|
Log-Analyse und Auswertung: WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer FestplatteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
20.09.2012, 03:10 | #1 |
| WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Hallo zusammen! Toll, dass es dieses Board gibt! Ich hoffe, dass ich mit eurer Hilfe mein Notebook "putzen" kann. Über meine externe Festplatte, die ich zur Datenübertragung an einen anderen PC angeschlossen hatte, habe ich mir einen Virus namens "Worm.Dorkbot" eingefangen. Was mich aufmerksam gemacht hat, war, dass auf der Festplatte all meine Ordner nur noch als Verknüpfungen angezeigt wurden. Auf die Daten kann ich aber noch zugreifen, wenn ich die geschützten Systemdateien anzeigen lasse (unter Windows 7 in "Ordneroptionen"). Leider hat sich der Wurm, wie es scheint, trotz meines bezahlten Anti-Viren-Programms (Avira Antivirus Premium 2012) auf meinen Computer (Windows 7 Professional, 64 Bit, SP1) übertragen. Im Verzeichnis C:\User\Cornelia\AppData\Roaming finden sich mehrere .EXE-Dateien, allen voran "tlrsrl.ex". Außerdem finde ich nach jedem Neustart des Computers in den Prozessen im Task-Manager ein Programm mit dem vier Buchstaben "xxxx.exe", das etwa 25% meiner CPU-Leistung frisst und den PC sehr heiß laufen lässt und den Lüfter und Akku extrem belastet. Bei einem erneuten Anstecken der Festplatte kommt von meinem Antivirus dann folgende Fehlermeldung: "In der Datei 'E:\RECYCLER\e621ca05.exe' wurde ein Virus oder unerwünschtes Programm 'WORM/Dorkbot.A.2312' [worm] gefunden. Ausgeführte Aktion: Zugriff verweigern" Über den Eingabebefehl der Attributänderung habe ich die Ordner auf meiner externen Festplatte wieder hergestellt und die Verknüpfungen gelöscht. Nach dem Löschen der besagten Datei "e621ca05.exe" auf der externen Festplatte sah es auch gut aus. Beim erneuten Anstecken der Festplatte waren aber wieder alle Ordner zu Verknüpfungen geworden, und die Datei wieder da. Beim googlen nach dem Wurm und dem Problem bin ich unter anderem auf folgenden Thread in Eurem Board gestoßen, bei dem mir das Problem ähnlich erscheint: http://www.trojaner-board.de/103380-...uepfungen.html Ein kompletter Suchlauf mit Antivirus brachte heute 3 Funde, die ich erst in Quarantäne verschieben ließ und dann gelöscht habe. Dennoch sind die verdächtigen Dateien weiterhin im Verzeichnis "AppData\Roaming" vorhanden. Das LOG-File des AntivirusScans poste ich im Anhang. Eure Anweisungen habe ich ebenfalls durchgeführt. Das LOG-File vom Defogger poste ich unten, ebenso wie die OTL.txt. Bei Ausführen dieser Programme hatte ich meine externe Festplatte, die den Virus übertrage hat, angeschlossen, damit sie gegebenenfalls mit durchsucht wird. Da sich auf dieser meine Datensicherungen (erstellt mit Acronis True Image Home) befinden, wäre es gut, wenn die Platte mit bereinigt werden könnte und ich sie nicht komplett formatieren muss. Da ich zur Zeit in Chile studiere und unser Internet manchmal recht instabil ist, kann es sein, dass ich mit dem Antworten manchmal ein bisschen länger brauche (es kann natürlich auch an den 5 Stunden Zeitverschiebung nach Deutschland liegen). Vielen Dank auf jeden Fall schon mal für Eure Bemühungen!!! Herzliche Grüße, Cornelia Hier die Datei "defogger_disable.log": Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:55 on 19/09/2012 (Cornelia) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL logfile created on: 19.09.2012 21:58:40 - Run 1 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Cornelia\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 61,93% Memory free 7,69 Gb Paging File | 5,91 Gb Available in Paging File | 76,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 55,94 Gb Free Space | 57,28% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 14,83 Gb Free Space | 60,75% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 452,27 Gb Free Space | 48,55% Space Free | Partition Type: NTFS Drive M: | 330,50 Gb Total Space | 69,99 Gb Free Space | 21,18% Space Free | Partition Type: NTFS Drive Q: | 11,72 Gb Total Space | 2,26 Gb Free Space | 19,29% Space Free | Partition Type: NTFS Computer Name: CORNELIA-THINK | User Name: Cornelia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.19 21:56:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.08.08 07:56:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.14 15:53:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.14 15:53:15 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.05.14 15:53:15 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 15:53:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.31 14:03:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe PRC - [2011.08.11 06:04:16 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.07.25 18:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2011.07.12 05:03:34 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2011.07.12 04:17:06 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2011.07.12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2011.07.12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011.05.31 05:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2011.05.31 05:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe PRC - [2011.05.31 05:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2011.05.25 09:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AutoLock\ALCKRESI.exe PRC - [2011.02.21 23:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.02.21 23:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.03 18:17:06 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.03.23 12:22:46 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.03.11 09:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009.05.27 17:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe PRC - [2008.10.03 18:58:58 | 000,962,480 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2008.10.03 18:55:12 | 004,378,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2008.10.03 17:40:00 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2008.01.10 07:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe ========== Modules (No Company Name) ========== MOD - [2010.04.06 04:05:16 | 002,085,888 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cv210.dll MOD - [2010.04.06 04:04:06 | 002,201,088 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cxcore210.dll MOD - [2010.03.23 12:26:48 | 000,201,512 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll MOD - [2009.05.27 17:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe MOD - [2005.09.21 02:57:56 | 004,325,376 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.12.09 06:23:04 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:64bit: - [2010.11.12 05:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009.07.13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.07 12:14:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.14 15:53:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.14 15:53:15 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.14 15:53:15 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 15:53:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 14:03:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2011.08.31 14:03:00 | 000,173,416 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc) SRV - [2011.08.31 14:03:00 | 000,087,400 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2011.07.27 16:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.07.27 15:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.07.25 18:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2011.07.12 03:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 03:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.07.12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011.07.08 12:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV - [2011.05.31 05:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2011.05.31 05:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2011.05.18 16:31:14 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV - [2011.02.21 23:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.02.21 23:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.03 18:17:04 | 000,965,408 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.09.22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 09:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.03.18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.11 09:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009.06.10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.03 17:41:22 | 000,743,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.01.10 07:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006.12.14 11:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2005.11.17 09:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.14 15:53:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.14 15:53:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.01.22 09:31:01 | 001,580,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm140.sys -- (tdrpman140) DRV:64bit: - [2012.01.22 09:30:58 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.01.22 09:30:58 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2012.01.22 09:30:56 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snman380.sys -- (snapman380) DRV:64bit: - [2011.12.23 09:08:27 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.12.23 09:08:27 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.12.23 00:32:25 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.12.15 10:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.08.31 14:03:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64) DRV:64bit: - [2011.08.31 14:03:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2011.08.09 10:32:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.08.03 12:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.05.19 08:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.04.25 22:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.12.09 06:23:04 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2010.12.09 06:23:04 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2010.12.08 00:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2010.12.01 08:15:30 | 000,426,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2010.11.24 08:24:24 | 000,145,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.11.20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.20 02:06:22 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.11.20 02:06:20 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.11.12 05:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2010.10.19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.15 03:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.21 13:14:10 | 000,164,992 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2010.09.07 01:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:64bit: - [2010.08.26 23:14:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.06.23 04:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009.07.13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV - [2011.07.08 12:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE) DRV - [2009.07.13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.13 08:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.homitrlz.in IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112454&tt=060612_6_&babsrc=SP_ss&mntrId=942b238f000000000000081196ea00a0 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE467 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.homitrlz.in" FF - prefs.js..extensions.enabledAddons: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1 FF - prefs.js..extensions.enabledAddons: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.6 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=942b238f000000000000081196ea00a0&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Cornelia\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 12:14:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 21:33:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 12:14:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.21 11:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Extensions [2012.09.16 00:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions [2012.08.21 10:06:49 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.08.18 10:54:58 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.01.22 17:21:29 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2012.01.22 09:23:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.16 00:48:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.22 17:21:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\engine@conduit.com [2012.01.21 18:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default - Kopie\extensions [2012.01.22 09:23:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default - Kopie\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.09.26 15:26:03 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\extensions\finder@meingutscheincode.de.xpi [2011.05.16 17:21:21 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2010.09.10 05:54:17 | 000,002,354 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\searchplugins\ecosia.xml [2012.09.07 12:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.07 12:14:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.07 12:14:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.07 12:14:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.17 21:27:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.23 17:43:40 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.08.28 20:26:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.17 21:27:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 21:27:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 21:27:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 21:27:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Skype Click to Call = C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ O1 HOSTS File: ([2009.06.10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [Facebook Update] C:\Users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [LTT] C:\Programme\PC-Doctor\EnableToolbarW32.exe (PC-Doctor, Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [Tlrsrl] C:\Users\Cornelia\AppData\Roaming\Tlrsrl.