| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Haufenweise Trojaner nach DownloadWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.07.2012, 23:35
| #1 |
| |  Haufenweise Trojaner nach Download Hallo! ich habe folgendes Problem. Ich wollte mir einen Strukturformel-Editor bei der vermeintlich sicheren Seite winload.de runterladen. Kurz nachdem ich das Setup dann gestartet hatte, kam von Antivir die erste Meldung, dass ein Virus gefunden wurde. Da dieses dann aber abgestürzt ist, habe ich den PC neu gestartet und gleich geguckt, was Antivir da gefunden hat. Es war eine Datei in Quarantäne, die ich dann gelöscht habe, ich weiß aber leider nicht mehr um was es sich gehandelt hat. Ich habe dann noch ein bisschen recherchiert, mir dann Malwarebytes runtergeladen und das System scannen lassen. Es wurden 7 Trojaner gefunden, die ich dann in Quarantäne gesetzt habe. Hier ist der Log dazu: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.29.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Lemi :: Lemi-LAPTOP [Administrator] Schutz: Aktiviert 29.07.2012 19:05:56 mbam-log-2012-07-29 (19-05-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 393207 Laufzeit: 2 Stunde(n), 26 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 6 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Ich habe mir dann noch SUPERAntiSpyware runtergeladen und das System gescannt, nun gibt der Report an, dass 186 vermeintlich schädliche Dateien gefunden wurden... Hier das Log dazu: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/30/2012 at 00:05 AM
Application Version : 5.5.1012
Core Rules Database Version : 8977
Trace Rules Database Version: 6789
Scan type : Complete Scan
Total Scan Time : 01:35:38
Operating System Information
Windows Vista Home Basic 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 1007
Memory threats detected : 0
Registry items scanned : 36789
Registry threats detected : 1
File items scanned : 70941
File threats detected : 185
Adware.PTech
HKU\S-1-5-21-2219204173-386704280-44168644-1003\Software\PTech
Adware.Tracking Cookie
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@2o7[2].txt [ /2o7 ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@ad.71i[1].txt [ /ad.71i ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@adserver.71i[1].txt [ /adserver.71i ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@advertising[2].txt [ /advertising ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@adx.chip[1].txt [ /adx.chip ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@ar.atwola[1].txt [ /ar.atwola ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@at.atwola[2].txt [ /at.atwola ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@atwola[1].txt [ /atwola ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@bluestreak[2].txt [ /bluestreak ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@content.yieldmanager[3].txt [ /content.yieldmanager ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@sevenoneintermedia.112.2o7[1].txt [ /sevenoneintermedia.112.2o7 ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@tacoda[2].txt [ /tacoda ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@tradedoubler[2].txt [ /tradedoubler ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@webmasterplan[1].txt [ /webmasterplan ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\lisa@zbox.zanox[2].txt [ /zbox.zanox ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\TQQB0H2E.txt [ /zanox.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\FWQA57UY.txt [ /c.atdmt.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\NRWAQR7S.txt [ /adform.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\K2BNVS05.txt [ /apmebf.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\Y8HWKD4X.txt [ /smartadserver.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\NYPN89C3.txt [ /ad2.adfarm1.adition.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\C1ECO81O.txt [ /zanox-affiliate.de ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\Y8TKLYLL.txt [ /track.adform.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\98V5F2U8.txt [ /imrworldwide.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\ZHC5BOL3.txt [ /mediaplex.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\C1PLN8L0.txt [ /ad4.adfarm1.adition.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\WTRJV5OL.txt [ /ad1.adfarm1.adition.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\517OJ5YC.txt [ /ads.creative-serving.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\IUUFG4E9.txt [ /yadro.ru ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\JGV4IO5U.txt [ /doubleclick.net ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\0SC27PCH.txt [ /adfarm1.adition.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\AIY6DH6S.txt [ /atdmt.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\MTZH3GJL.txt [ /ad.yieldmanager.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\MQM4G5ZB.txt [ /www.zanox-affiliate.de ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\FA5ZHXAN.txt [ /ad3.adfarm1.adition.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\8LJ259QT.txt [ /ad.zanox.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\2GIROAW4.txt [ /serving-sys.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\Q5PIKLTM.txt [ /ad.dyntracker.de ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\DYJLXR07.txt [ /fl01.ct2.comclick.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\7ZTUY8NQ.txt [ /dyntracker.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\8SYL3VA7.txt [ /tracking.quisma.com ]
C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Cookies\3KVHE3B5.txt [ /fastclick.net ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\lisa@admax.quisma[2].txt [ Cookie:lisa@admax.quisma.com/tracking/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\lisa@adsonar[2].txt [ Cookie:lisa@adsonar.com/adserving ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@ads.revsci[1].txt [ Cookie:lisa@ads.revsci.net/adserver ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@adopt.specificclick[2].txt [ Cookie:lisa@adopt.specificclick.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@indextools[2].txt [ Cookie:lisa@indextools.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@e-2dj6wfkyqhcpoeo.stats.esomniture[1].txt [ Cookie:lisa@e-2dj6wfkyqhcpoeo.stats.esomniture.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@brownshoe.112.2o7[1].txt [ Cookie:lisa@brownshoe.112.2o7.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@bluestreak[2].txt [ Cookie:lisa@bluestreak.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@www.netdebit-counter[1].txt [ Cookie:lisa@www.netdebit-counter.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\F57EE000.txt [ Cookie:lisa@ad2.adfarm1.adition.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@stats.fudder[2].txt [ Cookie:lisa@stats.fudder.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@zanox-affiliate[2].txt [ Cookie:lisa@zanox-affiliate.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@imrworldwide[2].txt [ Cookie:lisa@imrworldwide.com/cgi-bin ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@ehg-nokiafin.hitbox[2].txt [ Cookie:lisa@ehg-nokiafin.hitbox.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\I8H4P6O4.txt [ Cookie:lisa@mediaplex.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@ad.adnet[1].txt [ Cookie:lisa@ad.adnet.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@e-2dj6wjk4ekazihp.stats.esomniture[2].txt [ Cookie:lisa@e-2dj6wjk4ekazihp.stats.esomniture.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@bizrate[2].txt [ Cookie:lisa@bizrate.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@traffictrack[2].txt [ Cookie:lisa@traffictrack.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@data.coremetrics[1].txt [ Cookie:lisa@data.coremetrics.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@statse.webtrendslive[1].txt [ Cookie:lisa@statse.webtrendslive.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@hitbox[1].txt [ Cookie:lisa@hitbox.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0XO4TEY8.txt [ Cookie:lisa@harrenmedianetwork.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@im.banner.t-online[1].txt [ Cookie:lisa@im.banner.t-online.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@microsoftwga.112.2o7[1].txt [ Cookie:lisa@microsoftwga.112.2o7.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@e-2dj6wblokoajmep.stats.esomniture[2].txt [ Cookie:lisa@e-2dj6wblokoajmep.stats.esomniture.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@e-2dj6wbl4ckdpibp.stats.esomniture[2].txt [ Cookie:lisa@e-2dj6wbl4ckdpibp.stats.esomniture.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@e-2dj6wgkikmdjgbp.stats.esomniture[2].txt [ Cookie:lisa@e-2dj6wgkikmdjgbp.stats.esomniture.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@sevenoneintermedia.112.2o7[1].txt [ Cookie:lisa@sevenoneintermedia.112.2o7.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@files.youporn[2].txt [ Cookie:lisa@files.youporn.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@msnportal.112.2o7[1].txt [ Cookie:lisa@msnportal.112.2o7.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@tracking.11880[3].txt [ Cookie:lisa@tracking.11880.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@bs.serving-sys[2].txt [ Cookie:lisa@bs.serving-sys.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@www.etracker[1].txt [ Cookie:lisa@www.etracker.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@paypal.112.2o7[1].txt [ Cookie:lisa@paypal.112.2o7.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\RX621F4M.txt [ Cookie:lisa@doubleclick.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@youporn[3].txt [ Cookie:lisa@youporn.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@statcounter[2].txt [ Cookie:lisa@statcounter.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\C90D1ILE.txt [ Cookie:lisa@atdmt.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\O7ZPBHYS.txt [ Cookie:lisa@rambler.ru/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@www.zdf[3].txt [ Cookie:lisa@www.zdf.de/ZDFmediathek/content/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@burstnet[2].txt [ Cookie:lisa@burstnet.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@casalemedia[1].txt [ Cookie:lisa@casalemedia.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@www.zanox-affiliate[2].txt [ Cookie:lisa@www.zanox-affiliate.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\L9J795S3.txt [ Cookie:lisa@aim4media.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@www.googleadservices[3].txt [ Cookie:lisa@www.googleadservices.com/pagead/conversion/1062097449/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@realmedia[2].txt [ Cookie:lisa@realmedia.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@e-2dj6wjliakcpsdp.stats.esomniture[2].txt [ Cookie:lisa@e-2dj6wjliakcpsdp.stats.esomniture.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\0L92EWY0.txt [ Cookie:lisa@www.usenext.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@ad.adnet[2].txt [ Cookie:lisa@ad.adnet.biz/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@tracking.11880[1].txt [ Cookie:lisa@tracking.11880.com/dcsqakc9g6d7jfetlh9hx54bg_3e8c ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@cunda.122.2o7[1].txt [ Cookie:lisa@cunda.122.2o7.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@ehg-shoes.hitbox[1].txt [ Cookie:lisa@ehg-shoes.hitbox.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@2o7[2].txt [ Cookie:lisa@2o7.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@ads.quartermedia[1].txt [ Cookie:lisa@ads.quartermedia.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@serving-sys[2].txt [ Cookie:lisa@serving-sys.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\68J3R3R4.txt [ Cookie:lisa@ad.zanox.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@adserver.71i[1].txt [ Cookie:lisa@adserver.71i.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@www9.discount24[1].txt [ Cookie:lisa@www9.discount24.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@discount24werbung.quarterserver[1].txt [ Cookie:lisa@discount24werbung.quarterserver.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@tribalfusion[1].txt [ Cookie:lisa@tribalfusion.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\TEZAK6II.txt [ Cookie:lisa@zedo.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@webmasterplan[2].txt [ Cookie:lisa@webmasterplan.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@e-2dj6wjliskdjkhp.stats.esomniture[2].txt [ Cookie:lisa@e-2dj6wjliskdjkhp.stats.esomniture.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@questionmarket[1].txt [ Cookie:lisa@questionmarket.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@specificclick[2].txt [ Cookie:lisa@specificclick.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@media.adrevolver[1].txt [ Cookie:lisa@media.adrevolver.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@count.spring[2].txt [ Cookie:lisa@count.spring.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@overture[1].txt [ Cookie:lisa@overture.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\J1804DET.txt [ Cookie:lisa@banners.victor.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@youporn[2].txt [ Cookie:lisa@youporn.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8EN2THE0.txt [ Cookie:lisa@yadro.ru/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\9OVSSJBJ.txt [ Cookie:lisa@tradetracker.net/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@eas.apm.emediate[2].txt [ Cookie:lisa@eas.apm.emediate.eu/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@apm.emediate[1].txt [ Cookie:lisa@apm.emediate.eu/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@e-2dj6wjkocpazggo.stats.esomniture[2].txt [ Cookie:lisa@e-2dj6wjkocpazggo.stats.esomniture.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\PBJBLQO4.txt [ Cookie:lisa@adtech.de/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@de2.komtrack[2].txt [ Cookie:lisa@de2.komtrack.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@www.googleadservices[1].txt [ Cookie:lisa@www.googleadservices.com/pagead/conversion/1066838105/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\lisa@ehg-equifax.hitbox[2].txt [ Cookie:lisa@ehg-equifax.hitbox.com/ ]
C:\USERS\LISA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJ8YZKEH.txt [ Cookie:lisa@ad.dyntracker.com/ ]
C:\USERS\LISA\Cookies\FWQA57UY.txt [ Cookie:lisa@c.atdmt.com/ ]
C:\USERS\LISA\Cookies\NRWAQR7S.txt [ Cookie:lisa@adform.net/ ]
C:\USERS\LISA\Cookies\lisa@bluestreak[2].txt [ Cookie:lisa@bluestreak.com/ ]
C:\USERS\LISA\Cookies\lisa@admax.quisma[2].txt [ Cookie:lisa@admax.quisma.com/tracking/ ]
C:\USERS\LISA\Cookies\NYPN89C3.txt [ Cookie:lisa@ad2.adfarm1.adition.com/ ]
C:\USERS\LISA\Cookies\C1ECO81O.txt [ Cookie:lisa@zanox-affiliate.de/ ]
C:\USERS\LISA\Cookies\Y8TKLYLL.txt [ Cookie:lisa@track.adform.net/ ]
C:\USERS\LISA\Cookies\98V5F2U8.txt [ Cookie:lisa@imrworldwide.com/cgi-bin ]
C:\USERS\LISA\Cookies\ZHC5BOL3.txt [ Cookie:lisa@mediaplex.com/ ]
C:\USERS\LISA\Cookies\lisa@ar.atwola[1].txt [ Cookie:lisa@ar.atwola.com/html ]
C:\USERS\LISA\Cookies\C1PLN8L0.txt [ Cookie:lisa@ad4.adfarm1.adition.com/ ]
C:\USERS\LISA\Cookies\WTRJV5OL.txt [ Cookie:lisa@ad1.adfarm1.adition.com/ ]
C:\USERS\LISA\Cookies\lisa@at.atwola[2].txt [ Cookie:lisa@at.atwola.com/ ]
C:\USERS\LISA\Cookies\IUUFG4E9.txt [ Cookie:lisa@yadro.ru/ ]
C:\USERS\LISA\Cookies\lisa@sevenoneintermedia.112.2o7[1].txt [ Cookie:lisa@sevenoneintermedia.112.2o7.net/ ]
C:\USERS\LISA\Cookies\lisa@adsonar[2].txt [ Cookie:lisa@adsonar.com/adserving ]
C:\USERS\LISA\Cookies\JGV4IO5U.txt [ Cookie:lisa@doubleclick.net/ ]
C:\USERS\LISA\Cookies\AIY6DH6S.txt [ Cookie:lisa@atdmt.com/ ]
C:\USERS\LISA\Cookies\MQM4G5ZB.txt [ Cookie:lisa@www.zanox-affiliate.de/ ]
C:\USERS\LISA\Cookies\lisa@adx.chip[1].txt [ Cookie:lisa@adx.chip.de/ ]
C:\USERS\LISA\Cookies\FA5ZHXAN.txt [ Cookie:lisa@ad3.adfarm1.adition.com/ ]
C:\USERS\LISA\Cookies\lisa@2o7[2].txt [ Cookie:lisa@2o7.net/ ]
C:\USERS\LISA\Cookies\8LJ259QT.txt [ Cookie:lisa@ad.zanox.com/ ]
C:\USERS\LISA\Cookies\2GIROAW4.txt [ Cookie:lisa@serving-sys.com/ ]
