032012_175846
Files\Folders moved on Reboot...
C:\Users\Daniel Meyer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Daniel Meyer\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
04.07.2012, 14:53
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google/Bing ... redirect Virus rocketnews Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.07.2012, 17:25
| #11 |
| | Google/Bing ... redirect Virus rocketnews Hallo, hier das Log vom TDSS Killer, leider habe ich heute, als ich den Virenscanner (AVG Free) deaktivieren wollte eine Fehlermeldung gefunden (Konnte Datei nicht finden) liegt dies an dem gestrigen Fix? LOG: Code:
ATTFilter 18:22:19.0944 5216 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
18:22:20.0038 5216 ============================================================
18:22:20.0038 5216 Current date / time: 2012/07/04 18:22:20.0038
18:22:20.0038 5216 SystemInfo:
18:22:20.0038 5216
18:22:20.0038 5216 OS Version: 6.1.7601 ServicePack: 1.0
18:22:20.0038 5216 Product type: Workstation
18:22:20.0038 5216 ComputerName: ***-PC
18:22:20.0038 5216 UserName: ***
18:22:20.0038 5216 Windows directory: C:\Windows
18:22:20.0038 5216 System windows directory: C:\Windows
18:22:20.0038 5216 Running under WOW64
18:22:20.0038 5216 Processor architecture: Intel x64
18:22:20.0038 5216 Number of processors: 2
18:22:20.0038 5216 Page size: 0x1000
18:22:20.0038 5216 Boot type: Normal boot
18:22:20.0038 5216 ============================================================
18:22:20.0303 5216 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x409B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:22:20.0319 5216 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:22:20.0459 5216 ============================================================
18:22:20.0459 5216 \Device\Harddisk0\DR0:
18:22:20.0459 5216 MBR partitions:
18:22:20.0459 5216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:22:20.0459 5216 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
18:22:20.0459 5216 \Device\Harddisk1\DR1:
18:22:20.0459 5216 MBR partitions:
18:22:20.0459 5216 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x1D1C4542
18:22:20.0459 5216 ============================================================
18:22:20.0459 5216 C: <-> \Device\Harddisk0\DR0\Partition1
18:22:20.0459 5216 E: <-> \Device\Harddisk1\DR1\Partition0
18:22:20.0459 5216 ============================================================
18:22:20.0459 5216 Initialize success
18:22:20.0459 5216 ============================================================
18:22:24.0250 3696 ============================================================
18:22:24.0250 3696 Scan started
18:22:24.0250 3696 Mode: Manual; SigCheck; TDLFS;
18:22:24.0250 3696 ============================================================
18:22:24.0421 3696 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
18:22:24.0468 3696 1394ohci - ok
18:22:24.0484 3696 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:22:24.0515 3696 ACPI - ok
18:22:24.0515 3696 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:22:24.0531 3696 AcpiPmi - ok
18:22:24.0546 3696 AcPrfMgrSvc (1933db4808793f3bd7ab34a39a809425) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
18:22:24.0562 3696 AcPrfMgrSvc - ok
18:22:24.0577 3696 AcSvc (e7af543334b21d84124709061a9ae4d7) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
18:22:24.0577 3696 AcSvc - ok
18:22:24.0593 3696 ADMonitor (ae30df1dcd92afaa9d80405fcffa05e4) C:\Windows\system32\ADMonitor.exe
18:22:24.0593 3696 ADMonitor ( UnsignedFile.Multi.Generic ) - warning
18:22:24.0593 3696 ADMonitor - detected UnsignedFile.Multi.Generic (1)
18:22:24.0609 3696 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:22:24.0609 3696 AdobeARMservice - ok
18:22:24.0655 3696 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:22:24.0671 3696 AdobeFlashPlayerUpdateSvc - ok
18:22:24.0702 3696 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
18:22:24.0733 3696 adp94xx - ok
18:22:24.0749 3696 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
18:22:24.0765 3696 adpahci - ok
18:22:24.0780 3696 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
18:22:24.0796 3696 adpu320 - ok
18:22:24.0796 3696 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:22:24.0827 3696 AeLookupSvc - ok
18:22:24.0858 3696 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:22:24.0889 3696 AFD - ok
18:22:24.0889 3696 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:22:24.0905 3696 agp440 - ok
18:22:24.0905 3696 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:22:24.0921 3696 ALG - ok
18:22:24.0921 3696 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:22:24.0936 3696 aliide - ok
18:22:24.0952 3696 AMD External Events Utility (0f9c6a1cb7213f32c7ea142f5b58d45e) C:\Windows\system32\atiesrxx.exe
18:22:24.0967 3696 AMD External Events Utility - ok
18:22:24.0983 3696 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:22:24.0983 3696 amdide - ok
18:22:24.0999 3696 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
18:22:25.0014 3696 AmdK8 - ok
18:22:25.0248 3696 amdkmdag (be2fd7291550d3c6ef3a0e73dec7071a) C:\Windows\system32\DRIVERS\atikmdag.sys
18:22:25.0342 3696 amdkmdag - ok
18:22:25.0404 3696 amdkmdap (69b3d653847933ac9ae59f071694dc58) C:\Windows\system32\DRIVERS\atikmpag.sys
18:22:25.0420 3696 amdkmdap - ok
18:22:25.0420 3696 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
18:22:25.0435 3696 AmdPPM - ok
18:22:25.0451 3696 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
18:22:25.0451 3696 amdsata - ok
18:22:25.0467 3696 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
18:22:25.0482 3696 amdsbs - ok
18:22:25.0482 3696 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
18:22:25.0498 3696 amdxata - ok
18:22:25.0513 3696 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:22:25.0545 3696 AppID - ok
18:22:25.0545 3696 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:22:25.0591 3696 AppIDSvc - ok
18:22:25.0591 3696 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:22:25.0623 3696 Appinfo - ok
18:22:25.0638 3696 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
18:22:25.0654 3696 arc - ok
18:22:25.0654 3696 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
18:22:25.0669 3696 arcsas - ok
18:22:25.0685 3696 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:22:25.0701 3696 aspnet_state - ok
18:22:25.0701 3696 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:25.0732 3696 AsyncMac - ok
18:22:25.0732 3696 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:22:25.0747 3696 atapi - ok
18:22:25.0997 3696 atikmdag (be2fd7291550d3c6ef3a0e73dec7071a) C:\Windows\system32\DRIVERS\atikmdag.sys
18:22:26.0091 3696 atikmdag - ok
18:22:26.0215 3696 ATService (b0057f384cfc33a851f4fd9c0a7af0fe) C:\Windows\system32\ATService.exe
18:22:26.0262 3696 ATService - ok
18:22:26.0325 3696 ATSwpWDF (17b8d955be11b001456c47c5cfab1054) C:\Windows\system32\Drivers\ATSwpWDF.sys
18:22:26.0340 3696 ATSwpWDF - ok
18:22:26.0387 3696 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:22:26.0418 3696 AudioEndpointBuilder - ok