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0880508D-7E36-42E2-83F2-D7A2FE8C6012}: Domain = uni-tuebingen.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0880508D-7E36-42E2-83F2-D7A2FE8C6012}: NameServer = 134.2.200.1,134.2.200.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33E24BAF-9711-4E6E-86CB-541DF48FAB5D}: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{43e6181b-ea58-11e1-965a-047d7b3145ea}\Shell - "" = AutoRun O33 - MountPoints2\{43e6181b-ea58-11e1-965a-047d7b3145ea}\Shell\AutoRun\command - "" = F:\iLinker.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.19 21:56:33 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe [2012.09.08 01:37:02 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.09.07 12:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.09.02 12:54:28 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\Facebook [2012.08.30 10:52:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2012.08.30 10:50:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4 [2012.08.29 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{48E1F8FF-1C7B-4A56-9CED-376BB26251A2} [2012.08.28 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{349B95A0-1296-4E8D-A8F8-FDE0E8F47A6B} [2012.08.28 18:55:14 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\Macromedia [3 C:\Users\Cornelia\AppData\Roaming\*.tmp files -> C:\Users\Cornelia\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.19 21:59:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job [2012.09.19 21:57:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.19 21:57:15 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.19 21:57:15 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.19 21:57:15 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.19 21:57:15 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.19 21:56:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe [2012.09.19 21:55:09 | 000,000,000 | ---- | M] () -- C:\Users\Cornelia\defogger_reenable [2012.09.19 21:51:49 | 000,050,477 | ---- | M] () -- C:\Users\Cornelia\Desktop\Defogger.exe [2012.09.19 21:46:26 | 000,167,936 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\Tlrsrl.exe [2012.09.19 21:42:58 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.19 21:42:58 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.19 21:36:29 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\28B4.exe [2012.09.19 21:36:07 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.19 21:35:29 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.09.19 21:35:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.19 21:35:19 | 3095,773,184 | -HS- | M] () -- C:\hiberfil.sys [2012.09.19 21:28:36 | 000,775,620 | ---- | M] () -- C:\Users\Cornelia\Desktop\Virenfunde_1.jpg [2012.09.19 21:17:23 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.19 20:03:25 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\59DC.exe [2012.09.19 13:02:53 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\5984.exe [2012.09.19 12:59:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job [2012.09.19 12:52:34 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\24DE.exe [2012.09.19 12:04:08 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\ABF0.exe [2012.09.16 17:42:02 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\930E.exe [2012.09.16 16:50:08 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\C8F.exe [2012.09.16 13:29:42 | 594,592,768 | ---- | M] () -- C:\Users\Cornelia\Desktop\Raphaels Audiodatei von EK-Projekt-Aufnahmegerät.WAV [2012.09.16 12:47:47 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\2DEE.exe [2012.09.16 12:12:22 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\BF05.exe [2012.09.16 11:41:26 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\70A5.exe [2012.09.16 03:49:21 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\3956.exe [2012.09.16 02:58:55 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\F48.exe [2012.09.16 00:46:02 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\64F3.exe [2012.09.12 10:36:23 | 000,006,656 | ---- | M] () -- C:\Users\Cornelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.06 13:37:58 | 000,002,133 | ---- | M] () -- C:\Users\Cornelia\.recently-used.xbel [2012.09.03 12:30:07 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.09.03 12:29:58 | 000,361,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.30 10:50:58 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [3 C:\Users\Cornelia\AppData\Roaming\*.tmp files -> C:\Users\Cornelia\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.19 21:55:09 | 000,000,000 | ---- | C] () -- C:\Users\Cornelia\defogger_reenable [2012.09.19 21:51:49 | 000,050,477 | ---- | C] () -- C:\Users\Cornelia\Desktop\Defogger.exe [2012.09.19 21:46:26 | 000,167,936 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\Tlrsrl.exe [2012.09.19 21:36:29 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\28B4.exe [2012.09.19 21:28:36 | 000,775,620 | ---- | C] () -- C:\Users\Cornelia\Desktop\Virenfunde_1.jpg [2012.09.19 20:03:25 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\59DC.exe [2012.09.19 13:02:53 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\5984.exe [2012.09.19 12:52:34 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\24DE.exe [2012.09.19 12:04:08 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\ABF0.exe [2012.09.16 17:42:02 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\930E.exe [2012.09.16 16:50:08 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\C8F.exe [2012.09.16 12:47:47 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\2DEE.exe [2012.09.16 12:22:38 | 594,592,768 | ---- | C] () -- C:\Users\Cornelia\Desktop\Raphaels Audiodatei von EK-Projekt-Aufnahmegerät.WAV [2012.09.16 12:12:22 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\BF05.exe [2012.09.16 11:41:26 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\70A5.exe [2012.09.16 03:49:21 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\3956.exe [2012.09.16 02:58:55 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\F48.exe [2012.09.16 00:46:02 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\64F3.exe [2012.09.06 13:37:58 | 000,002,133 | ---- | C] () -- C:\Users\Cornelia\.recently-used.xbel [2012.09.02 12:54:32 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job [2012.09.02 12:54:32 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job [2012.08.30 10:50:58 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.04.11 17:04:58 | 000,000,698 | ---- | C] () -- C:\Users\Cornelia\.ufrawrc [2012.04.10 23:53:03 | 000,006,656 | ---- | C] () -- C:\Users\Cornelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.04 13:50:20 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.01.23 13:16:27 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.12.23 08:54:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.12.23 00:24:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.23 00:24:40 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.12.23 00:24:40 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.12.23 00:24:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.12.23 00:24:40 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll ========== ZeroAccess Check ========== [2009.07.14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2012.01.22 09:57:39 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Acronis [2012.05.15 22:00:46 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Ahnenblatt [2012.03.03 17:10:06 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\AnvSoft [2012.06.23 17:43:36 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Babylon [2012.04.04 14:16:01 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\DesktopIconForAmazon [2012.06.11 21:13:03 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\DVDVideoSoft [2012.01.21 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers [2012.07.07 21:49:26 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\FileZilla [2012.01.21 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Flo & Seb Engineering [2012.06.27 01:44:09 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Groovedown [2012.08.22 13:08:35 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\gtk-2.0 [2012.04.12 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\hdbADS [2012.09.19 21:56:56 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\ICQ [2012.02.22 19:18:40 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\IrfanView [2012.01.20 19:07:53 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Leadertech [2012.01.20 19:18:32 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Lenovo [2012.01.23 13:34:32 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\MAGIX [2012.09.16 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\MediaMonkey [2012.04.12 19:54:39 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\MrJobs [2012.03.04 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Nvu [2012.01.21 12:07:23 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\OpenOffice.org [2012.01.20 19:28:54 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\PCDr [2012.01.20 21:23:23 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\PwrMgr [2012.01.22 08:54:45 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Thunderbird [2012.01.21 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Ulead Systems [2012.06.23 22:41:03 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\uTorrent [2012.04.04 14:14:40 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\VSO ========== Purity Check ========== < End of report > |
20.09.2012, 08:10 | #2 |
/// Malwareteam | WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer FestplatteMein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall uTorrent. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.[/color] Schritt 1: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ |
20.09.2012, 14:44 | #3 |
| WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Hallo Marius!
__________________Vielen Dank, dass du mir hilfst!!! Ich habe mich für die Bereinigung entschieden, unter anderem auch, da meine externe Festplatte mit den Datensicherungen ja ebenfalls infiziert ist und meine letzte Datensicherung leider auch schon ein paar Wochen alt. Hier in Chile verwende ich den PC nicht so intensiv, dass ich sie jede Woche mache... :/ Hier auch gleich eine Frage. Soll ich die externe Festplatte bei allem, was ich nach deinen Angaben ausführe, an den PC anschließen, damit sie mit gescant und bereinigt wird? Das Tool uTorrent ist auf meinem PC nicht mehr vorhanden (oder jedenfalls von mir nicht auffindbar). Ich hatte es herunterladen müssen für einen Uni-Kurs hier in Chile im letzten Semester, habe es aber danach gleich wieder deinstalliert - aus eben den Gründen, die du genannt hast. Ich habe meinen PC jetzt auch danach suchen lassen, aber die "OTL.txt" ist die einzige File, wo das Programm auftaucht. Kann ich dennoch mit Schritt 1 und 2 weitermachen? |
20.09.2012, 14:54 | #4 |
/// Malwareteam | WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Schließe die Platte nur an, wenn ich es ausdrücklich sage und mache weiter mit Schritt 1 und 2.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
20.09.2012, 15:44 | #5 |
| WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte So, hier kommen die "Ergebnisse" aus Schritt 1 und Schritt 2. Die LOG-File des TDSS-Killers: Code:
ATTFilter 11:00:54.0770 0124 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 11:00:55.0410 0124 ============================================================ 11:00:55.0410 0124 Current date / time: 2012/09/20 11:00:55.0410 11:00:55.0410 0124 SystemInfo: 11:00:55.0410 0124 11:00:55.0410 0124 OS Version: 6.1.7601 ServicePack: 1.0 11:00:55.0410 0124 Product type: Workstation 11:00:55.0410 0124 ComputerName: CORNELIA-THINK 11:00:55.0410 0124 UserName: Cornelia 11:00:55.0410 0124 Windows directory: C:\Windows 11:00:55.0410 0124 System windows directory: C:\Windows 11:00:55.0410 0124 Running under WOW64 11:00:55.0410 0124 Processor architecture: Intel x64 11:00:55.0410 0124 Number of processors: 4 11:00:55.0410 0124 Page size: 0x1000 11:00:55.0410 0124 Boot type: Normal boot 11:00:55.0410 0124 ============================================================ 11:00:55.0830 0124 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:00:55.0830 0124 ============================================================ 11:00:55.0830 0124 \Device\Harddisk0\DR0: 11:00:55.0830 0124 MBR partitions: 11:00:55.0830 0124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000 11:00:55.0830 0124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xC350000 11:00:55.0850 0124 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC63F000, BlocksNum 0x30D4000 11:00:55.0850 0124 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xF713800, BlocksNum 0x29502000 11:00:55.0850 0124 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x38C15800, BlocksNum 0x1770000 11:00:55.0850 0124 ============================================================ 11:00:55.0880 0124 C: <-> \Device\Harddisk0\DR0\Partition2 11:00:55.0940 0124 Q: <-> \Device\Harddisk0\DR0\Partition5 11:00:55.0990 0124 D: <-> \Device\Harddisk0\DR0\Partition3 11:00:56.0040 0124 M: <-> \Device\Harddisk0\DR0\Partition4 11:00:56.0040 0124 ============================================================ 11:00:56.0040 0124 Initialize success 11:00:56.0040 0124 ============================================================ 11:01:01.0450 2728 ============================================================ 11:01:01.0450 2728 Scan started 11:01:01.0450 2728 Mode: Manual; TDLFS; 11:01:01.0450 2728 ============================================================ 11:01:01.0770 2728 ================ Scan system memory ======================== 11:01:01.0770 2728 System memory - ok 11:01:01.0770 2728 ================ Scan services ============================= 11:01:01.0900 2728 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 11:01:01.0910 2728 1394ohci - ok 11:01:01.0940 2728 [ 54C861A113568012E48FA1350EA05122 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys 11:01:01.0940 2728 5U877 - ok 11:01:01.0960 2728 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 11:01:01.0970 2728 ACPI - ok 11:01:01.0980 2728 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 11:01:01.0980 2728 AcpiPmi - ok 11:01:02.0120 2728 [ D0EDA6533DD11F1384346A5680E5E42A ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 11:01:02.0130 2728 AcrSch2Svc - ok 11:01:02.0160 2728 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 11:01:02.0170 2728 adp94xx - ok 11:01:02.0180 2728 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 11:01:02.0180 2728 adpahci - ok 11:01:02.0190 2728 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 11:01:02.0190 2728 adpu320 - ok 11:01:02.0210 2728 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 11:01:02.0210 2728 AeLookupSvc - ok 11:01:02.0260 2728 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 11:01:02.0270 2728 AFD - ok 11:01:02.0280 2728 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 11:01:02.0280 2728 agp440 - ok 11:01:02.0310 2728 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 11:01:02.0310 2728 ALG - ok 11:01:02.0310 2728 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 11:01:02.0310 2728 aliide - ok 11:01:02.0320 2728 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 11:01:02.0320 2728 amdide - ok 11:01:02.0320 2728 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 11:01:02.0320 2728 AmdK8 - ok 11:01:02.0330 2728 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 11:01:02.0330 2728 AmdPPM - ok 11:01:02.0370 2728 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 11:01:02.0370 2728 amdsata - ok 11:01:02.0380 2728 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 11:01:02.0380 2728 amdsbs - ok 11:01:02.0400 2728 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 11:01:02.0400 2728 amdxata - ok 11:01:02.0460 2728 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 11:01:02.0470 2728 AntiVirMailService - ok 11:01:02.0530 2728 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 11:01:02.0530 2728 AntiVirSchedulerService - ok 11:01:02.0550 2728 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 11:01:02.0550 2728 AntiVirService - ok 11:01:02.0580 2728 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 11:01:02.0590 2728 AntiVirWebService - ok 11:01:02.0630 2728 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 11:01:02.0630 2728 AppID - ok 11:01:02.0650 2728 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 11:01:02.0650 2728 AppIDSvc - ok 11:01:02.0660 2728 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 11:01:02.0660 2728 Appinfo - ok 11:01:02.0690 2728 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 11:01:02.0690 2728 AppMgmt - ok 11:01:02.0700 2728 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 11:01:02.0700 2728 arc - ok 11:01:02.0710 2728 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 11:01:02.0710 2728 arcsas - ok 11:01:02.0720 2728 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 11:01:02.0720 2728 AsyncMac - ok 11:01:02.0740 2728 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 11:01:02.0740 2728 atapi - ok 11:01:02.0760 2728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 11:01:02.0760 2728 AudioEndpointBuilder - ok 11:01:02.0780 2728 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 11:01:02.0790 2728 AudioSrv - ok 11:01:02.0830 2728 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 11:01:02.0830 2728 avgntflt - ok 11:01:02.0860 2728 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 11:01:02.0870 2728 avipbb - ok 11:01:02.0890 2728 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 11:01:02.0890 2728 avkmgr - ok 11:01:02.0910 2728 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 11:01:02.0910 2728 AxInstSV - ok 11:01:02.0930 2728 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 11:01:02.0930 2728 b06bdrv - ok 11:01:02.0950 2728 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 11:01:02.0950 2728 b57nd60a - ok 11:01:02.0970 2728 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 11:01:02.0980 2728 BDESVC - ok 11:01:02.0980 2728 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 11:01:02.0980 2728 Beep - ok 11:01:03.0020 2728 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 11:01:03.0020 2728 BFE - ok 11:01:03.0060 2728 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 11:01:03.0070 2728 BITS - ok 11:01:03.0090 2728 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 11:01:03.0090 2728 blbdrive - ok 11:01:03.0130 2728 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 11:01:03.0130 2728 bowser - ok 11:01:03.0140 2728 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 11:01:03.0140 2728 BrFiltLo - ok 11:01:03.0140 2728 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 11:01:03.0140 2728 BrFiltUp - ok 11:01:03.0150 2728 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll 11:01:03.0150 2728 Browser - ok 11:01:03.0170 2728 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 11:01:03.0170 2728 Brserid - ok 11:01:03.0170 2728 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 11:01:03.0170 2728 BrSerWdm - ok 11:01:03.0180 2728 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 11:01:03.0180 2728 BrUsbMdm - ok 11:01:03.0180 2728 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 11:01:03.0180 2728 BrUsbSer - ok 11:01:03.0210 2728 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 11:01:03.0210 2728 BthEnum - ok 11:01:03.0220 2728 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 11:01:03.0220 2728 BTHMODEM - ok 11:01:03.0230 2728 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 11:01:03.0240 2728 BthPan - ok 11:01:03.0260 2728 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 11:01:03.0270 2728 BTHPORT - ok 11:01:03.0280 2728 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 11:01:03.0280 2728 bthserv - ok 11:01:03.0290 2728 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 11:01:03.0290 2728 BTHUSB - ok 11:01:03.0330 2728 [ 292E3842E75E4AEA1A9CE7DA4B1C55F4 ] BTWAMPFL C:\Windows\system32\DRIVERS\btwampfl.sys 11:01:03.0330 2728 BTWAMPFL - ok 11:01:03.0340 2728 [ D9B09128791A8D65B2156F9C2CFB54A8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 11:01:03.0340 2728 btwaudio - ok 11:01:03.0360 2728 [ 3432DD66AE75AB2DE6D0527AD78DBFC7 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 11:01:03.0360 2728 btwavdt - ok 11:01:03.0440 2728 [ DE7717E59DFB6D169B646827CC02E361 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe 11:01:03.0450 2728 btwdins - ok 11:01:03.0470 2728 [ D5088E57A32DFBC1B497B264E5AB5FBA ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 11:01:03.0470 2728 btwl2cap - ok 11:01:03.0480 2728 [ 13A9C2CEDD44C175E6CA39A536795CA6 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 11:01:03.0480 2728 btwrchid - ok 11:01:03.0500 2728 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 11:01:03.0500 2728 cdfs - ok 11:01:03.0540 2728 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 11:01:03.0540 2728 cdrom - ok 11:01:03.0580 2728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 11:01:03.0580 2728 CertPropSvc - ok 11:01:03.0600 2728 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 11:01:03.0600 2728 circlass - ok 11:01:03.0620 2728 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 11:01:03.0620 2728 CLFS - ok 11:01:03.0710 2728 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:01:03.0720 2728 clr_optimization_v2.0.50727_32 - ok 11:01:03.0760 2728 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:01:03.0770 2728 clr_optimization_v2.0.50727_64 - ok 11:01:03.0810 2728 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:01:03.0820 2728 clr_optimization_v4.0.30319_32 - ok 11:01:03.0850 2728 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:01:03.0860 2728 clr_optimization_v4.0.30319_64 - ok 11:01:03.0890 2728 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 11:01:03.0890 2728 CmBatt - ok 11:01:03.0910 2728 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 11:01:03.0910 2728 cmdide - ok 11:01:03.0960 2728 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\Windows\system32\Drivers\cng.sys 11:01:03.0970 2728 CNG - ok 11:01:03.0990 2728 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 11:01:03.0990 2728 Compbatt - ok 11:01:04.0020 2728 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 11:01:04.0020 2728 CompositeBus - ok 11:01:04.0030 2728 COMSysApp - ok 11:01:04.0040 2728 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 11:01:04.0040 2728 crcdisk - ok 11:01:04.0070 2728 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll 11:01:04.0080 2728 CryptSvc - ok 11:01:04.0100 2728 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 11:01:04.0100 2728 CSC - ok 11:01:04.0130 2728 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 11:01:04.0130 2728 CscService - ok 11:01:04.0160 2728 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys 11:01:04.0160 2728 CVirtA - ok 11:01:04.0210 2728 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe 11:01:04.0230 2728 CVPND - ok 11:01:04.0260 2728 [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys 11:01:04.0260 2728 CVPNDRVA - ok 11:01:04.0300 2728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 11:01:04.0300 2728 DcomLaunch - ok 11:01:04.0330 2728 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 11:01:04.0330 2728 defragsvc - ok 11:01:04.0350 2728 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 11:01:04.0350 2728 DfsC - ok 11:01:04.0380 2728 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 11:01:04.0380 2728 Dhcp - ok 11:01:04.0400 2728 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 11:01:04.0400 2728 discache - ok 11:01:04.0420 2728 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 11:01:04.0420 2728 Disk - ok 11:01:04.0440 2728 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 11:01:04.0440 2728 dmvsc - ok 11:01:04.0460 2728 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys 11:01:04.0470 2728 DNE - ok 11:01:04.0480 2728 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 11:01:04.0490 2728 Dnscache - ok 11:01:04.0500 2728 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 11:01:04.0500 2728 dot3svc - ok 11:01:04.0550 2728 [ 277247B79DA2230D0C3AEB83E6CD8CA7 ] DozeSvc C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE 11:01:04.0550 2728 DozeSvc - ok 11:01:04.0560 2728 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 11:01:04.0560 2728 DPS - ok 11:01:04.0570 2728 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 11:01:04.0570 2728 drmkaud - ok 11:01:04.0600 2728 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 11:01:04.0610 2728 DXGKrnl - ok 11:01:04.0630 2728 [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64 C:\Windows\system32\DRIVERS\DzHDD64.sys 