C:\USERS\LISA\Cookies\Q5PIKLTM.txt [ Cookie:lisa@ad.dyntracker.de/ ]
C:\USERS\LISA\Cookies\lisa@adserver.71i[1].txt [ Cookie:lisa@adserver.71i.de/ ]
C:\USERS\LISA\Cookies\lisa@webmasterplan[1].txt [ Cookie:lisa@webmasterplan.com/ ]
C:\USERS\LISA\Cookies\DYJLXR07.txt [ Cookie:lisa@fl01.ct2.comclick.com/ ]
C:\USERS\LISA\Cookies\8SYL3VA7.txt [ Cookie:lisa@tracking.quisma.com/ ]
static.youporn.com [ C:\USERS\LISA\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
a.banner.t-online.de [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
banner.21nova.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
bc.youporn.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
cdn1.static.pornhub.phncdn.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
ch.mediaplanet.streamingbolaget.se [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
de.mediaplanet.streamingbolaget.se [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
delivery.ibanner.de [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
files.youporn.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
googleads.g.doubleclick.net [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
ia.media-imdb.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
imagesrv.adition.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
media.gan-online.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
media.mtvnservices.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
media.scanscout.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
mediadb.kicker.de [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
oddcast.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
s0.2mdn.net [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
secure-uk.imrworldwide.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
secure-us.imrworldwide.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
spe.atdmt.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
static.youporn.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
trackstistics.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
www.adservercentral.info [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
www.deinsexdate.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
www.pornhub.com [ C:\USERS\LISA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\RVUSRM2L ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@247REALMEDIA[1].TXT [ /247REALMEDIA ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@FASTCLICK[2].TXT [ /FASTCLICK ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@KOMTRACK[1].TXT [ /KOMTRACK ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@LENOVO.112.2O7[1].TXT [ /LENOVO.112.2O7 ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@VALUECLICK[1].TXT [ /VALUECLICK ]
C:\USERS\LISA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LISA@ZBOX.ZANOX[2].TXT [ /ZBOX.ZANOX ]
Ich bin gerade ein bisschen am verzweifeln. Ich habe das Gefühl, dass mein Lappi total verseucht ist! Was soll ich nun tun? |
|
30.07.2012, 07:12
| #2 |
  | Haufenweise Trojaner nach Download Hi,
__________________don't panic, das meiste was SUPERAntiSpyware gefunden hat, sind Cookies... OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
AdwareCleaner (AdwCleaner) Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Poste die Logfiles in Code-Tags Download über AdwCleaner by Xplode zum Desktop.  Starte AdwCleaner und klicke Search Nach einiger zeit öffnet ein Logfile (C:\AdwCleaner[xx].txt) poste dessen Inhalt hier ins Forum. chris
__________________ |
|
30.07.2012, 08:52
| #3 |
| | Haufenweise Trojaner nach Download Ok, dann bin ich schon mal ein klitzekleines Bisschen beruhigt. Hier sind die Logfiles:
__________________OTL OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.07.2012 09:10:57 - Run 1 OTL by OldTimer - Version 3.2.55.0 Folder = c:\users\lisa\downloads Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,46 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 34,62% Memory free 5,16 Gb Paging File | 2,53 Gb Available in Paging File | 48,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 106,68 Gb Total Space | 16,44 Gb Free Space | 15,41% Space Free | Partition Type: NTFS Computer Name: LISA-LAPTOP | User Name: Lisa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - c:\users\lisa\downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe (Adobe Systems, Inc.) PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited) PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo) PRC - C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.) PRC - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo) PRC - C:\Programme\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.) PRC - C:\Programme\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Programme\Common Files\Lenovo\Logger\logmon.exe () PRC - C:\Programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.) PRC - C:\Programme\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) PRC - C:\Windows\System32\PSIService.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe () ========== Modules (No Company Name) ========== MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll () MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll () MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL () MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_268.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\OpenOffice.org 3\Basis\program\nsldap32v50.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\OpenOffice.org 3\Basis\program\libxmlsec.dll () MOD - C:\Programme\OpenOffice.org 3\Basis\program\libxslt.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Common Files\Lenovo\CDRecord.dll () MOD - C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll () MOD - C:\Programme\Lenovo\Bluetooth Software\BTKeyInd.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\Programme\Common Files\Lenovo\xml4cmessages5_5.dll () MOD - C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe () MOD - C:\Programme\Lenovo\HOTKEY\TpWAud32.dll () MOD - C:\Programme\Lenovo\PM Driver\PMHlerIO.dll () MOD - C:\Programme\Lenovo\Energy Management\HookLib.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$MSSMLBIZ) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (MSSQL$CSSQL05) -- c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (msftesql$CSSQL05) -- c:\Programme\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe (Microsoft Corporation) SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo) SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (FNF5SVC) -- C:\Programme\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.) SRV - (PMSveH) -- C:\Programme\Lenovo\PM Driver\PMSveH.exe (Lenovo) SRV - (nmservice) -- C:\Programme\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.) SRV - (nmraapache) -- C:\Programme\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe () SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech ) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation) DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation) DRV - (LPCFilter) -- C:\Windows\System32\drivers\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{A23F6D6B-F1D9-4C73-A753-199A6493AB96}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de IE - HKCU\..\SearchScopes\{A23F6D6B-F1D9-4C73-A753-199A6493AB96}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..CT2319825.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de&source=iglk" FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=12.0: C:\Program Files\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=12.0: C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll (CambridgeSoft Corp.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Lisa\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 17:45:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.29 18:08:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.29 18:07:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2007.12.21 22:52:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.28 17:45:49 | 000,000,000 | ---D | M] [2008.12.02 17:55:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Extensions [2012.07.29 18:42:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\lm3rf4q0.default\extensions [2012.05.19 16:51:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\lm3rf4q0.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.01.07 15:38:48 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lisa\AppData\Roaming\mozilla\Firefox\Profiles\lm3rf4q0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.07.29 18:09:25 | 000,000,907 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\conduit.xml [2012.07.27 18:48:34 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-1.xml [2010.07.25 11:41:21 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-10.xml [2010.09.08 20:16:41 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-11.xml [2010.09.18 13:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-12.xml [2010.10.22 16:22:25 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-13.xml [2010.10.28 19:52:20 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-14.xml [2010.11.05 01:04:31 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-15.xml [2011.03.02 18:54:37 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-16.xml [2011.03.06 11:58:01 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-17.xml [2011.03.25 18:53:02 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-18.xml [2011.05.01 12:45:08 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-19.xml [2009.08.05 23:47:31 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-2.xml [2011.06.24 15:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-20.xml [2011.08.17 19:28:00 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-21.xml [2011.09.04 16:01:34 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-22.xml [2011.09.08 11:14:07 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-23.xml [2011.09.28 21:05:47 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-24.xml [2011.11.10 20:18:01 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-25.xml [2011.11.11 14:33:44 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-26.xml [2009.09.11 22:44:31 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-3.xml [2009.10.29 20:44:30 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-4.xml [2009.12.23 14:44:22 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-5.xml [2010.05.10 16:54:19 | 000,000,961 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-6.xml [2010.06.24 08:29:16 | 000,000,961 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-7.xml [2010.07.19 15:23:30 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-8.xml [2010.07.21 11:55:14 | 000,000,950 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin-9.xml [2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\icqplugin.xml [2012.07.03 17:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.07.20 18:28:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.07.03 17:26:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.07.29 18:08:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.29 18:06:51 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2012.06.20 18:15:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.20 18:15:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.20 18:15:41 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 18:15:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 18:15:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 18:15:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\Lenovo Multimedia Center\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo) O4 - HKLM..\Run: [LPManager] C:\Programme\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.) O4 - HKLM..\Run: [PMHandler] C:\Programme\Lenovo\PM Driver\PMHandler.exe (Lenovo) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\Lenovo Multimedia Center\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPWAUDAP] C:\Programme\Lenovo\HOTKEY\TpWAudAp.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent File not found O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-ROD7E.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Windows Live Search - c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Lisa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E94AB7C-D065-48BB-8AA9-E96C342C73E4}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68D44842-5D93-45FC-A877-FBC6037F767F}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD93E412-5C96-4A37-B1C4-7575624F161A}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programme\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c5c72b2e-60da-11e0-9af5-002622dee270}\Shell - "" = AutoRun O33 - MountPoints2\{c5c72b2e-60da-11e0-9af5-002622dee270}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.29 22:26:14 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\SUPERAntiSpyware.com [2012.07.29 22:25:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.07.29 22:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.07.29 22:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.07.29 19:02:35 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes [2012.07.29 19:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.29 19:02:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.29 19:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.29 19:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.29 18:09:45 | 000,000,000 | ---D | C] -- C:\strukedit [2012.07.29 18:07:22 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\convert [2012.07.29 18:07:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2012.07.29 18:07:00 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\loadtbs [2012.07.29 18:06:29 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Conduit [2012.07.24 20:00:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.18 23:11:45 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\Microsoft_Corporation [2012.07.16 19:05:34 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.16 18:55:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.16 18:55:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.16 18:55:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.16 18:55:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.16 18:55:26 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.16 18:55:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.16 18:55:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.11 17:38:46 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012.07.06 22:39:10 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Mestrelab Research S.L [2012.07.06 22:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mestrelab Research S.L [2012.07.05 22:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChemBioOffice 2010 [2012.07.03 17:26:46 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.07.03 17:26:45 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.07.03 17:26:45 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.07.03 17:26:45 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe ========== Files - Modified Within 30 Days ========== [2012.07.30 09:09:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.30 09:07:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.30 09:07:29 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2012.07.30 09:06:59 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c96785d5-88a1-4ebd-bb76-47fac7bcda72.job [2012.07.30 09:06:59 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8a5fd97d-0514-4cc7-9920-035b92edc251.job [2012.07.30 09:06:58 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.30 09:06:45 | 000,005,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 09:06:44 | 000,005,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.30 09:06:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.29 22:25:41 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.07.29 22:19:04 | 000,711,240 | ---- | M] () -- C:\Windows\is-ROD7E.exe [2012.07.29 22:19:04 | 000,012,842 | ---- | M] () -- C:\Windows\is-ROD7E.msg [2012.07.29 22:19:04 | 000,000,422 | ---- | M] () -- C:\Windows\is-ROD7E.lst [2012.07.29 21:39:35 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI [2012.07.29 21:38:42 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI [2012.07.29 21:38:19 | 2643,013,632 | -HS- | M] () -- C:\hiberfil.sys [2012.07.29 21:36:59 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.07.29 18:08:23 | 000,000,009 | ---- | M] () -- C:\END [2012.07.29 17:53:13 | 000,773,924 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.29 17:53:13 | 000,724,544 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.29 17:53:13 | 000,181,102 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.29 17:53:13 | 000,149,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.27 18:50:42 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.07.27 18:50:42 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.24 13:06:34 | 000,050,435 | ---- | M] () -- C:\Users\Lisa\Desktop\Polymerprobe_Puschel.dpt [2012.07.24 13:05:40 | 000,050,435 | ---- | M] () -- C:\Users\Lisa\Desktop\Citronensäure_Isolierung.dpt [2012.07.17 19:50:48 | 000,412,400 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.16 19:26:59 | 000,094,817 | ---- | M] () -- C:\Users\Lisa\Desktop\MELT! Dicki.jpg [2012.07.11 03:56:38 | 000,567,107 | ---- | M] () -- C:\Users\Lisa\Desktop\Protokoll Pflegecreme.odt [2012.07.05 22:40:11 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2012.07.05 22:40:11 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\4C22E387DE.sys [2012.07.03 17:26:33 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.07.03 17:26:33 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.07.03 17:26:33 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.07.03 17:26:33 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.07.03 17:26:33 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.07.29 22:26:33 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 8a5fd97d-0514-4cc7-9920-035b92edc251.job [2012.07.29 22:26:31 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c96785d5-88a1-4ebd-bb76-47fac7bcda72.job [2012.07.29 22:25:41 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.07.29 22:19:04 | 000,711,240 | ---- | C] () -- C:\Windows\is-ROD7E.exe [2012.07.29 22:19:04 | 000,012,842 | ---- | C] () -- C:\Windows\is-ROD7E.msg [2012.07.29 22:19:04 | 000,000,422 | ---- | C] () -- C:\Windows\is-ROD7E.lst [2012.07.29 18:08:22 | 000,000,009 | ---- | C] () -- C:\END [2012.07.29 17:49:32 | 000,050,435 | ---- | C] () -- C:\Users\Lisa\Desktop\Polymerprobe_Puschel.dpt [2012.07.29 17:49:29 | 000,050,435 | ---- | C] () -- C:\Users\Lisa\Desktop\Citronensäure_Isolierung.dpt [2012.07.16 19:26:37 | 000,094,817 | ---- | C] () -- C:\Users\Lisa\Desktop\MELT! Dicki.jpg [2012.07.05 22:40:10 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\4C22E387DE.sys [2012.07.03 20:36:12 | 000,567,107 | ---- | C] () -- C:\Users\Lisa\Desktop\Protokoll Pflegecreme.odt [2011.12.28 17:31:24 | 000,241,086 | ---- | C] () -- C:\Windows\hpwins28.dat [2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2008.06.28 17:55:22 | 000,032,768 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.28 15:05:21 | 000,002,708 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat [2007.12.21 22:24:04 | 001,398,352 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe ========== Files - Unicode (All) ========== [2011.04.07 12:24:25 | 003,977,676 | ---- | C] ()(C:\Users\Lisa\Desktop\?Matissek, Lebensmittelanalytik 3.A.pdf) -- C:\Users\Lisa\Desktop\Matissek, Lebensmittelanalytik 3.A.pdf [2009.11.02 10:35:48 | 003,977,676 | ---- | M] ()(C:\Users\Lisa\Desktop\?Matissek, Lebensmittelanalytik 3.A.pdf) -- C:\Users\Lisa\Desktop\Matissek, Lebensmittelanalytik 3.A.pdf < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.07.2012 09:10:57 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = c:\users\lisa\downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,46 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 34,62% Memory free
5,16 Gb Paging File | 2,53 Gb Available in Paging File | 48,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106,68 Gb Total Space | 16,44 Gb Free Space | 15,41% Space Free | Partition Type: NTFS
Computer Name: LISA-LAPTOP | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C05DE2-4ACD-4026-ABE1-198B33657A3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{27F20E50-E58E-499E-98DC-2B1D3A399E87}" = lport=67 | protocol=17 | dir=in | name=dhcp-discovery-dienst |
"{30FD9F26-D01B-42FF-9239-67D18D0F913B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5D1EE0E4-CC03-46B3-A579-2E6EE5B3F5CB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{63E99020-FDD0-4773-ADA6-4B8956563B08}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{866B7EF2-F992-4147-B5E3-AD1E54DF1D7C}" = rport=138 | protocol=17 | dir=out | app=system |
"{A368107E-C08B-4D42-884F-40BAD6F3403B}" = lport=445 | protocol=6 | dir=in | app=system |
"{B1A79E2B-277B-48D0-AE24-77B3611D3321}" = rport=139 | protocol=6 | dir=out | app=system |
"{C082F9A3-6DAA-427E-AF0C-2A2B272114DE}" = lport=137 | protocol=17 | dir=in | app=system |
"{C518D87D-A263-4974-9CF7-9CECE4018D8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D897AE9E-CC91-4FBF-B692-4DE4274BF366}" = lport=139 | protocol=6 | dir=in | app=system |
"{DF5ADEC6-87B0-4919-82F5-FA0E050AA41C}" = lport=67 | protocol=17 | dir=in | name=dhcp-discovery-dienst |
"{F129444B-7D9B-4488-A12F-140E2BF418C8}" = rport=445 | protocol=6 | dir=out | app=system |
"{F1CB3D7D-05DF-4E0C-A3D2-1CBF16DCA8B8}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC9C8EDA-455F-47AE-B538-F288B4E69BF1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D68702-D0D8-415D-972A-E92639FB6F02}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0809777A-F181-4521-BA38-CD487DE22305}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{0A4C5853-053E-44BD-9BB4-CF4CB98A1131}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D63A987-0E6C-4EF9-B5F3-DE76946DF633}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{1CE4AAC5-CFF1-4158-9A51-C0BFA5F8E484}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{2D28C3F7-5A75-4929-867D-F49E5259436E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{310BBF95-7316-409B-B3E4-D3871AA89D06}" = protocol=17 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{32575FD3-09E4-4DB2-834D-F930869D13EA}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{335FAA58-B838-43BB-B6E8-CA3D5A8C80AE}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{37D67D9F-4E8D-4875-99D6-4BFBD5C4D1A9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3BF9F641-CF40-4AED-9820-EDD40737FE8D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{3C9E1553-28F9-4141-9097-12346BB64831}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{3EF2AF92-6AE9-4A43-9005-58EC31801FE5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{4451BE65-5D20-4CA6-B002-546DF568C5A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{4642D373-D050-4FC8-BF5A-B168259F1E33}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{50AE57FB-AB35-4A09-A2A8-69E622BDE15B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{52C7673A-D305-4E11-B92F-055DE4AC2688}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{560097DD-234E-4E46-BA2A-10DC7B319EF6}" = protocol=6 | dir=in | app=c:\program files\pure networks\network magic\nmsrvc.exe |
"{567DE383-A3E4-430A-A924-8F9BAEDFBDD7}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\insttool.exe |
"{5EB67146-DE8B-4312-B640-8CFB41008B37}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{63AE7191-D390-4D8E-A321-C0E5ED935B7E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{7196F247-F1ED-42E2-91CE-351C752F8715}" = dir=in | app=d:\setup\hpznui01.exe |
"{74CBEDDE-235B-46DC-907E-2E7D34AF35C3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{78D62D76-9D1B-48AC-BDDD-A768EDF3E149}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{7A206087-67A5-4567-8BBB-03C346FA867C}" = dir=in | app=c:\program files\lenovo multimedia center\powerdirector express\pdx.exe |
"{7A91B18D-62C6-4155-8DB7-A2F140A90CAE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7B573573-496E-473B-A61E-9D684C3BEAC1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{807A85E4-550C-4ABE-B72D-0EFE5BF9E7A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{828D8258-F244-412A-B76B-0155CD720706}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{9156C4D1-735B-4561-B082-BD0653A15804}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{941F9D13-52F6-4EED-B649-EE8FD4A12289}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{99DA3884-7B21-4D23-A15A-BD700EF62E9F}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{9F8ACADD-BB96-4180-BD75-4343D06B18DE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AD000267-4901-4870-86EA-DE5C752AAE64}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B00F194C-A8F3-49A6-B8A2-1FC9AF19347A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{B369EB67-9CC7-4055-BBFD-63FB20BB0AC7}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BB1B9F6C-48D7-4A69-B71E-47551A2E3D25}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BED75BE0-1CF3-484F-904D-6FBBE9BEBA17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CFC2DA77-004B-41D9-811B-D3FFABD61961}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC33D3FA-556C-469F-A192-1F54E890BE9E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{DE9A4C45-EC5D-486C-9F88-B4E3735782A8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{E13F14CC-9B69-41F5-AC29-3EA830C3599A}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{E4707A24-7471-4A7E-974A-13856E4DEDCC}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe |
"{E50F0DC5-89F6-4D8D-92EC-6F9CC780CA8A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E625D11E-3646-4222-AF1E-D7BB2960EE3E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6903141-4BF7-42E1-8304-5DF7A5D03AA3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F15C27EE-00FE-43C2-AB1F-D330AED5106C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F631389B-F326-4753-88BF-419B89594C68}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{F8225004-9DF9-4597-BEC1-D7B37E9B2217}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{FA6AC139-35CF-473E-A6B9-81B3151A7DC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{FFA9BEBC-1DD7-4CE9-8D0F-954BFD6C5D05}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{0E969BBA-3A6C-47AF-923D-A7CF2F03B307}C:\program files\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=6 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"TCP Query User{11BE3157-3C59-4621-8FB7-7DEA6F4719B9}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"TCP Query User{170583B0-CE7A-4888-A015-1B36DBD9D567}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{19A9652B-2990-42DE-A9FC-D64B68995BF0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{22839551-4198-4920-A43D-E08E37325CC0}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{4AE69B1B-A45E-4981-B700-9BEA52205816}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{55765854-9C88-40D0-9295-DB77B89B3C42}C:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"TCP Query User{6AAA57A7-5BC2-4B5D-AF45-AB3C2AAB4C18}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{83EBD493-9CCC-4449-9C4C-39C06BB69315}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B7913997-7AD1-42EC-A84A-F4B167F4BCE0}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{C6F9899D-7623-4CC7-A2B4-91137CD8F488}C:\program files\microsoft office\office12\excel.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\excel.exe |
"TCP Query User{D3583092-B85A-45DD-A33C-0145A2FA1409}C:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=6 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"TCP Query User{E47D57A9-E5E9-462F-94AF-519E27C7B55C}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"TCP Query User{F9D70EB9-A50E-4045-B427-3009A8F0C369}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1C06F7A6-EBE4-4E80-9706-DF66311F9C6D}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{2BC329B5-4BEE-4AC8-84CC-5E08545CF8AC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{2CA237D0-0709-4680-BFC7-9A9519324FE5}C:\program files\microsoft office\office12\excel.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\excel.exe |
"UDP Query User{5F5D74CE-CE25-40E9-85DD-981D8B1AD2EE}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{6FCC72A1-47BB-444A-80BF-C8F2245D5843}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{78DF51C2-0BCC-4C6B-86F2-6B79FAF9B6E2}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"UDP Query User{828E40B2-B582-468E-A17A-552C9883F17D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8945B3CB-987C-4A63-BB16-C0EB03A1AEF9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9153AE0E-D3CA-45A7-A781-14FFAD6C10B8}C:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"UDP Query User{B3185CF9-AA16-45EA-B10E-52F0BFDDB65D}C:\program files\cambridgesoft\chemoffice2010\chem3d\chem3d.exe" = protocol=17 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chem3d\chem3d.exe |
"UDP Query User{D2843AD6-107D-412B-BF46-CBCF4BD6BF40}C:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe" = protocol=17 | dir=in | app=c:\program files\cambridgesoft\chemoffice2010\chemdraw\chemdraw.exe |
"UDP Query User{D317C7E0-F219-4621-80CB-0C58E7F5999B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DF9AEEC3-4B9F-4029-A350-C7A363E6392E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E03A49DC-D2A7-4EB6-8BC0-964552EFF4AA}C:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\versioncheck\versioncheck.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Lenovo Bluetooth with Enhanced Data Rate Software 6.0.1.4900
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Lenovo Multimedia Center
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{48DEAAF2-8276-4BBD-B7B6-91E454938476}" = CambridgeSoft ChemDraw Ultra 12.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.33
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Ergänzung zu Lenovo Care
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home
"{79D56DFD-D28E-4289-BED2-32A6342A305B}" = Corel Business Center
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{800C6CC9-8EEB-4A6A-ABD4-C05EAE279606}" = Network Magic
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8G
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1F625EB-9691-4889-A864-DA085739F3F0}" = Power Ux Customization
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E55E016B-8254-4A3F-ACEB-FE9988CD880F}" = Origin8
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.0.1
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Avira AntiVir Desktop" = Avira Free Antivirus
"AwayTask" = Maintenance Manager
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"Cinergy T Stick MKII" = Cinergy T Stick MKII V9.06.3.01
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.1 for Windows
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR
"YTdetect" = Yahoo! Detect
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Titan Poker" = Titan Poker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.07.2012 03:06:11 | Computer Name = Lisa-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.07.2012 03:06:11 | Computer Name = Lisa-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29482177
Error - 30.07.2012 03:06:11 | Computer Name = Lisa-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29482177
Error - 30.07.2012 03:06:17 | Computer Name = Lisa-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.07.2012 03:06:17 | Computer Name = Lisa-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29488589
Error - 30.07.2012 03:06:17 | Computer Name = Lisa-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29488589
Error - 30.07.2012 03:06:19 | Computer Name = Lisa-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.07.2012 03:06:19 | Computer Name = Lisa-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29489868
Error - 30.07.2012 03:06:19 | Computer Name = Lisa-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29489868
Error - 30.07.2012 03:07:01 | Computer Name = Lisa-Laptop | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung utility.exe, Version 3.1.5.7, Zeitstempel 0x487d9320,
fehlerhaftes Modul utility.exe, Version 3.1.5.7, Zeitstempel 0x487d9320, Ausnahmecode
0xc0000005, Fehleroffset 0x0000fc22, Prozess-ID 0x10dc, Anwendungsstartzeit 01cd6e21d0bbb8c0.