18:22:26.0434 3696 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:22:26.0465 3696 AudioSrv - ok
18:22:26.0683 3696 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
18:22:26.0761 3696 AVGIDSAgent - ok
18:22:26.0808 3696 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:22:26.0824 3696 AVGIDSDriver - ok
18:22:26.0824 3696 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
18:22:26.0824 3696 AVGIDSFilter - ok
18:22:26.0839 3696 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
18:22:26.0839 3696 AVGIDSHA - ok
18:22:26.0871 3696 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
18:22:26.0871 3696 Avgldx64 - ok
18:22:26.0886 3696 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:22:26.0886 3696 Avgmfx64 - ok
18:22:26.0902 3696 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:22:26.0902 3696 Avgrkx64 - ok
18:22:26.0933 3696 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
18:22:26.0949 3696 Avgtdia - ok
18:22:26.0964 3696 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:22:26.0964 3696 avgwd - ok
18:22:26.0980 3696 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:22:26.0995 3696 AxInstSV - ok
18:22:27.0027 3696 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
18:22:27.0042 3696 b06bdrv - ok
18:22:27.0058 3696 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:22:27.0073 3696 b57nd60a - ok
18:22:27.0089 3696 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:22:27.0105 3696 BDESVC - ok
18:22:27.0105 3696 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:22:27.0136 3696 Beep - ok
18:22:27.0167 3696 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:22:27.0214 3696 BFE - ok
18:22:27.0261 3696 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:22:27.0292 3696 BITS - ok
18:22:27.0307 3696 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:22:27.0323 3696 blbdrive - ok
18:22:27.0323 3696 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:22:27.0339 3696 bowser - ok
18:22:27.0339 3696 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
18:22:27.0354 3696 BrFiltLo - ok
18:22:27.0370 3696 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
18:22:27.0385 3696 BrFiltUp - ok
18:22:27.0385 3696 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:22:27.0417 3696 Browser - ok
18:22:27.0448 3696 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:22:27.0463 3696 Brserid - ok
18:22:27.0463 3696 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:22:27.0479 3696 BrSerWdm - ok
18:22:27.0479 3696 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:22:27.0495 3696 BrUsbMdm - ok
18:22:27.0495 3696 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:22:27.0510 3696 BrUsbSer - ok
18:22:27.0526 3696 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
18:22:27.0526 3696 BthEnum - ok
18:22:27.0541 3696 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
18:22:27.0557 3696 BTHMODEM - ok
18:22:27.0557 3696 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
18:22:27.0588 3696 BthPan - ok
18:22:27.0604 3696 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
18:22:27.0635 3696 BTHPORT - ok
18:22:27.0635 3696 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:22:27.0666 3696 bthserv - ok
18:22:27.0682 3696 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
18:22:27.0697 3696 BTHUSB - ok
18:22:27.0697 3696 btusbflt (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys
18:22:27.0713 3696 btusbflt - ok
18:22:27.0713 3696 btwaudio (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys
18:22:27.0729 3696 btwaudio - ok
18:22:27.0744 3696 btwavdt (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\DRIVERS\btwavdt.sys
18:22:27.0744 3696 btwavdt - ok
18:22:27.0791 3696 btwdins (ffe8c1c3abbf75ce4e74e9a0942dae7d) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
18:22:27.0807 3696 btwdins - ok
18:22:27.0807 3696 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
18:22:27.0822 3696 btwl2cap - ok
18:22:27.0822 3696 btwrchid (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys
18:22:27.0838 3696 btwrchid - ok
18:22:27.0853 3696 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
18:22:27.0869 3696 CAXHWAZL - ok
18:22:27.0869 3696 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:22:27.0916 3696 cdfs - ok
18:22:27.0916 3696 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:22:27.0931 3696 cdrom - ok
18:22:27.0947 3696 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:22:27.0978 3696 CertPropSvc - ok
18:22:27.0978 3696 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
18:22:27.0994 3696 circlass - ok
18:22:28.0025 3696 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:22:28.0041 3696 CLFS - ok
18:22:28.0041 3696 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:22:28.0056 3696 clr_optimization_v2.0.50727_32 - ok
18:22:28.0072 3696 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:22:28.0072 3696 clr_optimization_v2.0.50727_64 - ok
18:22:28.0087 3696 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:22:28.0103 3696 clr_optimization_v4.0.30319_32 - ok
18:22:28.0119 3696 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:22:28.0134 3696 clr_optimization_v4.0.30319_64 - ok
18:22:28.0134 3696 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:22:28.0150 3696 CmBatt - ok
18:22:28.0150 3696 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:22:28.0165 3696 cmdide - ok
18:22:28.0197 3696 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
18:22:28.0212 3696 CNG - ok
18:22:28.0243 3696 CnxtHdAudService (d3c4f72e8f8dc523b02a0c313ceeea99) C:\Windows\system32\drivers\CHDRT64.sys
18:22:28.0259 3696 CnxtHdAudService - ok
18:22:28.0275 3696 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:22:28.0275 3696 Compbatt - ok
18:22:28.0290 3696 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:22:28.0306 3696 CompositeBus - ok
18:22:28.0306 3696 COMSysApp - ok
18:22:28.0306 3696 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
18:22:28.0321 3696 crcdisk - ok
18:22:28.0337 3696 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:22:28.0353 3696 CryptSvc - ok
18:22:28.0384 3696 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:22:28.0431 3696 DcomLaunch - ok
18:22:28.0446 3696 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:22:28.0477 3696 defragsvc - ok
18:22:28.0493 3696 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:22:28.0524 3696 DfsC - ok
18:22:28.0540 3696 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:22:28.0571 3696 Dhcp - ok
18:22:28.0587 3696 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:22:28.0618 3696 discache - ok
18:22:28.0618 3696 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
18:22:28.0633 3696 Disk - ok
18:22:28.0649 3696 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:22:28.0665 3696 Dnscache - ok
18:22:28.0680 3696 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:22:28.0711 3696 dot3svc - ok
18:22:28.0727 3696 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:22:28.0743 3696 Dot4 - ok