11:01:04.0630 2728 DzHDD64 - ok 11:01:04.0650 2728 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 11:01:04.0650 2728 EapHost - ok 11:01:04.0720 2728 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 11:01:04.0750 2728 ebdrv - ok 11:01:04.0790 2728 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 11:01:04.0790 2728 EFS - ok 11:01:04.0830 2728 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 11:01:04.0840 2728 ehRecvr - ok 11:01:04.0850 2728 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 11:01:04.0850 2728 ehSched - ok 11:01:04.0880 2728 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 11:01:04.0890 2728 elxstor - ok 11:01:04.0890 2728 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 11:01:04.0890 2728 ErrDev - ok 11:01:04.0910 2728 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 11:01:04.0910 2728 EventSystem - ok 11:01:05.0010 2728 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 11:01:05.0020 2728 EvtEng - ok 11:01:05.0040 2728 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 11:01:05.0050 2728 exfat - ok 11:01:05.0060 2728 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 11:01:05.0070 2728 fastfat - ok 11:01:05.0090 2728 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 11:01:05.0100 2728 Fax - ok 11:01:05.0100 2728 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 11:01:05.0110 2728 fdc - ok 11:01:05.0120 2728 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 11:01:05.0130 2728 fdPHost - ok 11:01:05.0140 2728 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 11:01:05.0140 2728 FDResPub - ok 11:01:05.0170 2728 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 11:01:05.0170 2728 FileInfo - ok 11:01:05.0190 2728 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 11:01:05.0190 2728 Filetrace - ok 11:01:05.0290 2728 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe 11:01:05.0320 2728 FirebirdServerMAGIXInstance - ok 11:01:05.0320 2728 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 11:01:05.0320 2728 flpydisk - ok 11:01:05.0340 2728 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 11:01:05.0340 2728 FltMgr - ok 11:01:05.0380 2728 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 11:01:05.0390 2728 FontCache - ok 11:01:05.0460 2728 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:01:05.0460 2728 FontCache3.0.0.0 - ok 11:01:05.0480 2728 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 11:01:05.0480 2728 FsDepends - ok 11:01:05.0490 2728 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 11:01:05.0490 2728 Fs_Rec - ok 11:01:05.0510 2728 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 11:01:05.0510 2728 fvevol - ok 11:01:05.0530 2728 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 11:01:05.0530 2728 gagp30kx - ok 11:01:05.0570 2728 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 11:01:05.0570 2728 gpsvc - ok 11:01:05.0620 2728 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:01:05.0620 2728 gupdate - ok 11:01:05.0640 2728 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:01:05.0640 2728 gupdatem - ok 11:01:05.0660 2728 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 11:01:05.0660 2728 hcw85cir - ok 11:01:05.0680 2728 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 11:01:05.0680 2728 HdAudAddService - ok 11:01:05.0700 2728 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 11:01:05.0700 2728 HDAudBus - ok 11:01:05.0700 2728 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 11:01:05.0700 2728 HidBatt - ok 11:01:05.0710 2728 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 11:01:05.0710 2728 HidBth - ok 11:01:05.0710 2728 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 11:01:05.0710 2728 HidIr - ok 11:01:05.0730 2728 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 11:01:05.0730 2728 hidserv - ok 11:01:05.0750 2728 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 11:01:05.0750 2728 HidUsb - ok 11:01:05.0770 2728 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 11:01:05.0780 2728 hkmsvc - ok 11:01:05.0780 2728 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 11:01:05.0780 2728 HomeGroupListener - ok 11:01:05.0800 2728 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 11:01:05.0800 2728 HomeGroupProvider - ok 11:01:05.0810 2728 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 11:01:05.0810 2728 HpSAMD - ok 11:01:05.0830 2728 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 11:01:05.0840 2728 HTTP - ok 11:01:05.0850 2728 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 11:01:05.0850 2728 hwpolicy - ok 11:01:05.0900 2728 [ E935C8099F9196BF19224D9EE4808612 ] HyperW7Svc C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe 11:01:05.0910 2728 HyperW7Svc - ok 11:01:05.0920 2728 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 11:01:05.0930 2728 i8042prt - ok 11:01:05.0970 2728 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 11:01:05.0970 2728 iaStor - ok 11:01:06.0000 2728 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 11:01:06.0010 2728 iaStorV - ok 11:01:06.0030 2728 [ 29ED470689B7C597A9701D6A4C57A578 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys 11:01:06.0030 2728 IBMPMDRV - ok 11:01:06.0040 2728 [ BC7AF43EEC24E995D770EC92A441D5D8 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe 11:01:06.0050 2728 IBMPMSVC - ok 11:01:06.0100 2728 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:01:06.0100 2728 idsvc - ok 11:01:06.0340 2728 [ 33FAA40B288002C89529DBD14F3AB72C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 11:01:06.0390 2728 igfx - ok 11:01:06.0420 2728 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 11:01:06.0420 2728 iirsp - ok 11:01:06.0450 2728 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 11:01:06.0450 2728 IKEEXT - ok 11:01:06.0550 2728 [ DDFADF2FA49C078A9C8270F29D6958B1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 11:01:06.0570 2728 IntcAzAudAddService - ok 11:01:06.0600 2728 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 11:01:06.0600 2728 IntcDAud - ok 11:01:06.0610 2728 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 11:01:06.0610 2728 intelide - ok 11:01:06.0620 2728 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 11:01:06.0620 2728 intelppm - ok 11:01:06.0650 2728 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 11:01:06.0660 2728 IPBusEnum - ok 11:01:06.0660 2728 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:01:06.0660 2728 IpFilterDriver - ok 11:01:06.0670 2728 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 11:01:06.0670 2728 iphlpsvc - ok 11:01:06.0680 2728 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 11:01:06.0680 2728 IPMIDRV - ok 11:01:06.0690 2728 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 11:01:06.0690 2728 IPNAT - ok 11:01:06.0710 2728 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 11:01:06.0710 2728 IRENUM - ok 11:01:06.0720 2728 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 11:01:06.0720 2728 isapnp - ok 11:01:06.0730 2728 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 11:01:06.0730 2728 iScsiPrt - ok 11:01:06.0770 2728 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 11:01:06.0770 2728 kbdclass - ok 11:01:06.0770 2728 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 11:01:06.0780 2728 kbdhid - ok 11:01:06.0790 2728 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 11:01:06.0790 2728 KeyIso - ok 11:01:06.0810 2728 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 11:01:06.0810 2728 KSecDD - ok 11:01:06.0840 2728 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 11:01:06.0840 2728 KSecPkg - ok 11:01:06.0850 2728 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 11:01:06.0850 2728 ksthunk - ok 11:01:06.0870 2728 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 11:01:06.0880 2728 KtmRm - ok 11:01:06.0940 2728 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 11:01:06.0940 2728 LanmanServer - ok 11:01:06.0960 2728 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 11:01:06.0960 2728 LanmanWorkstation - ok 11:01:07.0000 2728 [ 56B74943929BC575914631EDC0E72220 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe 11:01:07.0000 2728 LENOVO.CAMMUTE - ok 11:01:07.0060 2728 [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe 11:01:07.0060 2728 LENOVO.MICMUTE - ok 11:01:07.0070 2728 [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys 11:01:07.0070 2728 lenovo.smi - ok 11:01:07.0090 2728 [ F9B51B2A5DA1222A910021C71E9EA559 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 11:01:07.0090 2728 LENOVO.TPKNRSVC - ok 11:01:07.0110 2728 [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe 11:01:07.0110 2728 Lenovo.VIRTSCRLSVC - ok 11:01:07.0140 2728 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 11:01:07.0150 2728 lltdio - ok 11:01:07.0180 2728 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 11:01:07.0180 2728 lltdsvc - ok 11:01:07.0200 2728 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 11:01:07.0200 2728 lmhosts - ok 11:01:07.0250 2728 [ E7859BA062DB5E23C6DD34AD66B09F50 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 11:01:07.0250 2728 LMS - ok 11:01:07.0270 2728 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 11:01:07.0280 2728 LSI_FC - ok 11:01:07.0290 2728 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 11:01:07.0290 2728 LSI_SAS - ok 11:01:07.0300 2728 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 11:01:07.0300 2728 LSI_SAS2 - ok 11:01:07.0320 2728 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 11:01:07.0320 2728 LSI_SCSI - ok 11:01:07.0340 2728 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 11:01:07.0340 2728 luafv - ok 11:01:07.0350 2728 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 11:01:07.0350 2728 Mcx2Svc - ok 11:01:07.0360 2728 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 11:01:07.0360 2728 megasas - ok 11:01:07.0360 2728 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 11:01:07.0370 2728 MegaSR - ok 11:01:07.0380 2728 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 11:01:07.0380 2728 MEIx64 - ok 11:01:07.0390 2728 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 11:01:07.0390 2728 MMCSS - ok 11:01:07.0400 2728 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 11:01:07.0400 2728 Modem - ok 11:01:07.0420 2728 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 11:01:07.0420 2728 monitor - ok 11:01:07.0430 2728 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 11:01:07.0440 2728 mouclass - ok 11:01:07.0460 2728 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 11:01:07.0460 2728 mouhid - ok 11:01:07.0480 2728 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 11:01:07.0480 2728 mountmgr - ok 11:01:07.0520 2728 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 11:01:07.0520 2728 MozillaMaintenance - ok 11:01:07.0530 2728 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 11:01:07.0530 2728 mpio - ok 11:01:07.0550 2728 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 11:01:07.0550 2728 mpsdrv - ok 11:01:07.0590 2728 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 11:01:07.0590 2728 MpsSvc - ok 11:01:07.0600 2728 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 11:01:07.0600 2728 MRxDAV - ok 11:01:07.0630 2728 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 11:01:07.0630 2728 mrxsmb - ok 11:01:07.0650 2728 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:01:07.0650 2728 mrxsmb10 - ok 11:01:07.0670 2728 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:01:07.0670 2728 mrxsmb20 - ok 11:01:07.0670 2728 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 11:01:07.0680 2728 msahci - ok 11:01:07.0680 2728 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 11:01:07.0680 2728 msdsm - ok 11:01:07.0700 2728 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 11:01:07.0700 2728 MSDTC - ok 11:01:07.0720 2728 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 11:01:07.0720 2728 Msfs - ok 11:01:07.0730 2728 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 11:01:07.0730 2728 mshidkmdf - ok 11:01:07.0740 2728 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 11:01:07.0740 2728 msisadrv - ok 11:01:07.0770 2728 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 11:01:07.0770 2728 MSiSCSI - ok 11:01:07.0770 2728 msiserver - ok 11:01:07.0800 2728 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 11:01:07.0800 2728 MSKSSRV - ok 11:01:07.0800 2728 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 11:01:07.0810 2728 MSPCLOCK - ok 11:01:07.0820 2728 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 11:01:07.0820 2728 MSPQM - ok 11:01:07.0840 2728 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 11:01:07.0840 2728 MsRPC - ok 11:01:07.0850 2728 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 11:01:07.0850 2728 mssmbios - ok 11:01:07.0860 2728 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 11:01:07.0860 2728 MSTEE - ok 11:01:07.0870 2728 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 11:01:07.0870 2728 MTConfig - ok 11:01:07.0870 2728 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 