[ OSession Events ]
Error - 20.07.2009 09:21:04 | Computer Name = Lisa-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7122
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.07.2010 06:14:02 | Computer Name = Lisa-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 98
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.07.2012 12:28:25 | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 29.07.2012 15:39:07 | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 29.07.2012 15:39:07 | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 29.07.2012 15:39:07 | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 29.07.2012 15:39:07 | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 29.07.2012 15:43:02 | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 29.07.2012 15:43:31 | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 29.07.2012 15:44:48 | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 29.07.2012 15:45:32 | Computer Name = Lisa-Laptop | Source = Service Control Manager | ID = 7011
Description =
Error - 30.07.2012 03:08:09 | Computer Name = Lisa-Laptop | Source = DCOM | ID = 10010
Description =
< End of report >
AdwCleaner Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/30/2012 at 09:46:28
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Lisa - LISA-LAPTOP
# Running from : C:\Users\Lisa\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Users\Lisa\AppData\Local\Conduit
Folder Found : C:\Users\Lisa\AppData\Local\TempDir
Folder Found : C:\Users\Lisa\AppData\LocalLow\Conduit
Folder Found : C:\Users\Lisa\AppData\Roaming\loadtbs
Folder Found : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\Smartbar
Folder Found : C:\Program Files\Conduit
File Found : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\Conduit.xml
***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKLM\SOFTWARE\Conduit
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\prefs.js
Found : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Found : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Found : user_pref("CT2319825.1000234.TWC_TMP_city", "BERLIN");
Found : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Found : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT2319825.FirstTime", "true");
Found : user_pref("CT2319825.FirstTimeFF3", "true");
Found : user_pref("CT2319825.ID", "47871746");
Found : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Found : user_pref("CT2319825.UserID", "UN19579818090523649");
Found : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2319825.autoDisableScopes", -1);
Found : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Found : user_pref("CT2319825.defaultSearch", "true");
Found : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2319825.enableAlerts", "always");
Found : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Found : user_pref("CT2319825.firstTimeDialogOpened", "true");
Found : user_pref("CT2319825.fixPageNotFoundError", "true");
Found : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2319825.fixUrls", true);
Found : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Found : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Found : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2319825.isNewTabEnabled", true);
Found : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2319825.keyword", true);
Found : user_pref("CT2319825.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\" \",\"EB_MAIN_FRAME_URL\":\"hxxp[...]
Found : user_pref("CT2319825.openThankYouPage", "false");
Found : user_pref("CT2319825.openUninstallPage", "true");
Found : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Found : user_pref("CT2319825.search.searchCount", "0");
Found : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Found : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343578164045");
Found : user_pref("CT2319825.serviceLayer_services_appTracking_lastUpdate", "1343578167951");
Found : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1343578164025");
Found : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343578167185");
Found : user_pref("CT2319825.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343578167781");
Found : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343578165188");
Found : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1343578158137");
Found : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1343578155004");
Found : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343578167122");
Found : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1343578158010");
Found : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1343578164032");
Found : user_pref("CT2319825.settingsINI", true);
Found : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Found : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Found : user_pref("CT2319825.smartbar.Uninstall", "0");
Found : user_pref("CT2319825.smartbar.homepage", true);
Found : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Found : user_pref("CT2319825.startPage", "userChanged");
Found : user_pref("CT2319825.toolbarBornServerTime", "29-7-2012");
Found : user_pref("CT2319825.toolbarCurrentServerTime", "29-7-2012");
Found : user_pref("Smartbar.ConduitHomepagesList", "");
Found : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Found : user_pref("browser.search.selectedEngine", "Winload Customized Web Search");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=[...]
*************************
AdwCleaner[R1].txt - [7541 octets] - [30/07/2012 09:46:28]
########## EOF - C:\AdwCleaner[R1].txt - [7669 octets] ##########
|
|
30.07.2012, 09:01
| #4 |
| | Haufenweise Trojaner nach Download Hi, Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\System32\4C22E387DE.sys
Fix für OTL:
 Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-ROD7E.exe ()
[2012.07.29 22:19:04 | 000,711,240 | ---- | M] () -- C:\Windows\is-ROD7E.exe
[2012.07.29 22:19:04 | 000,012,842 | ---- | M] () -- C:\Windows\is-ROD7E.msg
[2012.07.29 22:19:04 | 000,000,422 | ---- | M] () -- C:\Windows\is-ROD7E.lst
:Commands
[emptytemp]
[resethosts]
[Reboot]
AdwareCleaner Schliesse alle offenstehende Fenster und starte AdwCleaner (Win7/Vista: Als Administrator ausführen)
Dein Rechner wird neu gestartet und es öffnet sich ein Logfile (C:\AdwCleaner[xx].txt), poste dessen Inhalt hier ins Forum. TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster (Report anklicken), den Text abkopieren und hier posten... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
30.07.2012, 10:54
| #5 |
| | Haufenweise Trojaner nach Download OK, das habe ich gemacht. Hat mich nur gewundert, dass mir gesagt wurde, ich hätte den Scan schon einmal ausgeführt. Ich habe mir jetzt den alten Report anzeigen lassen. Code:
ATTFilter SHA256: 8f09ba3707aecca9d43660fcdf0800f61ed901436ea6ed7cef2b40f26461bc43
SHA1: 0dd81c0a7a0e5669fb4711467161292207ef29bf
MD5: 1d2f0a67e7e32e5d47973227945a4090
File size: 88 Bytes ( 88 bytes )
File name: 263a36d5dc.sys
File type: unknown
Detection ratio: 0 / 42
Analysis date: 2012-05-05 17:34:41 UTC ( 2 Monate, 3 Wochen ago )
Antivirus Result Update
VirusBuster - 20120504
ViRobot - 20120505
VIPRE - 20120505
VBA32 - 20120504
TrendMicro-HouseCall - 20120504
TrendMicro - 20120505
TheHacker - 20120505
Symantec - 20120505
SUPERAntiSpyware - 20120411
Sophos - 20120505
Rising - 20120504
PCTools - 20120505
Panda - 20120505
nProtect - 20120505
Norman - 20120504
NOD32 - 20120505
Microsoft - 20120505
McAfee-GW-Edition - 20120505
McAfee - 20120505
Kaspersky - 20120505
K7AntiVirus - 20120505
Jiangmin - 20120505
Ikarus - 20120505
GData - 20120505
Fortinet - 20120505
F-Secure - 20120505
F-Prot - 20120505
eTrust-Vet - 20120504
eSafe - 20120502
Emsisoft - 20120505
DrWeb - 20120505
Comodo - 20120505
Commtouch - 20120505
ClamAV - 20120505
CAT-QuickHeal - 20120505
ByteHero - 20120505
BitDefender - 20120505
AVG - 20120505
Avast - 20120505
Antiy-AVL - 20120505
AntiVir - 20120504
AhnLab-V3 - 20120505
Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\InnoSetupRegFile.0000000001 not found.
File C:\Windows\is-ROD7E.exe not found.
File C:\Windows\is-ROD7E.exe not found.
File C:\Windows\is-ROD7E.msg not found.
File C:\Windows\is-ROD7E.lst not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lisa
->Temp folder emptied: 88168 bytes
->Temporary Internet Files folder emptied: 78124 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5855839 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7130 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 07302012_110908
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/30/2012 at 11:28:51
# Updated 20/07/2012 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Lisa - LISA-LAPTOP
# Running from : C:\Users\Lisa\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Users\Lisa\AppData\Local\Conduit
Folder Deleted : C:\Users\Lisa\AppData\Local\TempDir
Folder Deleted : C:\Users\Lisa\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Lisa\AppData\Roaming\loadtbs
Folder Deleted : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\Smartbar
Folder Deleted : C:\Program Files\Conduit
File Deleted : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\searchplugins\Conduit.xml
***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825 --> hxxp://www.google.com
-\\ Mozilla Firefox v14.0.1 (de)
Profile name : default
File : C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\prefs.js
C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\lm3rf4q0.default\user.js ... Deleted !
Deleted : user_pref("CT2319825.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1L[...]
Deleted : user_pref("CT2319825.1000234.TWC_TMP_city", "BERLIN");
Deleted : user_pref("CT2319825.1000234.TWC_TMP_country", "DE");
Deleted : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2319825.FirstTime", "true");
Deleted : user_pref("CT2319825.FirstTimeFF3", "true");
Deleted : user_pref("CT2319825.ID", "47871746");
Deleted : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT231[...]
Deleted : user_pref("CT2319825.UserID", "UN19579818090523649");
Deleted : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2319825.autoDisableScopes", -1);
Deleted : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT2319825.defaultSearch", "true");
Deleted : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2319825.enableAlerts", "always");
Deleted : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2319825.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2319825.fixPageNotFoundError", "true");
Deleted : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2319825.fixUrls", true);
Deleted : user_pref("CT2319825.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT2319825.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2319825.isNewTabEnabled", true);
Deleted : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2319825.keyword", true);
Deleted : user_pref("CT2319825.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\" \",\"EB_MAIN_FRAME_URL\":\"hxxp[...]