18:22:28.0743 3696 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:22:28.0758 3696 Dot4Print - ok
18:22:28.0758 3696 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:22:28.0789 3696 dot4usb - ok
18:22:28.0805 3696 DozeSvc (277247b79da2230d0c3aeb83e6cd8ca7) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
18:22:28.0821 3696 DozeSvc - ok
18:22:28.0836 3696 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:22:28.0867 3696 DPS - ok
18:22:28.0867 3696 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:22:28.0883 3696 drmkaud - ok
18:22:28.0899 3696 dtsvc (e12ea64f18947ad7b6160dbc45995f84) C:\Windows\system32\DTS.exe
18:22:28.0899 3696 dtsvc ( UnsignedFile.Multi.Generic ) - warning
18:22:28.0899 3696 dtsvc - detected UnsignedFile.Multi.Generic (1)
18:22:28.0945 3696 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:22:28.0977 3696 DXGKrnl - ok
18:22:28.0977 3696 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
18:22:28.0992 3696 DzHDD64 - ok
18:22:29.0008 3696 e1yexpress (11d0eca73ab25135f65656b93adbcb3d) C:\Windows\system32\DRIVERS\e1y62x64.sys
18:22:29.0023 3696 e1yexpress - ok
18:22:29.0039 3696 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:22:29.0070 3696 EapHost - ok
18:22:29.0179 3696 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
18:22:29.0226 3696 ebdrv - ok
18:22:29.0257 3696 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:22:29.0273 3696 EFS - ok
18:22:29.0304 3696 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:22:29.0320 3696 ehRecvr - ok
18:22:29.0335 3696 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:22:29.0351 3696 ehSched - ok
18:22:29.0382 3696 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
18:22:29.0398 3696 elxstor - ok
18:22:29.0398 3696 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:22:29.0413 3696 ErrDev - ok
18:22:29.0445 3696 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:22:29.0491 3696 EventSystem - ok
18:22:29.0538 3696 EvtEng (532b8ff8e07f3772b086620377654f95) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
18:22:29.0569 3696 EvtEng - ok
18:22:29.0616 3696 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:22:29.0663 3696 exfat - ok
18:22:29.0679 3696 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:22:29.0710 3696 fastfat - ok
18:22:29.0741 3696 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:22:29.0757 3696 Fax - ok
18:22:29.0772 3696 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
18:22:29.0788 3696 fdc - ok
18:22:29.0788 3696 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:22:29.0819 3696 fdPHost - ok
18:22:29.0819 3696 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:22:29.0866 3696 FDResPub - ok
18:22:29.0866 3696 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:22:29.0881 3696 FileInfo - ok
18:22:29.0881 3696 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:22:29.0913 3696 Filetrace - ok
18:22:29.0975 3696 FLEXnet Licensing Service 64 (64ab6f28047744b9b19c97459c2ab31b) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
18:22:30.0006 3696 FLEXnet Licensing Service 64 - ok
18:22:30.0037 3696 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
18:22:30.0053 3696 flpydisk - ok
18:22:30.0069 3696 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:22:30.0084 3696 FltMgr - ok
18:22:30.0131 3696 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:22:30.0162 3696 FontCache - ok
18:22:30.0162 3696 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:22:30.0178 3696 FontCache3.0.0.0 - ok
18:22:30.0178 3696 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:22:30.0193 3696 FsDepends - ok
18:22:30.0193 3696 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:30.0209 3696 Fs_Rec - ok
18:22:30.0225 3696 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:22:30.0240 3696 fvevol - ok
18:22:30.0256 3696 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
18:22:30.0271 3696 gagp30kx - ok
18:22:30.0303 3696 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:22:30.0334 3696 gpsvc - ok
18:22:30.0349 3696 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:22:30.0365 3696 hcw85cir - ok
18:22:30.0381 3696 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:22:30.0396 3696 HdAudAddService - ok
18:22:30.0412 3696 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:22:30.0427 3696 HDAudBus - ok
18:22:30.0427 3696 HECIx64 (15c9789470b8855ac2f54fdf96802d13) C:\Windows\system32\DRIVERS\HECIx64.sys
18:22:30.0443 3696 HECIx64 - ok
18:22:30.0443 3696 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
18:22:30.0459 3696 HidBatt - ok
18:22:30.0459 3696 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
18:22:30.0474 3696 HidBth - ok
18:22:30.0490 3696 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
18:22:30.0505 3696 HidIr - ok
18:22:30.0505 3696 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:22:30.0537 3696 hidserv - ok
18:22:30.0552 3696 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:30.0552 3696 HidUsb - ok
18:22:30.0568 3696 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:22:30.0599 3696 hkmsvc - ok
18:22:30.0615 3696 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:22:30.0630 3696 HomeGroupListener - ok
18:22:30.0646 3696 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:22:30.0661 3696 HomeGroupProvider - ok
18:22:30.0677 3696 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:22:30.0693 3696 hpqcxs08 - ok
18:22:30.0693 3696 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:22:30.0708 3696 hpqddsvc - ok
18:22:30.0724 3696 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:22:30.0724 3696 HpSAMD - ok
18:22:30.0771 3696 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:22:30.0786 3696 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
18:22:30.0786 3696 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
18:22:30.0849 3696 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll
18:22:30.0864 3696 HsfXAudioService - ok
18:22:30.0958 3696 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys
18:22:30.0973 3696 HSF_DPV - ok
18:22:31.0036 3696 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:22:31.0067 3696 HTTP - ok
18:22:31.0083 3696 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:22:31.0083 3696 hwpolicy - ok
18:22:31.0098 3696 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
18:22:31.0114 3696 i8042prt - ok
18:22:31.0129 3696 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:22:31.0145 3696 iaStorV - ok
18:22:31.0161 3696 IBMPMDRV (2151176db657aeff9b873d23380c3f5b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
18:22:31.0161 3696 IBMPMDRV - ok
18:22:31.0176 3696 IBMPMSVC (c76a67aed080538d420550c903696788) C:\Windows\system32\ibmpmsvc.exe
18:22:31.0176 3696 IBMPMSVC - ok
18:22:31.0192 3696 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:22:31.0192 3696 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:22:31.0192 3696 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:22:31.0239 3696 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:22:31.0254 3696 idsvc - ok