11:01:07.0870 2728 Mup - ok 11:01:07.0900 2728 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 11:01:07.0900 2728 napagent - ok 11:01:07.0930 2728 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 11:01:07.0930 2728 NativeWifiP - ok 11:01:07.0980 2728 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys 11:01:07.0980 2728 NDIS - ok 11:01:08.0000 2728 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 11:01:08.0000 2728 NdisCap - ok 11:01:08.0020 2728 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 11:01:08.0020 2728 NdisTapi - ok 11:01:08.0020 2728 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 11:01:08.0020 2728 Ndisuio - ok 11:01:08.0030 2728 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 11:01:08.0040 2728 NdisWan - ok 11:01:08.0050 2728 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 11:01:08.0050 2728 NDProxy - ok 11:01:08.0070 2728 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 11:01:08.0070 2728 NetBIOS - ok 11:01:08.0080 2728 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 11:01:08.0080 2728 NetBT - ok 11:01:08.0100 2728 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 11:01:08.0100 2728 Netlogon - ok 11:01:08.0130 2728 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 11:01:08.0130 2728 Netman - ok 11:01:08.0140 2728 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 11:01:08.0140 2728 netprofm - ok 11:01:08.0160 2728 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:01:08.0160 2728 NetTcpPortSharing - ok 11:01:08.0320 2728 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys 11:01:08.0350 2728 NETwNs64 - ok 11:01:08.0380 2728 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 11:01:08.0380 2728 nfrd960 - ok 11:01:08.0400 2728 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 11:01:08.0400 2728 NlaSvc - ok 11:01:08.0410 2728 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 11:01:08.0410 2728 Npfs - ok 11:01:08.0420 2728 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 11:01:08.0420 2728 nsi - ok 11:01:08.0450 2728 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 11:01:08.0450 2728 nsiproxy - ok 11:01:08.0490 2728 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 11:01:08.0500 2728 Ntfs - ok 11:01:08.0510 2728 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 11:01:08.0510 2728 Null - ok 11:01:08.0520 2728 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 11:01:08.0520 2728 nvraid - ok 11:01:08.0540 2728 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 11:01:08.0540 2728 nvstor - ok 11:01:08.0550 2728 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 11:01:08.0550 2728 nv_agp - ok 11:01:08.0550 2728 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 11:01:08.0560 2728 ohci1394 - ok 11:01:08.0570 2728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 11:01:08.0580 2728 p2pimsvc - ok 11:01:08.0590 2728 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 11:01:08.0590 2728 p2psvc - ok 11:01:08.0600 2728 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 11:01:08.0600 2728 Parport - ok 11:01:08.0610 2728 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys 11:01:08.0610 2728 partmgr - ok 11:01:08.0630 2728 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 11:01:08.0630 2728 PcaSvc - ok 11:01:08.0640 2728 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 11:01:08.0640 2728 pci - ok 11:01:08.0650 2728 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 11:01:08.0660 2728 pciide - ok 11:01:08.0660 2728 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 11:01:08.0660 2728 pcmcia - ok 11:01:08.0680 2728 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 11:01:08.0680 2728 pcw - ok 11:01:08.0700 2728 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 11:01:08.0700 2728 PEAUTH - ok 11:01:08.0740 2728 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 11:01:08.0740 2728 PeerDistSvc - ok 11:01:08.0800 2728 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 11:01:08.0810 2728 PerfHost - ok 11:01:08.0850 2728 [ 52C9F4359AF4A25969B882AECC6F3BDA ] PHCORE C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS 11:01:08.0850 2728 PHCORE - ok 11:01:08.0900 2728 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 11:01:08.0920 2728 pla - ok 11:01:08.0980 2728 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 11:01:08.0980 2728 PlugPlay - ok 11:01:09.0000 2728 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 11:01:09.0000 2728 PNRPAutoReg - ok 11:01:09.0020 2728 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 11:01:09.0030 2728 PNRPsvc - ok 11:01:09.0060 2728 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 11:01:09.0060 2728 PolicyAgent - ok 11:01:09.0100 2728 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll 11:01:09.0100 2728 Power - ok 11:01:09.0120 2728 [ 0BF1D6B41E4D4376BE4E4FA31D1A88C0 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE 11:01:09.0120 2728 Power Manager DBC Service - ok 11:01:09.0140 2728 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 11:01:09.0140 2728 PptpMiniport - ok 11:01:09.0170 2728 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 11:01:09.0170 2728 Processor - ok 11:01:09.0190 2728 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 11:01:09.0190 2728 ProfSvc - ok 11:01:09.0200 2728 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 11:01:09.0200 2728 ProtectedStorage - ok 11:01:09.0220 2728 [ B8035AF9CC0CCBA9A09AC0A0D9801797 ] psadd C:\Windows\system32\DRIVERS\psadd.sys 11:01:09.0220 2728 psadd - ok 11:01:09.0250 2728 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 11:01:09.0250 2728 Psched - ok 11:01:09.0280 2728 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 11:01:09.0280 2728 PSI_SVC_2 - ok 11:01:09.0300 2728 [ D20BF8B293EB90E3C4ED2F38B51948A1 ] PwmEWSvc C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE 11:01:09.0300 2728 PwmEWSvc - ok 11:01:09.0330 2728 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 11:01:09.0340 2728 ql2300 - ok 11:01:09.0350 2728 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 11:01:09.0350 2728 ql40xx - ok 11:01:09.0360 2728 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 11:01:09.0370 2728 QWAVE - ok 11:01:09.0370 2728 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 11:01:09.0370 2728 QWAVEdrv - ok 11:01:09.0380 2728 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 11:01:09.0380 2728 RasAcd - ok 11:01:09.0400 2728 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 11:01:09.0400 2728 RasAgileVpn - ok 11:01:09.0410 2728 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 11:01:09.0410 2728 RasAuto - ok 11:01:09.0430 2728 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 11:01:09.0430 2728 Rasl2tp - ok 11:01:09.0450 2728 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 11:01:09.0450 2728 RasMan - ok 11:01:09.0460 2728 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 11:01:09.0460 2728 RasPppoe - ok 11:01:09.0470 2728 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 11:01:09.0470 2728 RasSstp - ok 11:01:09.0490 2728 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 11:01:09.0490 2728 rdbss - ok 11:01:09.0500 2728 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 11:01:09.0500 2728 rdpbus - ok 11:01:09.0510 2728 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 11:01:09.0510 2728 RDPCDD - ok 11:01:09.0530 2728 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 11:01:09.0530 2728 RDPDR - ok 11:01:09.0550 2728 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 11:01:09.0550 2728 RDPENCDD - ok 11:01:09.0570 2728 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 11:01:09.0570 2728 RDPREFMP - ok 11:01:09.0590 2728 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 11:01:09.0590 2728 RDPWD - ok 11:01:09.0600 2728 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 11:01:09.0610 2728 rdyboost - ok 11:01:09.0650 2728 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 11:01:09.0660 2728 RegSrvc - ok 11:01:09.0700 2728 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 11:01:09.0700 2728 RemoteAccess - ok 11:01:09.0700 2728 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 11:01:09.0710 2728 RemoteRegistry - ok 11:01:09.0730 2728 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 11:01:09.0730 2728 RFCOMM - ok 11:01:09.0740 2728 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 11:01:09.0740 2728 RpcEptMapper - ok 11:01:09.0760 2728 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 11:01:09.0760 2728 RpcLocator - ok 11:01:09.0770 2728 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 11:01:09.0780 2728 RpcSs - ok 11:01:09.0810 2728 [ CA327A84085F68200452E6761F943298 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys 11:01:09.0810 2728 RSPCIESTOR - ok 11:01:09.0830 2728 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 11:01:09.0830 2728 rspndr - ok 11:01:09.0860 2728 [ 5D63CCD46688B775382AA68EF844510C ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 11:01:09.0870 2728 RtkAudioService - ok 11:01:09.0900 2728 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 11:01:09.0900 2728 RTL8167 - ok 11:01:09.0910 2728 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 11:01:09.0920 2728 s3cap - ok 11:01:09.0930 2728 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 11:01:09.0930 2728 SamSs - ok 11:01:09.0930 2728 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 11:01:09.0930 2728 sbp2port - ok 11:01:09.0960 2728 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 11:01:09.0960 2728 SCardSvr - ok 11:01:09.0960 2728 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 11:01:09.0960 2728 scfilter - ok 11:01:09.0990 2728 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 11:01:10.0000 2728 Schedule - ok 11:01:10.0020 2728 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 11:01:10.0020 2728 SCPolicySvc - ok 11:01:10.0030 2728 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 11:01:10.0030 2728 SDRSVC - ok 11:01:10.0050 2728 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 11:01:10.0050 2728 secdrv - ok 11:01:10.0060 2728 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 11:01:10.0060 2728 seclogon - ok 11:01:10.0070 2728 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 11:01:10.0070 2728 SENS - ok 11:01:10.0080 2728 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 11:01:10.0080 2728 SensrSvc - ok 11:01:10.0090 2728 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 11:01:10.0090 2728 Serenum - ok 11:01:10.0100 2728 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 11:01:10.0100 2728 Serial - ok 11:01:10.0120 2728 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 11:01:10.0120 2728 sermouse - ok 11:01:10.0150 2728 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 11:01:10.0150 2728 SessionEnv - ok 11:01:10.0150 2728 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 11:01:10.0150 2728 sffdisk - ok 11:01:10.0160 2728 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 11:01:10.0160 2728 sffp_mmc - ok 11:01:10.0160 2728 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 11:01:10.0160 2728 sffp_sd - ok 11:01:10.0160 2728 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 11:01:10.0170 2728 sfloppy - ok 11:01:10.0190 2728 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 11:01:10.0190 2728 SharedAccess - ok 11:01:10.0200 2728 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 11:01:10.0210 2728 ShellHWDetection - ok 11:01:10.0260 2728 [ E404D81FEE72B22F51BF806DA999B9FF ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys 11:01:10.0260 2728 Shockprf - ok 11:01:10.0270 2728 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 11:01:10.0270 2728 SiSRaid2 - ok 11:01:10.0270 2728 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 11:01:10.0270 2728 SiSRaid4 - ok 11:01:10.0420 2728 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 11:01:10.0430 2728 Skype C2C Service - ok 11:01:10.0490 2728 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 11:01:10.0500 2728 SkypeUpdate - ok 11:01:10.0500 2728 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 11:01:10.0510 2728 Smb - ok 11:01:10.0540 2728 [ C5B1A19B14F19B08AE72FCB20A3075B6 ] smihlp C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys 11:01:10.0540 2728 smihlp - ok 11:01:10.0590 2728 [ 001901F10423616CA0D4AECDCCE8B855 ] snapman380 C:\Windows\system32\DRIVERS\snman380.sys 11:01:10.0590 2728 snapman380 - ok 11:01:10.0610 2728 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 11:01:10.0610 2728 SNMPTRAP - ok 11:01:10.0620 2728 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 11:01:10.0620 2728 spldr - ok 11:01:10.0640 2728 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 11:01:10.0650 2728 Spooler - ok 11:01:10.0700 2728 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 11:01:10.0720 2728 sppsvc - ok 11:01:10.0730 2728 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 11:01:10.0730 2728 sppuinotify - ok 11:01:10.0750 2728 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 11:01:10.0760 2728 srv - ok 11:01:10.0790 2728 