Deleted : user_pref("CT2319825.openThankYouPage", "false");
Deleted : user_pref("CT2319825.openUninstallPage", "true");
Deleted : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Deleted : user_pref("CT2319825.search.searchCount", "0");
Deleted : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Deleted : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2319825.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343578164045");
Deleted : user_pref("CT2319825.serviceLayer_services_appTracking_lastUpdate", "1343578167951");
Deleted : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1343578164025");
Deleted : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343578167185");
Deleted : user_pref("CT2319825.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343578167781");
Deleted : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343578165188");
Deleted : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1343578158137");
Deleted : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1343578155004");
Deleted : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343578167122");
Deleted : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1343578158010");
Deleted : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1343578164032");
Deleted : user_pref("CT2319825.settingsINI", true);
Deleted : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Deleted : user_pref("CT2319825.smartbar.Uninstall", "0");
Deleted : user_pref("CT2319825.smartbar.homepage", true);
Deleted : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Deleted : user_pref("CT2319825.startPage", "userChanged");
Deleted : user_pref("CT2319825.toolbarBornServerTime", "29-7-2012");
Deleted : user_pref("CT2319825.toolbarCurrentServerTime", "29-7-2012");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Deleted : user_pref("browser.search.selectedEngine", "Winload Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=[...]
*************************
AdwCleaner[R1].txt - [7670 octets] - [30/07/2012 09:46:28]
AdwCleaner[S1].txt - [7903 octets] - [30/07/2012 11:28:51]
########## EOF - C:\AdwCleaner[S1].txt - [8031 octets] ##########
Code:
ATTFilter 11:46:58.0078 4148 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:46:59.0872 4148 ============================================================
11:46:59.0872 4148 Current date / time: 2012/07/30 11:46:59.0872
11:46:59.0872 4148 SystemInfo:
11:46:59.0872 4148
11:46:59.0872 4148 OS Version: 6.0.6002 ServicePack: 2.0
11:46:59.0872 4148 Product type: Workstation
11:46:59.0872 4148 ComputerName: LISA-LAPTOP
11:46:59.0872 4148 UserName: Lisa
11:46:59.0872 4148 Windows directory: C:\Windows
11:46:59.0872 4148 System windows directory: C:\Windows
11:46:59.0872 4148 Processor architecture: Intel x86
11:46:59.0872 4148 Number of processors: 1
11:46:59.0872 4148 Page size: 0x1000
11:46:59.0872 4148 Boot type: Normal boot
11:46:59.0872 4148 ============================================================
11:47:08.0000 4148 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:47:08.0000 4148 ============================================================
11:47:08.0000 4148 \Device\Harddisk0\DR0:
11:47:08.0000 4148 MBR partitions:
11:47:08.0000 4148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xA35800, BlocksNum 0xD55E800
11:47:08.0000 4148 ============================================================
11:47:08.0047 4148 C: <-> \Device\Harddisk0\DR0\Partition0
11:47:08.0047 4148 ============================================================
11:47:08.0047 4148 Initialize success
11:47:08.0047 4148 ============================================================
11:50:05.0966 2200 ============================================================
11:50:05.0966 2200 Scan started
11:50:05.0966 2200 Mode: Manual; SigCheck; TDLFS;
11:50:05.0966 2200 ============================================================
11:50:06.0621 2200 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:50:06.0839 2200 !SASCORE - ok
11:50:07.0292 2200 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:50:07.0307 2200 ACPI - ok
11:50:07.0448 2200 ACPIVPC (08712de3bb98202059237dba3d3b90a5) C:\Windows\system32\DRIVERS\AcpiVpc.sys
11:50:07.0510 2200 ACPIVPC - ok
11:50:07.0604 2200 AcPrfMgrSvc (255082bb943975197fc5b27877a6751f) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
11:50:07.0604 2200 AcPrfMgrSvc - ok
11:50:07.0682 2200 AcSvc (5c690c5400a30204acaea721d520c259) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
11:50:07.0697 2200 AcSvc - ok
11:50:07.0947 2200 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:50:07.0947 2200 AdobeARMservice - ok
11:50:08.0368 2200 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:50:08.0384 2200 AdobeFlashPlayerUpdateSvc - ok
11:50:08.0618 2200 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
11:50:08.0649 2200 adp94xx - ok
11:50:08.0742 2200 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
11:50:08.0758 2200 adpahci - ok
11:50:08.0789 2200 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
11:50:08.0805 2200 adpu160m - ok
11:50:08.0836 2200 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
11:50:08.0852 2200 adpu320 - ok
11:50:08.0930 2200 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:50:09.0008 2200 AeLookupSvc - ok
11:50:10.0100 2200 AF15BDA (5b1ef06f0cdcf7ed33bd5d99e9421f02) C:\Windows\system32\DRIVERS\AF15BDA.sys
11:50:10.0271 2200 AF15BDA - ok
11:50:10.0396 2200 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:50:10.0568 2200 AFD - ok
11:50:10.0614 2200 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
11:50:10.0630 2200 AgereModemAudio - ok
11:50:11.0348 2200 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
11:50:11.0519 2200 AgereSoftModem - ok
11:50:11.0847 2200 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
11:50:11.0862 2200 agp440 - ok
11:50:12.0003 2200 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:50:12.0018 2200 aic78xx - ok
11:50:12.0611 2200 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:50:12.0830 2200 ALG - ok
11:50:12.0876 2200 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
11:50:12.0876 2200 aliide - ok
11:50:12.0939 2200 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
11:50:12.0954 2200 amdagp - ok
11:50:12.0986 2200 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
11:50:13.0001 2200 amdide - ok
11:50:13.0032 2200 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
11:50:13.0235 2200 AmdK7 - ok
11:50:13.0266 2200 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
11:50:13.0329 2200 AmdK8 - ok
11:50:13.0469 2200 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:50:13.0516 2200 AntiVirSchedulerService - ok
11:50:13.0563 2200 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:50:13.0578 2200 AntiVirService - ok
11:50:13.0656 2200 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:50:13.0719 2200 Appinfo - ok
11:50:14.0328 2200 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:50:14.0359 2200 Apple Mobile Device - ok
11:50:14.0406 2200 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
11:50:14.0422 2200 arc - ok
11:50:14.0515 2200 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
11:50:14.0531 2200 arcsas - ok
11:50:14.0578 2200 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:50:14.0671 2200 AsyncMac - ok
11:50:14.0765 2200 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:50:14.0781 2200 atapi - ok
11:50:14.0859 2200 ATSWPDRV (f70d2392158cb68e775f8c4cd3d12fbb) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
11:50:14.0890 2200 ATSWPDRV - ok
11:50:15.0030 2200 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:50:15.0108 2200 AudioEndpointBuilder - ok
11:50:15.0124 2200 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:50:15.0155 2200 Audiosrv - ok
11:50:15.0217 2200 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
11:50:15.0249 2200 avgntflt - ok
11:50:15.0342 2200 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
11:50:15.0373 2200 avipbb - ok
11:50:15.0405 2200 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
11:50:15.0436 2200 avkmgr - ok
11:50:15.0514 2200 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:50:15.0592 2200 b57nd60x - ok
11:50:15.0873 2200 BCM43XX (36aec496ba179120305319d1086228fc) C:\Windows\system32\DRIVERS\bcmwl6.sys
11:50:16.0153 2200 BCM43XX - ok
11:50:16.0294 2200 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
11:50:16.0309 2200 BcmSqlStartupSvc - ok
11:50:16.0840 2200 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:50:16.0903 2200 Beep - ok
11:50:17.0122 2200 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
11:50:17.0200 2200 BFE - ok
11:50:17.0418 2200 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
11:50:17.0574 2200 BITS - ok
11:50:17.0574 2200 blbdrive - ok
11:50:17.0839 2200 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:50:17.0855 2200 Bonjour Service - ok
11:50:18.0385 2200 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:50:18.0541 2200 bowser - ok
11:50:18.0604 2200 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:50:18.0619 2200 BrFiltLo - ok
11:50:18.0682 2200 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:50:18.0853 2200 BrFiltUp - ok
11:50:18.0931 2200 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:50:18.0962 2200 Browser - ok
11:50:19.0025 2200 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:50:19.0087 2200 Brserid - ok
11:50:19.0118 2200 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:50:19.0181 2200 BrSerWdm - ok
11:50:19.0212 2200 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:50:19.0274 2200 BrUsbMdm - ok
11:50:19.0321 2200 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:50:19.0368 2200 BrUsbSer - ok
11:50:19.0446 2200 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
11:50:19.0493 2200 BthEnum - ok
11:50:19.0571 2200 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
11:50:19.0602 2200 BTHMODEM - ok
11:50:19.0664 2200 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
11:50:19.0711 2200 BthPan - ok
11:50:19.0914 2200 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
11:50:20.0039 2200 BTHPORT - ok
11:50:20.0101 2200 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
11:50:20.0148 2200 BthServ - ok
11:50:20.0179 2200 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
11:50:20.0179 2200 BTHUSB - ok
11:50:20.0273 2200 btwaudio (636f45a8500c1438cfa7dee15fc5c184) C:\Windows\system32\drivers\btwaudio.sys
11:50:20.0288 2200 btwaudio - ok
11:50:20.0335 2200 btwavdt (bf9256ff01b093a5d90bb7a35ec90410) C:\Windows\system32\drivers\btwavdt.sys
11:50:20.0366 2200 btwavdt - ok
11:50:20.0413 2200 btwrchid (0ab8c1ac177afb27309e1072faf34a37) C:\Windows\system32\DRIVERS\btwrchid.sys
11:50:20.0429 2200 btwrchid - ok
11:50:20.0491 2200 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:50:20.0522 2200 cdfs - ok
11:50:20.0600 2200 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:50:20.0647 2200 cdrom - ok
11:50:20.0866 2200 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:50:20.0897 2200 CertPropSvc - ok
11:50:20.0990 2200 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
11:50:21.0037 2200 circlass - ok
11:50:21.0178 2200 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:50:21.0224 2200 CLFS - ok
11:50:21.0365 2200 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:50:21.0380 2200 clr_optimization_v2.0.50727_32 - ok
11:50:21.0630 2200 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:50:21.0708 2200 clr_optimization_v4.0.30319_32 - ok
11:50:21.0848 2200 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:50:21.0895 2200 CmBatt - ok
11:50:21.0942 2200 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
11:50:21.0942 2200 cmdide - ok
11:50:22.0004 2200 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:50:22.0004 2200 Compbatt - ok
11:50:22.0020 2200 COMSysApp - ok
11:50:22.0098 2200 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
11:50:22.0114 2200 crcdisk - ok
11:50:22.0145 2200 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
11:50:22.0192 2200 Crusoe - ok
11:50:22.0254 2200 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
11:50:22.0316 2200 CryptSvc - ok
11:50:22.0379 2200 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
11:50:22.0441 2200 CVirtA - ok
11:50:23.0003 2200 CVPND (66257cb4e4fb69887cddc71663741435) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
11:50:23.0159 2200 CVPND - ok
11:50:23.0752 2200 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
11:50:23.0939 2200 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
11:50:23.0939 2200 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
11:50:24.0048 2200 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:50:24.0095 2200 DcomLaunch - ok
11:50:24.0235 2200 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:50:24.0376 2200 DfsC - ok
11:50:24.0828 2200 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:50:25.0109 2200 DFSR - ok
11:50:25.0733 2200 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys
11:50:25.0998 2200 dg_ssudbus - ok
11:50:26.0107 2200 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:50:26.0138 2200 Dhcp - ok
11:50:26.0622 2200 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:50:26.0638 2200 disk - ok
11:50:27.0184 2200 Diskeeper (5f4944cfb8e60f2b02b7cd7419b3c314) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
11:50:27.0215 2200 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
11:50:27.0215 2200 Diskeeper - detected UnsignedFile.Multi.Generic (1)
11:50:27.0355 2200 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
11:50:27.0371 2200 DNE - ok
11:50:27.0527 2200 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:50:27.0558 2200 Dnscache - ok
11:50:27.0620 2200 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:50:27.0636 2200 dot3svc - ok
11:50:28.0043 2200 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
11:50:28.0089 2200 Dot4 - ok
11:50:28.0121 2200 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:50:28.0152 2200 Dot4Print - ok
11:50:28.0230 2200 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
11:50:28.0245 2200 dot4usb - ok
11:50:28.0339 2200 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:50:28.0433 2200 DPS - ok
11:50:28.0464 2200 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:50:28.0479 2200 drmkaud - ok