18:22:31.0582 3696 igfx (4eaa4261e1ad4b860657cada790b9b38) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:22:31.0707 3696 igfx - ok
18:22:31.0753 3696 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
18:22:31.0753 3696 iirsp - ok
18:22:31.0800 3696 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:22:31.0847 3696 IKEEXT - ok
18:22:31.0847 3696 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:22:31.0863 3696 intelide - ok
18:22:32.0206 3696 intelkmd (4eaa4261e1ad4b860657cada790b9b38) C:\Windows\system32\DRIVERS\igdpmd64.sys
18:22:32.0315 3696 intelkmd - ok
18:22:32.0362 3696 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:32.0377 3696 intelppm - ok
18:22:32.0393 3696 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:22:32.0424 3696 IPBusEnum - ok
18:22:32.0424 3696 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:32.0471 3696 IpFilterDriver - ok
18:22:32.0502 3696 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:22:32.0533 3696 iphlpsvc - ok
18:22:32.0549 3696 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:22:32.0565 3696 IPMIDRV - ok
18:22:32.0565 3696 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:22:32.0611 3696 IPNAT - ok
18:22:32.0611 3696 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:22:32.0627 3696 IRENUM - ok
18:22:32.0627 3696 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:22:32.0643 3696 isapnp - ok
18:22:32.0658 3696 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:22:32.0674 3696 iScsiPrt - ok
18:22:32.0689 3696 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:22:32.0689 3696 kbdclass - ok
18:22:32.0705 3696 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:22:32.0721 3696 kbdhid - ok
18:22:32.0721 3696 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:22:32.0736 3696 KeyIso - ok
18:22:32.0736 3696 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
18:22:32.0752 3696 KSecDD - ok
18:22:32.0767 3696 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
18:22:32.0783 3696 KSecPkg - ok
18:22:32.0783 3696 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:22:32.0814 3696 ksthunk - ok
18:22:32.0845 3696 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:22:32.0877 3696 KtmRm - ok
18:22:32.0892 3696 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:22:32.0923 3696 LanmanServer - ok
18:22:32.0939 3696 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:22:32.0970 3696 LanmanWorkstation - ok
18:22:32.0986 3696 LENOVO.CAMMUTE (a4973df3264791952d6d7ab56565dd55) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
18:22:32.0986 3696 LENOVO.CAMMUTE - ok
18:22:33.0001 3696 LENOVO.MICMUTE (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
18:22:33.0001 3696 LENOVO.MICMUTE - ok
18:22:33.0017 3696 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
18:22:33.0017 3696 lenovo.smi - ok
18:22:33.0033 3696 LENOVO.TPKNRSVC (05d72de005be625ce60ce3be4fab9714) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
18:22:33.0033 3696 LENOVO.TPKNRSVC - ok
18:22:33.0048 3696 Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
18:22:33.0064 3696 Lenovo.VIRTSCRLSVC - ok
18:22:33.0064 3696 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:33.0095 3696 lltdio - ok
18:22:33.0111 3696 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:22:33.0157 3696 lltdsvc - ok
18:22:33.0157 3696 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:22:33.0189 3696 lmhosts - ok
18:22:33.0204 3696 LMS (7f697d6eb3e47fbc7757229daee406b4) C:\Program Files (x86)\Intel\AMT\LMS.exe
18:22:33.0220 3696 LMS - ok
18:22:33.0235 3696 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
18:22:33.0235 3696 LSI_FC - ok
18:22:33.0251 3696 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
18:22:33.0267 3696 LSI_SAS - ok
18:22:33.0267 3696 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
18:22:33.0282 3696 LSI_SAS2 - ok
18:22:33.0298 3696 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
18:22:33.0313 3696 LSI_SCSI - ok
18:22:33.0313 3696 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:22:33.0360 3696 luafv - ok
18:22:33.0376 3696 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
18:22:33.0391 3696 MBAMProtector - ok
18:22:33.0423 3696 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:22:33.0438 3696 MBAMService - ok
18:22:33.0454 3696 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:22:33.0469 3696 Mcx2Svc - ok
18:22:33.0469 3696 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:22:33.0485 3696 mdmxsdk - ok
18:22:33.0485 3696 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
18:22:33.0501 3696 megasas - ok
18:22:33.0516 3696 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
18:22:33.0532 3696 MegaSR - ok
18:22:33.0563 3696 mitsijm2013 (551a5e070f5df69a64463852e93009dd) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
18:22:33.0579 3696 mitsijm2013 - ok
18:22:33.0579 3696 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:22:33.0610 3696 MMCSS - ok
18:22:33.0625 3696 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:22:33.0657 3696 Modem - ok
18:22:33.0657 3696 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:22:33.0672 3696 monitor - ok
18:22:33.0688 3696 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:22:33.0688 3696 mouclass - ok
18:22:33.0703 3696 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:33.0719 3696 mouhid - ok
18:22:33.0719 3696 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:22:33.0735 3696 mountmgr - ok
18:22:33.0750 3696 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:22:33.0750 3696 MozillaMaintenance - ok
18:22:33.0766 3696 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:22:33.0781 3696 mpio - ok
18:22:33.0781 3696 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:22:33.0828 3696 mpsdrv - ok
18:22:33.0859 3696 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:22:33.0906 3696 MpsSvc - ok
18:22:33.0922 3696 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:22:33.0937 3696 MRxDAV - ok
18:22:33.0953 3696 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:33.0953 3696 mrxsmb - ok
18:22:33.0984 3696 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:34.0000 3696 mrxsmb10 - ok
18:22:34.0000 3696 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:34.0015 3696 mrxsmb20 - ok
18:22:34.0015 3696 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:22:34.0031 3696 msahci - ok
18:22:34.0047 3696 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:22:34.0062 3696 msdsm - ok
18:22:34.0062 3696 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:22:34.0078 3696 MSDTC - ok
18:22:34.0093 3696 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:22:34.0125 3696 Msfs - ok
18:22:34.0125 3696 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:22:34.0171 3696 mshidkmdf - ok
18:22:34.0171 3696 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:22:34.0187 3696 msisadrv - ok
18:22:34.0187 3696 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:22:34.0234 3696 MSiSCSI - ok
18:22:34.0234 3696 msiserver - ok