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 11:01:10.0790 2728 srv2 - ok 11:01:10.0800 2728 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 11:01:10.0800 2728 srvnet - ok 11:01:10.0820 2728 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 11:01:10.0820 2728 SSDPSRV - ok 11:01:10.0830 2728 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 11:01:10.0830 2728 SstpSvc - ok 11:01:10.0850 2728 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 11:01:10.0850 2728 stexstor - ok 11:01:10.0880 2728 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 11:01:10.0890 2728 stisvc - ok 11:01:10.0900 2728 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 11:01:10.0900 2728 storflt - ok 11:01:10.0920 2728 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 11:01:10.0920 2728 StorSvc - ok 11:01:10.0930 2728 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 11:01:10.0930 2728 storvsc - ok 11:01:11.0000 2728 [ 6EA2F517373771CAC5188E82617C9C0B ] SUService C:\Program Files (x86)\Lenovo\System Update\SUService.exe 11:01:11.0000 2728 SUService - ok 11:01:11.0020 2728 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 11:01:11.0020 2728 swenum - ok 11:01:11.0040 2728 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 11:01:11.0050 2728 swprv - ok 11:01:11.0100 2728 [ FFDD13B42D4B106AC9FAFBB0E1F7FAA5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 11:01:11.0120 2728 SynTP - ok 11:01:11.0170 2728 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 11:01:11.0180 2728 SysMain - ok 11:01:11.0220 2728 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 11:01:11.0220 2728 TabletInputService - ok 11:01:11.0240 2728 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 11:01:11.0250 2728 TapiSrv - ok 11:01:11.0260 2728 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 11:01:11.0260 2728 TBS - ok 11:01:11.0340 2728 [ FC62769E7BFF2896035AEED399108162 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 11:01:11.0360 2728 Tcpip - ok 11:01:11.0430 2728 [ FC62769E7BFF2896035AEED399108162 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 11:01:11.0450 2728 TCPIP6 - ok 11:01:11.0490 2728 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 11:01:11.0490 2728 tcpipreg - ok 11:01:11.0500 2728 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 11:01:11.0500 2728 TDPIPE - ok 11:01:11.0550 2728 [ D9762122F529646563AF0B3B30918296 ] tdrpman140 C:\Windows\system32\DRIVERS\tdrpm140.sys 11:01:11.0560 2728 tdrpman140 - ok 11:01:11.0580 2728 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 11:01:11.0580 2728 TDTCP - ok 11:01:11.0600 2728 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 11:01:11.0600 2728 tdx - ok 11:01:11.0610 2728 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 11:01:11.0610 2728 TermDD - ok 11:01:11.0640 2728 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 11:01:11.0640 2728 TermService - ok 11:01:11.0680 2728 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 11:01:11.0680 2728 Themes - ok 11:01:11.0690 2728 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 11:01:11.0690 2728 THREADORDER - ok 11:01:11.0700 2728 [ 156EF5E1164BBA862EEE84400C7BA034 ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys 11:01:11.0700 2728 tifsfilter - ok 11:01:11.0720 2728 [ 8A474022C0465797B13A4EA7535D4C5B ] timounter C:\Windows\system32\DRIVERS\timntr.sys 11:01:11.0730 2728 timounter - ok 11:01:11.0760 2728 [ 92B8DE0C00A2D21A4A2D43FC5F908575 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys 11:01:11.0760 2728 TPDIGIMN - ok 11:01:11.0790 2728 [ 9DCB5AF2BCB68A087C6231FE086A47D6 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe 11:01:11.0790 2728 TPHDEXLGSVC - ok 11:01:11.0830 2728 [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe 11:01:11.0830 2728 TPHKLOAD - ok 11:01:11.0840 2728 [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe 11:01:11.0840 2728 TPHKSVC - ok 11:01:11.0870 2728 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys 11:01:11.0870 2728 TPM - ok 11:01:11.0890 2728 [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys 11:01:11.0890 2728 TPPWRIF - ok 11:01:11.0910 2728 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 11:01:11.0910 2728 TrkWks - ok 11:01:11.0950 2728 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 11:01:11.0950 2728 TrustedInstaller - ok 11:01:11.0970 2728 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 11:01:11.0980 2728 tssecsrv - ok 11:01:11.0990 2728 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 11:01:11.0990 2728 TsUsbFlt - ok 11:01:11.0990 2728 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 11:01:12.0000 2728 TsUsbGD - ok 11:01:12.0020 2728 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 11:01:12.0020 2728 tunnel - ok 11:01:12.0030 2728 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 11:01:12.0030 2728 uagp35 - ok 11:01:12.0050 2728 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 11:01:12.0050 2728 udfs - ok 11:01:12.0060 2728 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 11:01:12.0060 2728 UI0Detect - ok 11:01:12.0110 2728 [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 11:01:12.0110 2728 UleadBurningHelper - ok 11:01:12.0130 2728 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 11:01:12.0130 2728 uliagpkx - ok 11:01:12.0150 2728 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 11:01:12.0150 2728 umbus - ok 11:01:12.0160 2728 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 11:01:12.0160 2728 UmPass - ok 11:01:12.0180 2728 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 11:01:12.0180 2728 UmRdpService - ok 11:01:12.0280 2728 [ E91F8AFBD7FB96C94B266579D6BFA77A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 11:01:12.0290 2728 UNS - ok 11:01:12.0320 2728 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 11:01:12.0320 2728 upnphost - ok 11:01:12.0380 2728 [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe 11:01:12.0390 2728 UPnPService - ok 11:01:12.0410 2728 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 11:01:12.0420 2728 usbccgp - ok 11:01:12.0430 2728 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 11:01:12.0430 2728 usbcir - ok 11:01:12.0440 2728 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 11:01:12.0440 2728 usbehci - ok 11:01:12.0480 2728 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 11:01:12.0480 2728 usbhub - ok 11:01:12.0500 2728 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 11:01:12.0500 2728 usbohci - ok 11:01:12.0520 2728 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 11:01:12.0520 2728 usbprint - ok 11:01:12.0540 2728 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:01:12.0550 2728 USBSTOR - ok 11:01:12.0550 2728 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 11:01:12.0550 2728 usbuhci - ok 11:01:12.0570 2728 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 11:01:12.0570 2728 usbvideo - ok 11:01:12.0590 2728 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 11:01:12.0590 2728 UxSms - ok 11:01:12.0600 2728 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 11:01:12.0600 2728 VaultSvc - ok 11:01:12.0610 2728 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 11:01:12.0610 2728 vdrvroot - ok 11:01:12.0630 2728 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 11:01:12.0640 2728 vds - ok 11:01:12.0650 2728 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 11:01:12.0650 2728 vga - ok 11:01:12.0680 2728 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 11:01:12.0680 2728 VgaSave - ok 11:01:12.0690 2728 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 11:01:12.0690 2728 vhdmp - ok 11:01:12.0690 2728 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 11:01:12.0690 2728 viaide - ok 11:01:12.0710 2728 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 11:01:12.0710 2728 vmbus - ok 11:01:12.0720 2728 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 11:01:12.0720 2728 VMBusHID - ok 11:01:12.0730 2728 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 11:01:12.0730 2728 volmgr - ok 11:01:12.0750 2728 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 11:01:12.0750 2728 volmgrx - ok 11:01:12.0760 2728 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 11:01:12.0760 2728 volsnap - ok 11:01:12.0790 2728 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 11:01:12.0790 2728 vsmraid - ok 11:01:12.0820 2728 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 11:01:12.0830 2728 VSS - ok 11:01:12.0840 2728 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 11:01:12.0850 2728 vwifibus - ok 11:01:12.0850 2728 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 11:01:12.0850 2728 vwififlt - ok 11:01:12.0870 2728 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 11:01:12.0870 2728 W32Time - ok 11:01:12.0880 2728 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 11:01:12.0880 2728 WacomPen - ok 11:01:12.0900 2728 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 11:01:12.0900 2728 WANARP - ok 11:01:12.0900 2728 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 11:01:12.0900 2728 Wanarpv6 - ok 11:01:12.0970 2728 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 11:01:12.0980 2728 WatAdminSvc - ok 11:01:13.0030 2728 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 11:01:13.0030 2728 wbengine - ok 11:01:13.0060 2728 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 11:01:13.0060 2728 WbioSrvc - ok 11:01:13.0080 2728 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 11:01:13.0080 2728 wcncsvc - ok 11:01:13.0090 2728 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 11:01:13.0090 2728 WcsPlugInService - ok 11:01:13.0100 2728 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 11:01:13.0100 2728 Wd - ok 11:01:13.0120 2728 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 11:01:13.0120 2728 Wdf01000 - ok 11:01:13.0130 2728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 11:01:13.0130 2728 WdiServiceHost - ok 11:01:13.0140 2728 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 11:01:13.0140 2728 WdiSystemHost - ok 11:01:13.0150 2728 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 11:01:13.0150 2728 WebClient - ok 11:01:13.0170 2728 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 11:01:13.0170 2728 Wecsvc - ok 11:01:13.0180 2728 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 11:01:13.0180 2728 wercplsupport - ok 11:01:13.0200 2728 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 11:01:13.0200 2728 WerSvc - ok 11:01:13.0210 2728 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 11:01:13.0210 2728 WfpLwf - ok 11:01:13.0220 2728 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 11:01:13.0220 2728 WIMMount - ok 11:01:13.0240 2728 WinDefend - ok 11:01:13.0240 2728 WinHttpAutoProxySvc - ok 11:01:13.0280 2728 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 11:01:13.0290 2728 Winmgmt - ok 11:01:13.0350 2728 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 11:01:13.0360 2728 WinRM - ok 11:01:13.0390 2728 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys 11:01:13.0390 2728 WinUsb - ok 11:01:13.0410 2728 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 11:01:13.0420 2728 Wlansvc - ok 11:01:13.0440 2728 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 11:01:13.0440 2728 wlcrasvc - ok 11:01:13.0520 2728 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:01:13.0540 2728 wlidsvc - ok 11:01:13.0570 2728 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 11:01:13.0570 2728 WmiAcpi - ok 11:01:13.0590 2728 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 11:01:13.0590 2728 wmiApSrv - ok 11:01:13.0620 2728 WMPNetworkSvc - ok 11:01:13.0640 2728 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 11:01:13.0650 2728 WPCSvc - ok 11:01:13.0660 2728 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 11:01:13.0660 2728 WPDBusEnum - ok 11:01:13.0680 2728 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 11:01:13.0680 2728 ws2ifsl - ok 11:01:13.0690 2728 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 11:01:13.0700 2728 wscsvc - ok 11:01:13.0700 2728 WSearch - ok 11:01:13.0780 2728 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 11:01:13.0800 2728 wuauserv - ok 11:01:13.0810 2728 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 11:01:13.0810 2728 WudfPf - ok 11:01:13.0820 2728 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 11:01:13.0820 2728 WUDFRd - ok 11:01:13.0830 2728 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 11:01:13.0830 2728 wudfsvc - ok 11:01:13.0850 2728 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 11:01:13.0850 2728 WwanSvc - ok 11:01:13.0870 2728 ================ Scan global =============================== 11:01:13.0880 2728 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 11:01:13.0900 2728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 11:01:13.0910 2728 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 11:01:13.0930 2728 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 11:01:13.0950 2728 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 11:01:13.0950 2728 [Global] - ok 11:01:13.0950 