11:50:28.0994 2200 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:50:29.0072 2200 DXGKrnl - ok
11:50:29.0119 2200 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:50:29.0181 2200 E1G60 - ok
11:50:29.0259 2200 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:50:29.0306 2200 EapHost - ok
11:50:29.0353 2200 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:50:29.0415 2200 Ecache - ok
11:50:29.0509 2200 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
11:50:29.0540 2200 elxstor - ok
11:50:29.0634 2200 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:50:29.0665 2200 EMDMgmt - ok
11:50:29.0774 2200 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:50:29.0805 2200 EventSystem - ok
11:50:29.0977 2200 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:50:30.0117 2200 exfat - ok
11:50:30.0164 2200 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:50:30.0195 2200 fastfat - ok
11:50:30.0273 2200 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
11:50:30.0320 2200 fdc - ok
11:50:30.0367 2200 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:50:30.0398 2200 fdPHost - ok
11:50:30.0429 2200 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:50:30.0507 2200 FDResPub - ok
11:50:30.0554 2200 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:50:30.0570 2200 FileInfo - ok
11:50:30.0632 2200 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:50:30.0663 2200 Filetrace - ok
11:50:30.0710 2200 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
11:50:30.0882 2200 flpydisk - ok
11:50:30.0944 2200 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:50:31.0007 2200 FltMgr - ok
11:50:31.0178 2200 FNF5SVC (ffc8363c5264658f11e4d915a7d79d98) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
11:50:31.0178 2200 FNF5SVC - ok
11:50:31.0475 2200 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
11:50:31.0537 2200 FontCache - ok
11:50:31.0662 2200 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:50:31.0662 2200 FontCache3.0.0.0 - ok
11:50:31.0787 2200 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
11:50:31.0802 2200 Fs_Rec - ok
11:50:31.0865 2200 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
11:50:31.0880 2200 gagp30kx - ok
11:50:31.0989 2200 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:50:32.0005 2200 GEARAspiWDM - ok
11:50:32.0161 2200 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:50:32.0192 2200 gpsvc - ok
11:50:32.0426 2200 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:50:32.0457 2200 gupdate - ok
11:50:32.0473 2200 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
11:50:32.0489 2200 gupdatem - ok
11:50:32.0535 2200 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:50:32.0551 2200 gusvc - ok
11:50:32.0707 2200 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
11:50:32.0801 2200 HdAudAddService - ok
11:50:32.0894 2200 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:50:33.0081 2200 HDAudBus - ok
11:50:33.0144 2200 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
11:50:33.0237 2200 HidBth - ok
11:50:33.0347 2200 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
11:50:33.0378 2200 HidIr - ok
11:50:34.0314 2200 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
11:50:34.0376 2200 hidserv - ok
11:50:34.0423 2200 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
11:50:34.0454 2200 HidUsb - ok
11:50:34.0501 2200 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:50:34.0532 2200 hkmsvc - ok
11:50:34.0641 2200 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
11:50:34.0641 2200 HpCISSs - ok
11:50:35.0047 2200 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:50:35.0047 2200 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
11:50:35.0047 2200 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
11:50:35.0109 2200 hpqddsvc (f3f72a2a86c22610bca5439fa789dd52) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:50:35.0109 2200 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
11:50:35.0109 2200 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
11:50:35.0312 2200 HPSLPSVC (568e44f6dcfa173f3670172b69379891) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
11:50:35.0468 2200 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
11:50:35.0468 2200 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
11:50:35.0858 2200 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
11:50:36.0077 2200 HTTP - ok
11:50:36.0155 2200 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
11:50:36.0170 2200 i2omp - ok
11:50:36.0217 2200 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:50:36.0248 2200 i8042prt - ok
11:50:36.0435 2200 IAANTMON (582f2d900a3ac34c98fbdc2c0abef6b9) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
11:50:36.0482 2200 IAANTMON - ok
11:50:37.0995 2200 ialm (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:50:38.0651 2200 ialm - ok
11:50:38.0947 2200 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
11:50:38.0994 2200 iaStor - ok
11:50:39.0134 2200 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
11:50:39.0197 2200 iaStorV - ok
11:50:39.0384 2200 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:50:39.0415 2200 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:50:39.0415 2200 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:50:39.0680 2200 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:50:39.0867 2200 idsvc - ok
11:50:41.0973 2200 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:50:42.0426 2200 igfx - ok
11:50:42.0863 2200 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:50:42.0878 2200 iirsp - ok
11:50:43.0112 2200 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:50:43.0175 2200 IKEEXT - ok
11:50:43.0487 2200 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
11:50:43.0752 2200 IntcAzAudAddService - ok
11:50:44.0033 2200 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:50:44.0048 2200 intelide - ok
11:50:44.0157 2200 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:50:44.0267 2200 intelppm - ok
11:50:44.0329 2200 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:50:44.0360 2200 IPBusEnum - ok
11:50:44.0438 2200 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:50:44.0485 2200 IpFilterDriver - ok
11:50:44.0610 2200 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
11:50:44.0703 2200 iphlpsvc - ok
11:50:44.0703 2200 IpInIp - ok
11:50:44.0797 2200 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
11:50:44.0828 2200 IPMIDRV - ok
11:50:44.0906 2200 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:50:44.0937 2200 IPNAT - ok
11:50:45.0203 2200 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
11:50:45.0234 2200 iPod Service - ok
11:50:45.0327 2200 IPSSVC (ac76f0667a2798033f7401f95b163bc7) C:\Windows\system32\IPSSVC.EXE
11:50:45.0343 2200 IPSSVC - ok
11:50:45.0390 2200 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:50:45.0452 2200 IRENUM - ok
11:50:45.0530 2200 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
11:50:45.0546 2200 isapnp - ok
11:50:45.0655 2200 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:50:45.0671 2200 iScsiPrt - ok
11:50:45.0702 2200 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:50:45.0717 2200 iteatapi - ok
11:50:45.0780 2200 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:50:45.0795 2200 iteraid - ok
11:50:45.0858 2200 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:50:45.0873 2200 kbdclass - ok
11:50:45.0967 2200 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:50:45.0998 2200 kbdhid - ok
11:50:46.0185 2200 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:50:46.0201 2200 KeyIso - ok
11:50:46.0310 2200 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
11:50:46.0373 2200 KSecDD - ok
11:50:46.0466 2200 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:50:46.0544 2200 KtmRm - ok
11:50:46.0669 2200 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
11:50:46.0731 2200 LanmanServer - ok
11:50:46.0856 2200 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:50:46.0919 2200 LanmanWorkstation - ok
11:50:46.0997 2200 lenovo.smi (63de2c8974f5d528fbc3d6978fd8ad6a) C:\Windows\system32\DRIVERS\smiif32.sys
11:50:47.0012 2200 lenovo.smi - ok
11:50:47.0231 2200 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:50:47.0277 2200 lltdio - ok
11:50:47.0387 2200 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:50:47.0465 2200 lltdsvc - ok
11:50:47.0511 2200 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:50:47.0574 2200 lmhosts - ok
11:50:47.0636 2200 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
11:50:47.0699 2200 LPCFilter - ok
11:50:47.0745 2200 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
11:50:47.0761 2200 LSI_FC - ok
11:50:47.0823 2200 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
11:50:47.0839 2200 LSI_SAS - ok
11:50:47.0870 2200 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
11:50:47.0886 2200 LSI_SCSI - ok
11:50:48.0026 2200 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:50:48.0089 2200 luafv - ok
11:50:48.0229 2200 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
11:50:48.0245 2200 MBAMProtector - ok
11:50:48.0416 2200 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:50:48.0447 2200 MBAMService - ok
11:50:48.0494 2200 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
11:50:48.0510 2200 megasas - ok
11:50:48.0572 2200 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:50:48.0603 2200 MMCSS - ok
11:50:48.0697 2200 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:50:48.0728 2200 Modem - ok
11:50:48.0822 2200 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:50:48.0869 2200 monitor - ok
11:50:48.0947 2200 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:50:48.0962 2200 mouclass - ok
11:50:49.0025 2200 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:50:49.0056 2200 mouhid - ok
11:50:49.0243 2200 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:50:49.0259 2200 MountMgr - ok
11:50:49.0352 2200 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:50:49.0399 2200 MozillaMaintenance - ok
11:50:49.0493 2200 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
11:50:49.0508 2200 mpio - ok
11:50:49.0571 2200 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:50:49.0664 2200 mpsdrv - ok
11:50:49.0773 2200 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
11:50:49.0820 2200 MpsSvc - ok
11:50:49.0898 2200 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:50:49.0914 2200 Mraid35x - ok
11:50:50.0007 2200 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:50:50.0070 2200 MRxDAV - ok
11:50:50.0132 2200 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:50:50.0319 2200 mrxsmb - ok
11:50:50.0413 2200 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:50:50.0553 2200 mrxsmb10 - ok
11:50:50.0663 2200 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:50:50.0678 2200 mrxsmb20 - ok
11:50:50.0772 2200 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
11:50:50.0787 2200 msahci - ok
11:50:50.0850 2200 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
11:50:50.0865 2200 msdsm - ok
11:50:50.0928 2200 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:50:50.0990 2200 MSDTC - ok
11:50:51.0037 2200 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:50:51.0115 2200 Msfs - ok
11:50:51.0489 2200 msftesql$CSSQL05 (54819fc5c79e4b2c6e896f9de440494d) c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
11:50:51.0505 2200 msftesql$CSSQL05 - ok
11:50:51.0630 2200 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:50:51.0645 2200 msisadrv - ok
11:50:51.0755 2200 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:50:51.0817 2200 MSiSCSI - ok
11:50:51.0833 2200 msiserver - ok
11:50:51.0879 2200 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:50:51.0926 2200 MSKSSRV - ok
11:50:52.0020 2200 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:50:52.0067 2200 MSPCLOCK - ok
11:50:52.0129 2200 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:50:52.0160 2200 MSPQM - ok
11:50:52.0316 2200 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:50:52.0379 2200 MsRPC - ok
11:50:52.0441 2200 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:50:52.0457 2200 mssmbios - ok
11:50:52.0503 2200 MSSQL$CSSQL05 - ok
11:50:52.0659 2200 MSSQL$MSSMLBIZ - ok
11:50:52.0722 2200 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:50:52.0753 2200 MSSQLServerADHelper - ok
11:50:52.0815 2200 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:50:52.0831 2200 MSTEE - ok
11:50:52.0909 2200 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:50:52.0925 2200 Mup - ok
11:50:53.0018 2200 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:50:53.0034 2200 napagent - ok
11:50:53.0127 2200 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:50:53.0174 2200 NativeWifiP - ok
11:50:53.0315 2200 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:50:53.0361 2200 NDIS - ok
11:50:53.0408 2200 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:50:53.0471 2200 NdisTapi - ok
11:50:53.0549 2200 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:50:53.0580 2200 Ndisuio - ok
11:50:53.0642 2200 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:50:53.0736 2200 NdisWan - ok
11:50:53.0798 2200 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:50:53.0829 2200 NDProxy - ok
11:50:53.0892 2200 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
11:50:53.0954 2200 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:50:53.0954 2200 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:50:54.0017 2200 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:50:54.0048 2200 NetBIOS - ok
11:50:54.0141 2200 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:50:54.0329 2200 netbt - ok
11:50:54.0453 2200 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:50:54.0469 2200 Netlogon - ok
11:50:54.0547 2200 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:50:54.0594 2200 Netman - ok
11:50:54.0672 2200 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:50:54.0734 2200 netprofm - ok
11:50:54.0890 2200 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:50:54.0906 2200 NetTcpPortSharing - ok
11:50:55.0327 2200 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys
11:50:55.0577 2200 NETw3v32 - ok
11:50:55.0826 2200 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:50:55.0842 2200 nfrd960 - ok
11:50:55.0951 2200 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:50:56.0013 2200 NlaSvc - ok
11:50:56.0138 2200 nmraapache (13350ddd0976ceb5f125396c7bfb05b4) C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
11:50:56.0185 2200 nmraapache ( UnsignedFile.Multi.Generic ) - warning
11:50:56.0185 2200 nmraapache - detected UnsignedFile.Multi.Generic (1)
11:50:56.0372 2200 nmservice (3cb041b0c24258bdcfd0db1b1bf95efb) C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
11:50:56.0388 2200 nmservice - ok
11:50:56.0450 2200 nmwcd (c82f4cc10ad315b6d6bcb14d0a7cad66) C:\Windows\system32\drivers\ccdcmb.sys
11:50:56.0513 2200 nmwcd - ok
11:50:56.0606 2200 nmwcdc (60ef5f5621d7832f00a3f190a0c905e2) C:\Windows\system32\drivers\ccdcmbo.sys
11:50:56.0653 2200 nmwcdc - ok
11:50:56.0731 2200 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:50:56.0762 2200 Npfs - ok
11:50:56.0809 2200 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:50:56.0840 2200 nsi - ok
11:50:56.0871 2200 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:50:56.0903 2200 nsiproxy - ok
11:50:57.0121 2200 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:50:57.0308 2200 Ntfs - ok
11:50:57.0449 2200 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:50:57.0511 2200 ntrigdigi - ok
11:50:57.0620 2200 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:50:57.0667 2200 Null - ok
11:50:57.0729 2200 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
11:50:57.0745 2200 nvraid - ok
11:50:57.0807 2200 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
11:50:57.0823 2200 nvstor - ok
11:50:57.0885 2200 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
11:50:57.0901 2200 nv_agp - ok
11:50:57.0917 2200 NwlnkFlt - ok
11:50:57.0932 2200 NwlnkFwd - ok
11:50:58.0182 2200 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:50:58.0260 2200 odserv - ok
11:50:58.0385 2200 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
11:50:58.0400 2200 ohci1394 - ok
11:50:58.0494 2200 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:50:58.0509 2200 ose - ok
11:50:58.0681 2200 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:50:58.0868 2200 p2pimsvc - ok
11:50:58.0884 2200 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:50:58.0915 2200 p2psvc - ok
11:50:59.0009 2200 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\DRIVERS\parport.sys
11:50:59.0071 2200 Parport - ok
11:50:59.0165 2200 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
11:50:59.0180 2200 partmgr - ok
11:50:59.0258 2200 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\DRIVERS\parvdm.sys
11:50:59.0305 2200 Parvdm - ok
11:50:59.0399 2200 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:50:59.0445 2200 PcaSvc - ok
11:50:59.0555 2200 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:50:59.0586 2200 pci - ok
11:50:59.0695 2200 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
11:50:59.0726 2200 pciide - ok
11:50:59.0789 2200 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:50:59.0804 2200 pcmcia - ok
11:51:00.0069 2200 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:51:00.0335 2200 PEAUTH - ok
11:51:00.0678 2200 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:51:01.0052 2200 pla - ok
11:51:01.0583 2200 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:51:02.0144 2200 PlugPlay - ok
11:51:02.0363 2200 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
11:51:02.0363 2200 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:51:02.0363 2200 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:51:02.0534 2200 PMSveH (29a26236447e5b5e3fce5e33168c43e0) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
11:51:02.0581 2200 PMSveH ( UnsignedFile.Multi.Generic ) - warning
11:51:02.0581 2200 PMSveH - detected UnsignedFile.Multi.Generic (1)
11:51:02.0784 2200 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:51:02.0799 2200 PNRPAutoReg - ok
11:51:02.0815 2200 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:51:02.0893 2200 PNRPsvc - ok
11:51:02.0987 2200 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:51:03.0049 2200 PolicyAgent - ok
11:51:03.0143 2200 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:51:03.0174 2200 PptpMiniport - ok
11:51:03.0236 2200 PROCDD (c9ca089787aa4ca892f2173a8e15c1b0) C:\Windows\system32\DRIVERS\PROCDD.SYS
11:51:03.0267 2200 PROCDD - ok
11:51:03.0314 2200 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
11:51:03.0377 2200 Processor - ok
11:51:03.0455 2200 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:51:03.0486 2200 ProfSvc - ok
11:51:03.0548 2200 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:51:03.0548 2200 ProtectedStorage - ok
11:51:03.0642 2200 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\Windows\system32\PSIService.exe
11:51:03.0642 2200 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
11:51:03.0642 2200 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
11:51:03.0969 2200 psadd (aac08defb15aaab00b30341c716efa35) C:\Windows\system32\DRIVERS\psadd.sys
11:51:04.0032 2200 psadd - ok
11:51:04.0110 2200 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:51:04.0125 2200 PSched - ok
11:51:04.0219 2200 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
11:51:04.0235 2200 PxHelp20 - ok
11:51:06.0497 2200 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
11:51:06.0637 2200 ql2300 - ok
11:51:06.0715 2200 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:51:06.0731 2200 ql40xx - ok
11:51:06.0840 2200 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:51:06.0933 2200 QWAVE - ok
11:51:06.0980 2200 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:51:07.0011 2200 QWAVEdrv - ok
11:51:07.0089 2200 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:51:07.0105 2200 RasAcd - ok
11:51:07.0214 2200 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:51:07.0323 2200 RasAuto - ok
11:51:07.0370 2200 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:51:07.0386 2200 Rasl2tp - ok
11:51:07.0573 2200 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:51:07.0589 2200 RasMan - ok
11:51:08.0135 2200 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:51:08.0259 2200 RasPppoe - ok
11:51:08.0525 2200 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:51:08.0587 2200 RasSstp - ok
11:51:08.0649 2200 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:51:08.0759 2200 rdbss - ok
11:51:08.0805 2200 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:51:08.0837 2200 RDPCDD - ok
11:51:08.0993 2200 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
11:51:09.0149 2200 rdpdr - ok
11:51:09.0180 2200 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:51:09.0195 2200 RDPENCDD - ok
11:51:09.0351 2200 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
11:51:09.0523 2200 RDPWD - ok
11:51:09.0570 2200 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:51:09.0617 2200 RemoteAccess - ok
11:51:10.0100 2200 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:51:10.0178 2200 RemoteRegistry - ok
11:51:10.0584 2200 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
11:51:10.0599 2200 RFCOMM - ok
11:51:10.0755 2200 RichVideo (4d05898896ec49cf663dda61041ab096) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
11:51:10.0771 2200 RichVideo - ok
11:51:10.0833 2200 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
11:51:10.0849 2200 rimmptsk - ok
11:51:10.0896 2200 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
11:51:10.0943 2200 rimsptsk - ok
11:51:10.0958 2200 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
11:51:11.0005 2200 rismxdp - ok
11:51:11.0052 2200 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:51:11.0083 2200 RpcLocator - ok
11:51:11.0317 2200 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:51:11.0348 2200 RpcSs - ok
11:51:11.0520 2200 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:51:11.0551 2200 rspndr - ok
11:51:11.0582 2200 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:51:11.0598 2200 SamSs - ok
11:51:12.0159 2200 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:51:12.0191 2200 SASDIFSV - ok
11:51:12.0237 2200 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:51:12.0253 2200 SASKUTIL - ok
11:51:12.0362 2200 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:51:12.0362 2200 sbp2port - ok
11:51:12.0503 2200 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:51:12.0612 2200 SCardSvr - ok
11:51:12.0737 2200 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:51:12.0815 2200 Schedule - ok
11:51:12.0924 2200 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:51:12.0955 2200 SCPolicySvc - ok
11:51:13.0080 2200 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
11:51:13.0111 2200 sdbus - ok
11:51:13.0158 2200 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:51:13.0329 2200 SDRSVC - ok
11:51:13.0376 2200 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:51:13.0454 2200 secdrv - ok
11:51:13.0579 2200 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:51:13.0610 2200 seclogon - ok
11:51:13.0688 2200 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
11:51:13.0719 2200 SENS - ok
11:51:13.0766 2200 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
11:51:13.0813 2200 Serenum - ok
11:51:13.0844 2200 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\DRIVERS\serial.sys
11:51:13.0907 2200 Serial - ok
11:51:13.0953 2200 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:51:13.0969 2200 sermouse - ok
11:51:14.0047 2200 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:51:14.0078 2200 SessionEnv - ok
11:51:14.0141 2200 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
11:51:14.0219 2200 sffdisk - ok
11:51:14.0297 2200 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
11:51:14.0312 2200 sffp_mmc - ok
11:51:14.0390 2200 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
11:51:14.0406 2200 sffp_sd - ok
11:51:14.0453 2200 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
11:51:14.0499 2200 sfloppy - ok
11:51:14.0624 2200 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:51:14.0796 2200 SharedAccess - ok
11:51:14.0874 2200 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:51:14.0999 2200 ShellHWDetection - ok
11:51:15.0061 2200 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
11:51:15.0077 2200 sisagp - ok
11:51:15.0108 2200 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
11:51:15.0108 2200 SiSRaid2 - ok
11:51:15.0186 2200 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
11:51:15.0201 2200 SiSRaid4 - ok
11:51:16.0153 2200 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:51:16.0465 2200 slsvc - ok
11:51:17.0245 2200 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:51:17.0307 2200 SLUINotify - ok
11:51:17.0666 2200 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:51:17.0697 2200 Smb - ok
11:51:17.0760 2200 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:51:17.0775 2200 SNMPTRAP - ok
11:51:17.0885 2200 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:51:17.0900 2200 spldr - ok
11:51:18.0009 2200 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:51:18.0103 2200 Spooler - ok
11:51:18.0384 2200 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:51:18.0399 2200 SQLBrowser - ok
11:51:18.0509 2200 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:51:18.0509 2200 SQLWriter - ok
11:51:18.0696 2200 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:51:18.0852 2200 srv - ok
11:51:18.0945 2200 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:51:19.0070 2200 srv2 - ok
11:51:19.0148 2200 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:51:19.0164 2200 srvnet - ok
11:51:19.0226 2200 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:51:19.0304 2200 SSDPSRV - ok
11:51:19.0335 2200 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
11:51:19.0351 2200 ssmdrv - ok
11:51:19.0460 2200 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:51:19.0491 2200 SstpSvc - ok
11:51:19.0710 2200 ssudmdm (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys
11:51:19.0725 2200 ssudmdm - ok
11:51:19.0835 2200 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
11:51:19.0866 2200 StillCam - ok
11:51:19.0975 2200 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:51:20.0022 2200 stisvc - ok
11:51:20.0162 2200 SUService (21bf43c19fe17f2b4319d1859b3694a4) c:\Program Files\Lenovo\System Update\SUService.exe
11:51:20.0178 2200 SUService ( UnsignedFile.Multi.Generic ) - warning
11:51:20.0178 2200 SUService - detected UnsignedFile.Multi.Generic (1)
11:51:20.0209 2200 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:51:20.0225 2200 swenum - ok
11:51:20.0349 2200 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:51:20.0443 2200 swprv - ok
11:51:20.0505 2200 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:51:20.0521 2200 Symc8xx - ok
11:51:20.0537 2200 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:51:20.0552 2200 Sym_hi - ok
11:51:20.0661 2200 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:51:20.0661 2200 Sym_u3 - ok
11:51:20.0739 2200 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
11:51:20.0771 2200 SynTP - ok
11:51:20.0880 2200 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:51:20.0911 2200 SysMain - ok
11:51:20.0989 2200 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:51:21.0005 2200 TabletInputService - ok
11:51:21.0098 2200 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:51:21.0161 2200 TapiSrv - ok
11:51:21.0239 2200 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:51:21.0301 2200 TBS - ok
11:51:21.0535 2200 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
11:51:21.0722 2200 Tcpip - ok
11:51:21.0753 2200 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
11:51:21.0847 2200 Tcpip6 - ok
11:51:21.0956 2200 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:51:22.0065 2200 tcpipreg - ok
11:51:22.0143 2200 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:51:22.0190 2200 TDPIPE - ok
11:51:22.0237 2200 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:51:22.0284 2200 TDTCP - ok
11:51:22.0331 2200 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:51:22.0409 2200 tdx - ok