18:22:34.0234 3696 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:34.0281 3696 MSKSSRV - ok
18:22:34.0281 3696 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:34.0312 3696 MSPCLOCK - ok
18:22:34.0327 3696 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:22:34.0359 3696 MSPQM - ok
18:22:34.0374 3696 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:22:34.0390 3696 MsRPC - ok
18:22:34.0405 3696 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
18:22:34.0421 3696 mssmbios - ok
18:22:34.0421 3696 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:22:34.0452 3696 MSTEE - ok
18:22:34.0452 3696 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
18:22:34.0468 3696 MTConfig - ok
18:22:34.0483 3696 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:22:34.0483 3696 Mup - ok
18:22:34.0515 3696 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:22:34.0561 3696 napagent - ok
18:22:34.0577 3696 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:34.0593 3696 NativeWifiP - ok
18:22:34.0639 3696 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
18:22:34.0655 3696 NDIS - ok
18:22:34.0671 3696 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:22:34.0702 3696 NdisCap - ok
18:22:34.0702 3696 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:34.0749 3696 NdisTapi - ok
18:22:34.0749 3696 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:34.0780 3696 Ndisuio - ok
18:22:34.0795 3696 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:34.0827 3696 NdisWan - ok
18:22:34.0827 3696 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:22:34.0873 3696 NDProxy - ok
18:22:34.0873 3696 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
18:22:34.0873 3696 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:22:34.0873 3696 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:22:34.0889 3696 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:22:34.0920 3696 NetBIOS - ok
18:22:34.0936 3696 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:22:34.0967 3696 NetBT - ok
18:22:34.0983 3696 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:22:34.0983 3696 Netlogon - ok
18:22:35.0014 3696 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:22:35.0045 3696 Netman - ok
18:22:35.0061 3696 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:22:35.0076 3696 NetMsmqActivator - ok
18:22:35.0076 3696 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:22:35.0092 3696 NetPipeActivator - ok
18:22:35.0123 3696 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:22:35.0154 3696 netprofm - ok
18:22:35.0154 3696 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:22:35.0170 3696 NetTcpActivator - ok
18:22:35.0170 3696 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:22:35.0185 3696 NetTcpPortSharing - ok
18:22:35.0201 3696 NETw5s64 - ok
18:22:35.0373 3696 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:22:35.0435 3696 netw5v64 - ok
18:22:35.0763 3696 NETwNs64 (774c9eccef83ab8a3d1466f19809c95f) C:\Windows\system32\DRIVERS\NETwNs64.sys
18:22:35.0856 3696 NETwNs64 - ok
18:22:35.0903 3696 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
18:22:35.0919 3696 nfrd960 - ok
18:22:35.0934 3696 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:22:35.0981 3696 NlaSvc - ok
18:22:35.0981 3696 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:22:36.0012 3696 Npfs - ok
18:22:36.0012 3696 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:22:36.0059 3696 nsi - ok
18:22:36.0059 3696 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:22:36.0090 3696 nsiproxy - ok
18:22:36.0153 3696 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:22:36.0184 3696 Ntfs - ok
18:22:36.0215 3696 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:22:36.0246 3696 Null - ok
18:22:36.0262 3696 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:22:36.0262 3696 nusb3hub - ok
18:22:36.0277 3696 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:22:36.0293 3696 nusb3xhc - ok
18:22:36.0309 3696 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:22:36.0309 3696 nvraid - ok
18:22:36.0324 3696 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:22:36.0340 3696 nvstor - ok
18:22:36.0355 3696 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:22:36.0371 3696 nv_agp - ok
18:22:36.0402 3696 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:22:36.0418 3696 odserv - ok
18:22:36.0418 3696 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:22:36.0433 3696 ohci1394 - ok
18:22:36.0449 3696 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:22:36.0449 3696 ose - ok
18:22:36.0480 3696 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:22:36.0496 3696 p2pimsvc - ok
18:22:36.0511 3696 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:22:36.0527 3696 p2psvc - ok
18:22:36.0543 3696 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:22:36.0558 3696 Parport - ok
18:22:36.0558 3696 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:22:36.0574 3696 partmgr - ok
18:22:36.0589 3696 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:22:36.0605 3696 PcaSvc - ok
18:22:36.0621 3696 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:22:36.0636 3696 pci - ok
18:22:36.0636 3696 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:22:36.0652 3696 pciide - ok
18:22:36.0667 3696 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:22:36.0683 3696 pcmcia - ok
18:22:36.0683 3696 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:22:36.0699 3696 pcw - ok
18:22:36.0730 3696 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:22:36.0777 3696 PEAUTH - ok
18:22:36.0808 3696 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:22:36.0823 3696 PerfHost - ok
18:22:36.0886 3696 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:22:36.0933 3696 pla - ok
18:22:36.0948 3696 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:22:36.0979 3696 PlugPlay - ok
18:22:36.0979 3696 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
18:22:36.0995 3696 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
18:22:36.0995 3696 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
18:22:36.0995 3696 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:22:37.0011 3696 PNRPAutoReg - ok
18:22:37.0026 3696 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:22:37.0042 3696 PNRPsvc - ok
18:22:37.0073 3696 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:22:37.0104 3696 PolicyAgent - ok
18:22:37.0120 3696 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:22:37.0151 3696 Power - ok
18:22:37.0167 3696 Power Manager DBC Service (6f51482adced13cebfe0f1054f2116f2) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
18:22:37.0182 3696 Power Manager DBC Service - ok
18:22:37.0182 3696 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:37.0229 3696 PptpMiniport - ok
18:22:37.0229 3696 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
18:22:37.0245 3696 Processor - ok
18:22:37.0260 3696 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
18:22:37.0276 3696 ProfSvc - ok