2728 ================ Scan MBR ================================== 11:01:13.0960 2728 [ 3C83718EDA6F2BC4CC0E8B0F1C0200A1 ] \Device\Harddisk0\DR0 11:01:14.0330 2728 \Device\Harddisk0\DR0 - ok 11:01:14.0330 2728 ================ Scan VBR ================================== 11:01:14.0350 2728 [ B81F8FB15778141CB83C4972119A39C2 ] \Device\Harddisk0\DR0\Partition1 11:01:14.0360 2728 \Device\Harddisk0\DR0\Partition1 - ok 11:01:14.0370 2728 [ FD2E862C5774DD0AA8464B77B48F9939 ] \Device\Harddisk0\DR0\Partition2 11:01:14.0380 2728 \Device\Harddisk0\DR0\Partition2 - ok 11:01:14.0400 2728 [ BAC542FD64C411BEE6F661425DCCAACB ] \Device\Harddisk0\DR0\Partition3 11:01:14.0400 2728 \Device\Harddisk0\DR0\Partition3 - ok 11:01:14.0420 2728 [ DBE37500E7C1E15074AD66991035B807 ] \Device\Harddisk0\DR0\Partition4 11:01:14.0430 2728 \Device\Harddisk0\DR0\Partition4 - ok 11:01:14.0460 2728 [ DA9FD0755BBFFF57B784CB07FAB4D986 ] \Device\Harddisk0\DR0\Partition5 11:01:14.0470 2728 \Device\Harddisk0\DR0\Partition5 - ok 11:01:14.0470 2728 ============================================================ 11:01:14.0470 2728 Scan finished 11:01:14.0470 2728 ============================================================ 11:01:14.0490 8324 Detected object count: 0 11:01:14.0490 8324 Actual detected object count: 0 11:01:19.0680 7536 Deinitialize success Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-09-20 11:02:12 ----------------------------- 11:02:12.790 OS Version: Windows x64 6.1.7601 Service Pack 1 11:02:12.790 Number of processors: 4 586 0x2A07 11:02:12.790 ComputerName: CORNELIA-THINK UserName: Cornelia 11:02:15.420 Initialize success 11:13:11.620 AVAST engine defs: 12092000 11:22:25.176 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 11:22:25.176 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3 11:22:25.196 Disk 0 MBR read successfully 11:22:25.196 Disk 0 MBR scan 11:22:25.226 Disk 0 unknown MBR code 11:22:25.246 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1500 MB offset 2048 11:22:25.266 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 100000 MB offset 3074048 11:22:25.276 Disk 0 Partition - 00 0F Extended LBA 363438 MB offset 207874048 11:22:25.306 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12000 MB offset 952195072 11:22:25.356 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 25000 MB offset 207876096 11:22:25.366 Disk 0 Partition - 00 05 Extended 338437 MB offset 259076096 11:22:25.386 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 338436 MB offset 259078144 11:22:25.426 Disk 0 scanning C:\Windows\system32\drivers 11:22:34.586 Service scanning 11:22:54.326 Modules scanning 11:22:54.326 Disk 0 trace - called modules: 11:22:54.376 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 11:22:54.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006d34060] 11:22:54.386 3 CLASSPNP.SYS[fffff8800155343f] -> nt!IofCallDriver -> [0xfffffa80044b4e40] 11:22:54.386 5 ACPI.sys[fffff88000d557a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044b3050] 11:22:57.186 AVAST engine scan C:\Windows 11:23:00.156 AVAST engine scan C:\Windows\system32 11:26:30.036 AVAST engine scan C:\Windows\system32\drivers 11:26:44.796 AVAST engine scan C:\Users\Cornelia 11:30:26.647 File: C:\Users\Cornelia\AppData\Local\Temp\{E667ADF4-0048-6307-81EC-486A3D848F02}\Addons\bcool_extension.exe **INFECTED** Win32:BHO-AFC [Adw] 11:30:33.697 File: C:\Users\Cornelia\AppData\Roaming\9DAD.tmp **INFECTED** Win32:Malware-gen 11:32:49.007 AVAST engine scan C:\ProgramData 11:36:14.298 Scan finished successfully 11:38:49.649 Disk 0 MBR has been saved successfully to "C:\Users\Cornelia\Desktop\MBR.dat" 11:38:49.649 The log file has been saved successfully to "C:\Users\Cornelia\Desktop\aswMBR.txt" |
21.09.2012, 06:30 | #6 | |
/// Malwareteam | WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte |
24.09.2012, 06:33 | #7 |
| WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Hallo! Hier kommt endlich die Logdatei von Combofix. :-) Code:
ATTFilter ComboFix 12-09-23.03 - Cornelia 24.09.2012 0:57.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3936.2510 [GMT -4:00] ausgeführt von:: c:\users\Cornelia\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk c:\programdata\Roaming c:\users\Cornelia\AppData\Roaming\107D.exe c:\users\Cornelia\AppData\Roaming\28C.tmp c:\users\Cornelia\AppData\Roaming\2DEE.exe c:\users\Cornelia\AppData\Roaming\3956.exe c:\users\Cornelia\AppData\Roaming\64F3.exe c:\users\Cornelia\AppData\Roaming\70A5.exe c:\users\Cornelia\AppData\Roaming\930E.exe c:\users\Cornelia\AppData\Roaming\BF05.exe c:\users\Cornelia\AppData\Roaming\C8F.exe c:\users\Cornelia\AppData\Roaming\CD23.tmp c:\users\Cornelia\AppData\Roaming\F48.exe c:\users\Cornelia\AppData\Roaming\Tlrsrl.exe c:\windows\SysWow64\DEBUG.log Q:\AUTORUN.INF . . ((((((((((((((((((((((( Dateien erstellt von 2012-08-24 bis 2012-09-24 )))))))))))))))))))))))))))))) . . 2012-09-24 05:20 . 2012-09-24 05:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-02 16:54 . 2012-09-02 16:54 -------- d-----w- c:\users\Cornelia\AppData\Local\Facebook 2012-08-28 22:55 . 2012-08-28 22:55 -------- d-----w- c:\users\Cornelia\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-21 15:58 . 2012-07-15 17:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A68C79FF-DBD5-4DF6-991B-676BE8A493BF}\offreg.dll 2012-08-28 22:52 . 2012-04-09 14:09 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-28 22:52 . 2012-01-22 20:24 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-06 15:07 . 2012-07-06 15:07 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-06 15:07 . 2012-01-21 15:20 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120] "ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2012-01-21 127040] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544] "Facebook Update"="c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-02 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-03 4378000] "AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-03 962480] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-3 1202976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-01 426536] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-27 39464] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-08-31 31344] S0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\DRIVERS\tdrpm140.sys [2012-01-22 1580576] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-09 23664] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-05-18 199272] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-09-21 164992] S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-08-31 478056] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 37898999 *NewlyCreated* - 69128825 *NewlyCreated* - ASWMBR *Deregistered* - 37898999 *Deregistered* - 69128825 *Deregistered* - aswMBR . Inhalt des "geplante Tasks" Ordners . 2012-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job - c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-02 16:54] . 2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job - c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-02 16:54] . 2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 04:35] . 2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 04:35] . 2012-09-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . 2012-09-23 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TpShocks"="TpShocks.exe" [2010-12-09 380776] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-11 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-11 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-11 416024] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808] "ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-03 165144] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://gmusicaonline.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube Download - c:\users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4 FF - ProfilePath - c:\users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.cugr.de/|hxxp://www.google.de/|hxxp://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=942b238f000000000000081196ea00a0&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe Wow6432Node-HKCU-Run-Tlrsrl - c:\users\Cornelia\AppData\Roaming\Tlrsrl.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-09-24 02:21:03 ComboFix-quarantined-files.txt 2012-09-24 06:20 . Vor Suchlauf: 11 Verzeichnis(se), 58.147.663.872 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 58.576.560.128 Bytes frei . - - End Of File - - 3257EACC773EE249BA181F9BE0896605 |
24.09.2012, 06:44 | #8 |
/// Malwareteam | WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Schritt 1: CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter FF - ProfilePath - c:\users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=942b238f000000000000081196ea00a0&q= Wichtig:
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
24.09.2012, 19:57 | #9 |
| WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Hallo! Hier kommen die ComboFix.txt Code:
ATTFilter ComboFix 12-09-24.01 - Cornelia 24.09.2012 12:41:48.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3936.2521 [GMT -4:00] ausgeführt von:: c:\users\Cornelia\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Cornelia\Desktop\CFScript.txt AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2012-08-24 bis 2012-09-24 )))))))))))))))))))))))))))))) . . 2012-09-24 16:56 . 2012-09-24 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-02 16:54 . 2012-09-02 16:54 -------- d-----w- c:\users\Cornelia\AppData\Local\Facebook 2012-08-28 22:55 . 2012-08-28 22:55 -------- d-----w- c:\users\Cornelia\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-21 15:58 . 2012-07-15 17:49 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A68C79FF-DBD5-4DF6-991B-676BE8A493BF}\offreg.dll 2012-08-28 22:52 . 2012-04-09 14:09 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-28 22:52 . 2012-01-22 20:24 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-06 15:07 . 2012-07-06 15:07 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-06 15:07 . 2012-01-21 15:20 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120] "ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2012-01-21 127040] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544] "Facebook Update"="c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-02 138096] "RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544] "Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-03 4378000] "AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-03 962480] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-3 1202976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176] R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-01 426536] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-27 39464] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-08-31 31344] S0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\DRIVERS\tdrpm140.sys [2012-01-22 1580576] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-09 23664] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224] S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-05-18 199272] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840] S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-09-21 164992] S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-08-31 478056] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] . . Inhalt des "geplante Tasks" Ordners . 2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job - c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-02 16:54] . 2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job - c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-02 16:54] . 2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 04:35] . 2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 04:35] . 2012-09-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . 2012-09-24 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "TpShocks"="TpShocks.exe" [2010-12-09 380776] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-11 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-11 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-11 416024] "LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808] "ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-03 165144] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://gmusicaonline.com uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Free YouTube Download - c:\users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4 FF - ProfilePath - c:\users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.cugr.de/|hxxp://www.google.de/|hxxp://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=942b238f000000000000081196ea00a0&q= . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-09-24 13:43:45 ComboFix-quarantined-files.txt 2012-09-24 17:43 ComboFix2.txt 2012-09-24 06:21 . Vor Suchlauf: 14 Verzeichnis(se), 58.489.012.224 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 58.455.879.680 Bytes frei . - - End Of File - - 0B58D8DB9FAB1DA97BA6F14B5BD91C5F Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.24.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Cornelia :: CORNELIA-THINK [Administrator] Schutz: Aktiviert 24.09.2012 15:49:24 mbam-log-2012-09-24 (15-49-24).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202034 Laufzeit: 2 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Geändert von Conny_1808 (24.09.2012 um 20:14 Uhr) |