11:51:22.0471 2200 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:51:22.0487 2200 TermDD - ok
11:51:22.0767 2200 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:51:22.0799 2200 TermService - ok
11:51:22.0908 2200 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:51:22.0923 2200 Themes - ok
11:51:23.0189 2200 ThinkVantage Registry Monitor Service (5ea57a13d8b2eba20a3cba5d5dfc0831) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
11:51:23.0204 2200 ThinkVantage Registry Monitor Service - ok
11:51:23.0313 2200 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:51:23.0345 2200 THREADORDER - ok
11:51:23.0563 2200 TPHKSVC (3023e1b36390e65a3c1fafc5d6e95b06) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:51:23.0563 2200 TPHKSVC - ok
11:51:23.0594 2200 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:51:23.0719 2200 TrkWks - ok
11:51:23.0875 2200 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:51:23.0906 2200 TrustedInstaller - ok
11:51:24.0203 2200 TSSCoreService (865760e60f51d2a33e51ae9ba1806ff8) C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
11:51:24.0265 2200 TSSCoreService - ok
11:51:24.0374 2200 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:51:24.0405 2200 tssecsrv - ok
11:51:24.0499 2200 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:51:24.0561 2200 tunmp - ok
11:51:24.0577 2200 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:51:24.0624 2200 tunnel - ok
11:51:24.0811 2200 TVT Backup Protection Service (a99f64c0bf107b4d3e61dac7f4bd3f26) C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
11:51:24.0858 2200 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
11:51:24.0858 2200 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
11:51:25.0045 2200 TVT Backup Service (e0a5bb730f72b8089b660db9155c0389) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
11:51:25.0185 2200 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
11:51:25.0185 2200 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
11:51:25.0451 2200 TVT Scheduler (354a569d2f3ab9a4e2f061b373059590) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
11:51:25.0575 2200 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
11:51:25.0575 2200 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
11:51:25.0981 2200 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\Windows\system32\DRIVERS\tvtfilter.sys
11:51:25.0981 2200 tvtfilter ( UnsignedFile.Multi.Generic ) - warning
11:51:25.0981 2200 tvtfilter - detected UnsignedFile.Multi.Generic (1)
11:51:26.0028 2200 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\Windows\system32\DRIVERS\Tvti2c.sys
11:51:26.0059 2200 TVTI2C - ok
11:51:26.0153 2200 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
11:51:26.0168 2200 uagp35 - ok
11:51:26.0262 2200 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:51:26.0340 2200 udfs - ok
11:51:26.0387 2200 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:51:26.0418 2200 UI0Detect - ok
11:51:26.0480 2200 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
11:51:26.0496 2200 uliagpkx - ok
11:51:26.0558 2200 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
11:51:26.0621 2200 uliahci - ok
11:51:26.0699 2200 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:51:26.0714 2200 UlSata - ok
11:51:26.0808 2200 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:51:26.0823 2200 ulsata2 - ok
11:51:26.0886 2200 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:51:26.0917 2200 umbus - ok
11:51:27.0011 2200 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:51:27.0073 2200 upnphost - ok
11:51:27.0135 2200 upperdev (bb16932a4189e82d6c455042c11849b6) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
11:51:27.0182 2200 upperdev - ok
11:51:27.0291 2200 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
11:51:27.0338 2200 USBAAPL - ok
11:51:27.0385 2200 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:51:27.0416 2200 usbccgp - ok
11:51:27.0525 2200 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:51:27.0572 2200 usbcir - ok
11:51:27.0759 2200 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:51:27.0775 2200 usbehci - ok
11:51:27.0884 2200 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:51:27.0962 2200 usbhub - ok
11:51:27.0993 2200 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
11:51:28.0040 2200 usbohci - ok
11:51:28.0103 2200 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:51:28.0165 2200 usbprint - ok
11:51:28.0274 2200 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:51:28.0321 2200 usbscan - ok
11:51:28.0415 2200 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\DRIVERS\usbser.sys
11:51:28.0461 2200 usbser - ok
11:51:28.0539 2200 UsbserFilt (e748d50b3b2ec7f40a2ba67fb094cf01) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
11:51:28.0571 2200 UsbserFilt - ok
11:51:28.0649 2200 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:51:28.0664 2200 USBSTOR - ok
11:51:28.0789 2200 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:51:28.0836 2200 usbuhci - ok
11:51:28.0914 2200 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:51:28.0992 2200 usbvideo - ok
11:51:29.0070 2200 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:51:29.0117 2200 UxSms - ok
11:51:29.0257 2200 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:51:29.0382 2200 vds - ok
11:51:29.0444 2200 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:51:29.0491 2200 vga - ok
11:51:29.0569 2200 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:51:29.0600 2200 VgaSave - ok
11:51:29.0725 2200 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
11:51:29.0741 2200 viaagp - ok
11:51:29.0787 2200 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
11:51:29.0881 2200 ViaC7 - ok
11:51:29.0928 2200 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
11:51:29.0928 2200 viaide - ok
11:51:29.0975 2200 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:51:29.0990 2200 volmgr - ok
11:51:30.0099 2200 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:51:30.0162 2200 volmgrx - ok
11:51:30.0271 2200 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:51:30.0287 2200 volsnap - ok
11:51:30.0396 2200 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
11:51:30.0427 2200 vsmraid - ok
11:51:30.0661 2200 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:51:30.0879 2200 VSS - ok
11:51:31.0020 2200 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:51:31.0098 2200 W32Time - ok
11:51:31.0176 2200 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:51:31.0223 2200 WacomPen - ok
11:51:31.0332 2200 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:51:31.0363 2200 Wanarp - ok
11:51:31.0379 2200 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:51:31.0394 2200 Wanarpv6 - ok
11:51:31.0488 2200 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:51:31.0519 2200 wcncsvc - ok
11:51:31.0566 2200 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:51:31.0628 2200 WcsPlugInService - ok
11:51:31.0691 2200 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
11:51:31.0691 2200 Wd - ok
11:51:31.0956 2200 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
11:51:32.0018 2200 Wdf01000 - ok
11:51:32.0081 2200 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:51:32.0143 2200 WdiServiceHost - ok
11:51:32.0143 2200 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:51:32.0174 2200 WdiSystemHost - ok
11:51:32.0283 2200 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:51:32.0315 2200 WebClient - ok
11:51:32.0393 2200 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:51:32.0580 2200 Wecsvc - ok
11:51:32.0611 2200 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:51:32.0658 2200 wercplsupport - ok
11:51:32.0829 2200 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:51:32.0876 2200 WerSvc - ok
11:51:32.0970 2200 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
11:51:32.0985 2200 WimFltr - ok
11:51:33.0095 2200 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:51:33.0126 2200 WinDefend - ok
11:51:33.0141 2200 WinHttpAutoProxySvc - ok
11:51:33.0407 2200 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:51:33.0422 2200 Winmgmt - ok
11:51:33.0719 2200 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:51:33.0953 2200 WinRM - ok
11:51:34.0109 2200 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:51:34.0202 2200 Wlansvc - ok
11:51:34.0296 2200 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:51:34.0311 2200 WmiAcpi - ok
11:51:34.0452 2200 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:51:34.0514 2200 wmiApSrv - ok
11:51:34.0857 2200 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:51:34.0967 2200 WMPNetworkSvc - ok
11:51:35.0045 2200 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:51:35.0185 2200 WPCSvc - ok
11:51:35.0247 2200 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
11:51:35.0263 2200 WPDBusEnum - ok
11:51:35.0372 2200 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:51:35.0435 2200 WpdUsb - ok
11:51:35.0856 2200 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:51:35.0949 2200 WPFFontCache_v0400 - ok
11:51:36.0027 2200 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:51:36.0105 2200 ws2ifsl - ok
11:51:36.0168 2200 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
11:51:36.0183 2200 wscsvc - ok
11:51:36.0199 2200 WSearch - ok
11:51:36.0714 2200 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
11:51:37.0026 2200 wuauserv - ok
11:51:37.0322 2200 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:51:37.0353 2200 WUDFRd - ok
11:51:37.0416 2200 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:51:37.0463 2200 wudfsvc - ok
11:51:37.0556 2200 MBR (0x1B8) (502deab68755258cc18292e048d84e23) \Device\Harddisk0\DR0
11:51:38.0430 2200 \Device\Harddisk0\DR0 - ok
11:51:38.0539 2200 Boot (0x1200) (2d075fe332b489727a1b79e9ab0967be) \Device\Harddisk0\DR0\Partition0
11:51:38.0555 2200 \Device\Harddisk0\DR0\Partition0 - ok
11:51:38.0555 2200 ============================================================
11:51:38.0555 2200 Scan finished
11:51:38.0555 2200 ============================================================
11:51:38.0570 5660 Detected object count: 16
11:51:38.0570 5660 Actual detected object count: 16
11:52:32.0557 5660 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0557 5660 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0557 5660 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0557 5660 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0557 5660 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0557 5660 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0557 5660 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0557 5660 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0557 5660 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0557 5660 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0573 5660 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0573 5660 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0573 5660 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0573 5660 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0573 5660 nmraapache ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0573 5660 nmraapache ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0573 5660 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0573 5660 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0573 5660 PMSveH ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0573 5660 PMSveH ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0573 5660 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0573 5660 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0573 5660 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0573 5660 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0573 5660 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0573 5660 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0588 5660 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0588 5660 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0588 5660 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0588 5660 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:52:32.0588 5660 tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
11:52:32.0588 5660 tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
30.07.2012, 11:41
| #6 |
| | Haufenweise Trojaner nach Download Hi, nichts weltbewegendes gefunden, sehr viele unsignierte Treiber (aber das gibt es, sparen sich die Firmen Geld)... Wie verhält sich der Rechner? chris
__________________ --> Haufenweise Trojaner nach Download |
|
30.07.2012, 11:47
| #7 |
| | Haufenweise Trojaner nach Download Hi, im Moment sieht alles ganz gut aus. Ich könnte mir einbilden, dass sogar alles etwas schneller läuft. Die Toolbar ist auch verschwunden. Vielen lieben Dank für die Hilfe!  Es wäre eine Katastrophe gewesen, wenn der Rechner jetzt ausgefallen wäre. Bin gerade am Hausarbeiten schreiben. Kann ich denn ein paar Programme wieder löschen und habt ihr noch Tipps für mich, dass mein Computer in Zukunft etwas sicherer unterwegs ist? |
|
30.07.2012, 12:16
| #8 |
| | Haufenweise Trojaner nach Download Hi, OTL, AdwCleaner, den Killer und das Verzeichnis C:\_OTL kannst Du löschen... MAM würde ich behalten und ab- und an updaten und einen Fullscann machen (ca. 1xWoche)... Rechner absichern: Zusätzlich zu Avira und der Windows-Firewall noch Threadfire-free Herunterladen Kostenlos). Zum Surfen Firefox mit den PlugIns "WOT" (http://filepony.de/?q=WOT) und "NoScript" (http://filepony.de/download-noscript//)) verwenden, einen "Guest"-Account (keine Adminrechte! XP: (Schritt 6: Eingeschränkte Rechte für Viren - Schritt für Schritt: Windows XP absichern - CHIP Online, Vista/Win7: Windows-7-Anleitung: Benutzerkonten anlegen und verwalten - NETZWELT) anlegen. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
| Themen zu Haufenweise Trojaner nach Download |
| administrator, antivir, autostart, browser, dateien, detected, download, entfernen, explorer, flash player, gelöscht, helper, home, icq, index, loadtbs-3.0, log, malwarebytes, microsoft, nach download, neu, rojaner gefunden, scan, software, superantispyware, system, trojaner, virus, vista |
Linear-Darstellung