18:22:37.0276 3696 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:22:37.0291 3696 ProtectedStorage - ok
18:22:37.0291 3696 psadd (c2c5f5d150605fd14fa2abde88db2020) C:\Windows\system32\DRIVERS\psadd.sys
18:22:37.0307 3696 psadd - ok
18:22:37.0323 3696 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:22:37.0354 3696 Psched - ok
18:22:37.0369 3696 PwmEWSvc (af8b60d65f8b39c4fac6be8641923f37) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
18:22:37.0369 3696 PwmEWSvc - ok
18:22:37.0432 3696 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
18:22:37.0463 3696 ql2300 - ok
18:22:37.0510 3696 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
18:22:37.0525 3696 ql40xx - ok
18:22:37.0541 3696 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:22:37.0557 3696 QWAVE - ok
18:22:37.0557 3696 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:22:37.0572 3696 QWAVEdrv - ok
18:22:37.0588 3696 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:37.0619 3696 RasAcd - ok
18:22:37.0619 3696 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:22:37.0650 3696 RasAgileVpn - ok
18:22:37.0666 3696 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:22:37.0697 3696 RasAuto - ok
18:22:37.0713 3696 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:37.0744 3696 Rasl2tp - ok
18:22:37.0759 3696 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:22:37.0806 3696 RasMan - ok
18:22:37.0806 3696 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:37.0853 3696 RasPppoe - ok
18:22:37.0853 3696 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:37.0884 3696 RasSstp - ok
18:22:37.0900 3696 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:37.0947 3696 rdbss - ok
18:22:37.0947 3696 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
18:22:37.0962 3696 rdpbus - ok
18:22:37.0962 3696 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:37.0993 3696 RDPCDD - ok
18:22:38.0009 3696 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:22:38.0040 3696 RDPENCDD - ok
18:22:38.0040 3696 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:22:38.0087 3696 RDPREFMP - ok
18:22:38.0087 3696 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:22:38.0103 3696 RDPWD - ok
18:22:38.0118 3696 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:22:38.0134 3696 rdyboost - ok
18:22:38.0181 3696 RegSrvc (7196be857e29007470ff9b689c7f29a7) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
18:22:38.0196 3696 RegSrvc - ok
18:22:38.0212 3696 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:22:38.0243 3696 RemoteAccess - ok
18:22:38.0259 3696 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:22:38.0290 3696 RemoteRegistry - ok
18:22:38.0305 3696 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
18:22:38.0321 3696 RFCOMM - ok
18:22:38.0321 3696 rimmptsk (f45d6e12eb99a668f52201637c67c8f5) C:\Windows\system32\DRIVERS\rimmpx64.sys
18:22:38.0337 3696 rimmptsk - ok
18:22:38.0352 3696 rimsptsk (eac02ed935a9c1f2ddd8d985c465b854) C:\Windows\system32\DRIVERS\rimspx64.sys
18:22:38.0352 3696 rimsptsk - ok
18:22:38.0368 3696 rismxdp (931a8f843b4120df527c3684daf77fd9) C:\Windows\system32\DRIVERS\rixdpx64.sys
18:22:38.0368 3696 rismxdp - ok
18:22:38.0383 3696 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:22:38.0415 3696 RpcEptMapper - ok
18:22:38.0430 3696 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:22:38.0430 3696 RpcLocator - ok
18:22:38.0461 3696 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:22:38.0508 3696 RpcSs - ok
18:22:38.0508 3696 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:38.0539 3696 rspndr - ok
18:22:38.0555 3696 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:22:38.0571 3696 SamSs - ok
18:22:38.0571 3696 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:22:38.0586 3696 sbp2port - ok
18:22:38.0602 3696 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:22:38.0633 3696 SCardSvr - ok
18:22:38.0649 3696 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:22:38.0680 3696 scfilter - ok
18:22:38.0727 3696 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:22:38.0773 3696 Schedule - ok
18:22:38.0773 3696 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:22:38.0805 3696 SCPolicySvc - ok
18:22:38.0820 3696 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
18:22:38.0836 3696 sdbus - ok
18:22:38.0851 3696 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:22:38.0867 3696 SDRSVC - ok
18:22:38.0867 3696 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:22:38.0898 3696 secdrv - ok
18:22:38.0898 3696 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:22:38.0929 3696 seclogon - ok
18:22:38.0945 3696 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:22:38.0976 3696 SENS - ok
18:22:38.0976 3696 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:22:38.0992 3696 SensrSvc - ok
18:22:39.0007 3696 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:22:39.0023 3696 Serenum - ok
18:22:39.0023 3696 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:22:39.0039 3696 Serial - ok
18:22:39.0039 3696 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
18:22:39.0054 3696 sermouse - ok
18:22:39.0070 3696 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:22:39.0101 3696 SessionEnv - ok
18:22:39.0117 3696 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
18:22:39.0132 3696 sffdisk - ok
18:22:39.0132 3696 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:22:39.0148 3696 sffp_mmc - ok
18:22:39.0148 3696 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:22:39.0163 3696 sffp_sd - ok
18:22:39.0179 3696 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
18:22:39.0195 3696 sfloppy - ok
18:22:39.0210 3696 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:22:39.0241 3696 SharedAccess - ok
18:22:39.0273 3696 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:22:39.0304 3696 ShellHWDetection - ok
18:22:39.0319 3696 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
18:22:39.0335 3696 Shockprf - ok
18:22:39.0335 3696 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
18:22:39.0351 3696 SiSRaid2 - ok
18:22:39.0351 3696 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
18:22:39.0366 3696 SiSRaid4 - ok
18:22:39.0382 3696 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:22:39.0397 3696 SkypeUpdate - ok
18:22:39.0397 3696 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:22:39.0444 3696 Smb - ok
18:22:39.0444 3696 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:22:39.0460 3696 SNMPTRAP - ok
18:22:39.0475 3696 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:22:39.0475 3696 spldr - ok
18:22:39.0507 3696 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:22:39.0553 3696 Spooler - ok
18:22:39.0663 3696 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:22:39.0725 3696 sppsvc - ok
18:22:39.0772 3696 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:22:39.0803 3696 sppuinotify - ok
18:22:39.0834 3696 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:22:39.0850 3696 srv - ok
18:22:39.0865 3696 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:22:39.0881 3696 srv2 - ok
18:22:39.0912 3696 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:22:39.0928 3696 SrvHsfHDA - ok
18:22:39.0975 3696 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:22:40.0006 3696 SrvHsfV92 - ok
18:22:40.0053 3696 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:22:40.0084 3696 SrvHsfWinac - ok
18:22:40.0099 3696 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:22:40.0099 3696 srvnet - ok
18:22:40.0115 3696 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:22:40.0162 3696 SSDPSRV - ok
18:22:40.0162 3696 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:22:40.0209 3696 SstpSvc - ok
18:22:40.0240 3696 StarMoney 8.0 OnlineUpdate (7e784dc5c7ce2c6f3c392ad320f5f2c0) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
18:22:40.0255 3696 StarMoney 8.0 OnlineUpdate - ok
18:22:40.0255 3696 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
18:22:40.0271 3696 stexstor - ok
18:22:40.0302 3696 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:22:40.0333 3696 stisvc - ok
18:22:40.0333 3696 SUService (6ea2f517373771cac5188e82617c9c0b) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
18:22:40.0333 3696 SUService ( UnsignedFile.Multi.Generic ) - warning
18:22:40.0333 3696 SUService - detected UnsignedFile.Multi.Generic (1)
18:22:40.0349 3696 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
18:22:40.0365 3696 swenum - ok
18:22:40.0380 3696 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:22:40.0427 3696 swprv - ok
18:22:40.0443 3696 SynTP (4965deb8264564ea55658277cc10b2f2) C:\Windows\system32\DRIVERS\SynTP.sys
18:22:40.0458 3696 SynTP - ok
18:22:40.0536 3696 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:22:40.0567 3696 SysMain - ok
18:22:40.0599 3696 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:22:40.0630 3696 TabletInputService - ok
18:22:40.0645 3696 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:22:40.0677 3696 TapiSrv - ok
18:22:40.0692 3696 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:22:40.0723 3696 TBS - ok
18:22:40.0801 3696 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:22:40.0833 3696 Tcpip - ok
18:22:40.0911 3696 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:22:40.0957 3696 TCPIP6 - ok
18:22:40.0973 3696 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:22:41.0020 3696 tcpipreg - ok
18:22:41.0020 3696 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:22:41.0035 3696 TDPIPE - ok
18:22:41.0035 3696 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:22:41.0051 3696 TDTCP - ok
18:22:41.0067 3696 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:22:41.0098 3696 tdx - ok
18:22:41.0098 3696 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
18:22:41.0113 3696 TermDD - ok
18:22:41.0145 3696 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:22:41.0191 3696 TermService - ok
18:22:41.0191 3696 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:22:41.0223 3696 Themes - ok
18:22:41.0223 3696 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:22:41.0254 3696 THREADORDER - ok
18:22:41.0269 3696 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
18:22:41.0269 3696 TPDIGIMN - ok
18:22:41.0285 3696 TPHDEXLGSVC (88f81d810ff16ac65b02643daf308d4f) C:\Windows\system32\TPHDEXLG64.exe
18:22:41.0285 3696 TPHDEXLGSVC - ok
18:22:41.0301 3696 TPHKLOAD (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
18:22:41.0316 3696 TPHKLOAD - ok
18:22:41.0316 3696 TPHKSVC (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
18:22:41.0332 3696 TPHKSVC - ok
18:22:41.0332 3696 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
18:22:41.0347 3696 TPM - ok
18:22:41.0363 3696 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
18:22:41.0363 3696 TPPWRIF - ok
18:22:41.0379 3696 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:22:41.0410 3696 TrkWks - ok
18:22:41.0425 3696 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:22:41.0457 3696 TrustedInstaller - ok
18:22:41.0472 3696 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:41.0503 3696 tssecsrv - ok
18:22:41.0503 3696 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:22:41.0519 3696 TsUsbFlt - ok
18:22:41.0519 3696 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
18:22:41.0535 3696 TsUsbGD - ok
18:22:41.0550 3696 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:41.0581 3696 tunnel - ok
18:22:41.0597 3696 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
18:22:41.0597 3696 uagp35 - ok
18:22:41.0628 3696 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:22:41.0659 3696 udfs - ok
18:22:41.0675 3696 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:22:41.0691 3696 UI0Detect - ok
18:22:41.0691 3696 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:22:41.0706 3696 uliagpkx - ok
18:22:41.0706 3696 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
18:22:41.0722 3696 umbus - ok
18:22:41.0722 3696 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
18:22:41.0737 3696 UmPass - ok
18:22:41.0815 3696 UNS (86deac5ced845d55c63b125e0908685e) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
18:22:41.0862 3696 UNS - ok
18:22:41.0909 3696 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:22:41.0940 3696 upnphost - ok
18:22:41.0956 3696 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:22:41.0971 3696 usbaudio - ok
18:22:41.0987 3696 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:42.0003 3696 usbccgp - ok
18:22:42.0003 3696 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:22:42.0018 3696 usbcir - ok
18:22:42.0034 3696 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:42.0034 3696 usbehci - ok
18:22:42.0065 3696 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:42.0081 3696 usbhub - ok
18:22:42.0081 3696 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
18:22:42.0096 3696 usbohci - ok
18:22:42.0096 3696 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:42.0112 3696 usbprint - ok
18:22:42.0127 3696 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:22:42.0143 3696 usbscan - ok
18:22:42.0143 3696 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:42.0159 3696 USBSTOR - ok
18:22:42.0159 3696 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
18:22:42.0174 3696 usbuhci - ok
18:22:42.0190 3696 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:22:42.0205 3696 usbvideo - ok
18:22:42.0221 3696 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:22:42.0252 3696 UxSms - ok
18:22:42.0268 3696 V0540Dev (8242985b0eb906c921075a8635069860) C:\Windows\system32\DRIVERS\V0540Vid.sys
18:22:42.0283 3696 V0540Dev - ok
18:22:42.0299 3696 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:22:42.0315 3696 VaultSvc - ok
18:22:42.0315 3696 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:22:42.0330 3696 vdrvroot - ok
18:22:42.0361 3696 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:22:42.0393 3696 vds - ok
18:22:42.0408 3696 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:42.0424 3696 vga - ok
18:22:42.0424 3696 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:22:42.0455 3696 VgaSave - ok
18:22:42.0471 3696 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:22:42.0486 3696 vhdmp - ok
18:22:42.0486 3696 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:22:42.0502 3696 viaide - ok
18:22:42.0517 3696 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:22:42.0533 3696 volmgr - ok
18:22:42.0549 3696 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:22:42.0564 3696 volmgrx - ok
18:22:42.0580 3696 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:22:42.0595 3696 volsnap - ok
18:22:42.0611 3696 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
18:22:42.0627 3696 vsmraid - ok
18:22:42.0689 3696 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:22:42.0736 3696 VSS - ok
18:22:42.0783 3696 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
18:22:42.0798 3696 vToolbarUpdater11.1.0 - ok
18:22:42.0829 3696 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:22:42.0845 3696 vwifibus - ok
18:22:42.0861 3696 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:22:42.0876 3696 vwififlt - ok
18:22:42.0907 3696 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:22:42.0939 3696 W32Time - ok
18:22:42.0954 3696 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
18:22:42.0954 3696 WacomPen - ok
18:22:42.0970 3696 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:43.0001 3696 WANARP - ok
18:22:43.0001 3696 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:43.0032 3696 Wanarpv6 - ok
18:22:43.0095 3696 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:22:43.0126 3696 wbengine - ok
18:22:43.0157 3696 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:22:43.0173 3696 WbioSrvc - ok
18:22:43.0204 3696 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:22:43.0219 3696 wcncsvc - ok
18:22:43.0219 3696 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:22:43.0235 3696 WcsPlugInService - ok
18:22:43.0251 3696 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
18:22:43.0266 3696 Wd - ok
18:22:43.0297 3696 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:22:43.0313 3696 Wdf01000 - ok
18:22:43.0329 3696 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:22:43.0344 3696 WdiServiceHost - ok
18:22:43.0344 3696 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:22:43.0360 3696 WdiSystemHost - ok
18:22:43.0375 3696 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:22:43.0407 3696 WebClient - ok
18:22:43.0422 3696 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:22:43.0453 3696 Wecsvc - ok
18:22:43.0469 3696 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:22:43.0500 3696 wercplsupport - ok
18:22:43.0500 3696 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:22:43.0547 3696 WerSvc - ok
18:22:43.0547 3696 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:43.0594 3696 WfpLwf - ok
18:22:43.0594 3696 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:22:43.0609 3696 WIMMount - ok
18:22:43.0641 3696 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
18:22:43.0656 3696 winachsf - ok
18:22:43.0656 3696 WinDefend - ok
18:22:43.0672 3696 WinHttpAutoProxySvc - ok
18:22:43.0687 3696 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:22:43.0719 3696 Winmgmt - ok
18:22:43.0797 3696 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:22:43.0859 3696 WinRM - ok
18:22:43.0906 3696 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:22:43.0921 3696 WinUsb - ok
18:22:43.0953 3696 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:22:43.0984 3696 Wlansvc - ok
18:22:44.0062 3696 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:22:44.0109 3696 wlidsvc - ok
18:22:44.0140 3696 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:22:44.0155 3696 WmiAcpi - ok
18:22:44.0187 3696 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:22:44.0202 3696 wmiApSrv - ok
18:22:44.0202 3696 WMPNetworkSvc - ok
18:22:44.0202 3696 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:22:44.0218 3696 WPCSvc - ok
18:22:44.0233 3696 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:22:44.0249 3696 WPDBusEnum - ok
18:22:44.0249 3696 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:44.0280 3696 ws2ifsl - ok
18:22:44.0296 3696 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:22:44.0311 3696 wscsvc - ok
18:22:44.0311 3696 WSearch - ok
18:22:44.0436 3696 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:22:44.0483 3696 wuauserv - ok
18:22:44.0514 3696 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:22:44.0561 3696 WudfPf - ok
18:22:44.0561 3696 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:44.0608 3696 WUDFRd - ok
18:22:44.0608 3696 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:22:44.0639 3696 wudfsvc - ok
18:22:44.0655 3696 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:22:44.0686 3696 WwanSvc - ok
18:22:44.0686 3696 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
18:22:44.0701 3696 XAudio - ok
18:22:44.0717 3696 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:22:44.0811 3696 \Device\Harddisk0\DR0 - ok
18:22:44.0967 3696 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:22:45.0060 3696 \Device\Harddisk1\DR1 - ok
18:22:45.0060 3696 Boot (0x1200) (597bb31c77d7d721e85a884f8aa87491) \Device\Harddisk0\DR0\Partition0
18:22:45.0060 3696 \Device\Harddisk0\DR0\Partition0 - ok
18:22:45.0060 3696 Boot (0x1200) (d71d2d03c88d339910f523d9a844f955) \Device\Harddisk0\DR0\Partition1
18:22:45.0060 3696 \Device\Harddisk0\DR0\Partition1 - ok
18:22:45.0060 3696 Boot (0x1200) (b8c8226835c26d58f633b829afa667b7) \Device\Harddisk1\DR1\Partition0
18:22:45.0076 3696 \Device\Harddisk1\DR1\Partition0 - ok
18:22:45.0076 3696 ============================================================
18:22:45.0076 3696 Scan finished
18:22:45.0076 3696 ============================================================
18:22:45.0076 5864 Detected object count: 7
18:22:45.0076 5864 Actual detected object count: 7
18:22:47.0806 5864 ADMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:47.0806 5864 ADMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:47.0806 5864 dtsvc ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:47.0806 5864 dtsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:47.0806 5864 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:47.0806 5864 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:47.0806 5864 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:47.0806 5864 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:47.0806 5864 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:47.0806 5864 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:47.0806 5864 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:47.0806 5864 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:22:47.0806 5864 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
18:22:47.0806 5864 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Daniel |
|
05.07.2012, 09:39
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Google/Bing ... redirect Virus rocketnews Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