25.09.2012, 09:52 | #10 |
/// Malwareteam | WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Scan mit adwcleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
25.09.2012, 16:06 | #11 |
| WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Hier die txt von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.003 - Datei am 09/25/2012 um 12:03:57 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Cornelia - CORNELIA-THINK # Bootmodus : Normal # Ausgeführt unter : C:\Users\Cornelia\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Ordner Gefunden : C:\ProgramData\Babylon Ordner Gefunden : C:\ProgramData\InstallMate Ordner Gefunden : C:\ProgramData\Partner Ordner Gefunden : C:\ProgramData\Premium Ordner Gefunden : C:\Users\Cornelia\AppData\Local\Babylon Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Babylon Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\Conduit Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\ConduitEngine Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\CT2319825 Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\engine@conduit.com ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Conduit Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\Software\BabylonToolbar Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKU\S-1-5-21-2381052501-1893717735-1428292057-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v15.0 (de) Profilname : default Datei : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\prefs.js Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Gefunden : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)"); Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true); Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112454&tt=06061[...] Gefunden : user_pref("extensions.enabledAddons", "engine@conduit.com:3.3.3.2,{5384767E-00D9-40E9-B72F-9CC39D655[...] Gefunden : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=9[...] -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Preferences Gefunden [l.8] : homepage = "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0", Gefunden [l.1170] : homepage = "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0", ************************* AdwCleaner[R1].txt - [3435 octets] - [25/09/2012 12:03:57] ########## EOF - C:\AdwCleaner[R1].txt - [3495 octets] ########## |
26.09.2012, 06:31 | #12 |
/// Malwareteam | WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Schritt 1: Fix mit adwcleaner
Schritt 2: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
27.09.2012, 04:48 | #13 |
| WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Guten Morgen! Hier die File von AdwCleaner: Code:
ATTFilter # AdwCleaner v2.003 - Datei am 09/27/2012 um 00:30:56 erstellt # Aktualisiert am 23/09/2012 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Cornelia - CORNELIA-THINK # Bootmodus : Normal # Ausgeführt unter : C:\Users\Cornelia\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\ProgramData\InstallMate Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\ProgramData\Premium Ordner Gelöscht : C:\Users\Cornelia\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\Conduit Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\ConduitEngine Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\CT2319825 Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\engine@conduit.com ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\Software\BabylonToolbar Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] -\\ Mozilla Firefox v15.0 (de) Profilname : default Datei : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\prefs.js Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)"); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true); Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112454&tt=06061[...] Gelöscht : user_pref("extensions.enabledAddons", "engine@conduit.com:3.3.3.2,{5384767E-00D9-40E9-B72F-9CC39D655[...] Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=9[...] -\\ Google Chrome v [Version kann nicht ermittelt werden] Datei : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.8] : homepage = "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0", Gelöscht [l.1170] : homepage = "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0", ************************* AdwCleaner[R1].txt - [3562 octets] - [25/09/2012 12:03:57] AdwCleaner[S1].txt - [3992 octets] - [27/09/2012 00:30:56] ########## EOF - C:\AdwCleaner[S1].txt - [4052 octets] ########## Nr 1 - OTL.txt: Code:
ATTFilter OTL logfile created on: 27.09.2012 00:38:10 - Run 2 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Cornelia\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,47% Memory free 7,69 Gb Paging File | 5,47 Gb Available in Paging File | 71,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 53,17 Gb Free Space | 54,45% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 14,83 Gb Free Space | 60,75% Space Free | Partition Type: NTFS Drive M: | 330,50 Gb Total Space | 69,20 Gb Free Space | 20,94% Space Free | Partition Type: NTFS Drive Q: | 11,72 Gb Total Space | 2,26 Gb Free Space | 19,29% Space Free | Partition Type: NTFS Computer Name: CORNELIA-THINK | User Name: Cornelia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Cornelia\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Lenovo\AutoLock\cv210.dll () MOD - C:\Programme\Lenovo\AutoLock\cxcore210.dll () MOD - C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll () MOD - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () MOD - C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll () ========== Services (SafeList) ========== SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.) SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (tdrpman140) -- C:\Windows\SysNative\drivers\tdrpm140.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis) DRV:64bit: - (snapman380) -- C:\Windows\SysNative\drivers\snman380.sys (Acronis) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gmusicaonline.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE467 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.cugr.de/|hxxp://www.google.de/|hxxp://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1 FF - prefs.js..extensions.enabledAddons: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.6 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Cornelia\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 12:14:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 21:33:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 12:14:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.21 11:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Extensions [2012.09.27 00:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions [2012.08.18 10:54:58 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2012.01.22 09:23:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.16 00:48:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.21 18:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default - Kopie\extensions [2012.01.22 09:23:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default - Kopie\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.09.26 15:26:03 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\extensions\finder@meingutscheincode.de.xpi [2011.05.16 17:21:21 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2010.09.10 05:54:17 | 000,002,354 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\searchplugins\ecosia.xml [2012.09.07 12:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.07 12:14:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.07 12:14:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.07 12:14:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.17 21:27:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.28 20:26:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.17 21:27:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.17 21:27:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.17 21:27:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.17 21:27:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Skype Click to Call = C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\ O1 HOSTS File: ([2012.09.24 01:20:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [Facebook Update] C:\Users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [LTT] C:\Programme\PC-Doctor\EnableToolbarW32.exe (PC-Doctor, Inc.) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0880508D-7E36-42E2-83F2-D7A2FE8C6012}: Domain = uni-tuebingen.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0880508D-7E36-42E2-83F2-D7A2FE8C6012}: NameServer = 134.2.200.1,134.2.200.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33E24BAF-9711-4E6E-86CB-541DF48FAB5D}: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.26 19:00:05 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012.09.24 17:06:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.09.24 15:46:25 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Roaming\Malwarebytes [2012.09.24 15:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.24 15:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.24 15:45:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.24 15:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.24 15:44:14 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Cornelia\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.24 13:44:53 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.09.24 12:41:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.24 11:08:39 | 004,756,479 | R--- | C] (Swearware) -- C:\Users\Cornelia\Desktop\ComboFix.exe [2012.09.24 00:56:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.24 00:56:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.24 00:56:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.24 00:56:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.09.23 22:29:28 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\Desktop\GMER [2012.09.22 23:55:05 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\Desktop\VideoMau [2012.09.22 23:44:46 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{C86674A6-0B53-4B76-BA0D-ADF8D80C6B59} [2012.09.22 23:43:57 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{87F9DB20-F009-4130-A46F-C29D3E088D0B} [2012.09.20 10:49:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Cornelia\Desktop\aswMBR.exe [2012.09.20 10:47:47 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cornelia\Desktop\tdsskiller.exe [2012.09.19 21:56:33 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe [2012.09.07 12:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.09.02 12:54:28 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\Facebook [2012.08.30 10:52:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2012.08.30 10:50:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4 [2012.08.29 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{48E1F8FF-1C7B-4A56-9CED-376BB26251A2} [2012.08.28 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{349B95A0-1296-4E8D-A8F8-FDE0E8F47A6B} [2012.08.28 18:55:14 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.09.27 00:40:09 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.27 00:40:09 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.27 00:37:59 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.27 00:37:59 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.27 00:37:59 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.27 00:37:59 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.27 00:37:59 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.27 00:32:51 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.27 00:32:31 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.09.27 00:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.27 00:32:24 | 3095,773,184 | -HS- | M] () -- C:\hiberfil.sys [2012.09.27 00:17:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.26 21:59:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job [2012.09.26 12:59:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job [2012.09.25 12:03:21 | 000,513,501 | ---- | M] () -- C:\Users\Cornelia\Desktop\adwcleaner.exe [2012.09.24 15:45:59 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.24 15:44:57 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Cornelia\Desktop\mbam-setup-1.65.0.1400.exe [2012.09.24 11:10:01 | 004,756,479 | R--- | M] (Swearware) -- C:\Users\Cornelia\Desktop\ComboFix.exe [2012.09.24 01:20:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.09.23 23:09:20 | 014,553,967 | ---- | M] () -- C:\Users\Cornelia\Desktop\AVSUPINF.ZIP [2012.09.23 22:52:02 | 000,131,030 | ---- | M] () -- C:\Users\Cornelia\Desktop\Tlrsrl.zip [2012.09.23 22:43:58 | 000,600,864 | ---- | M] () -- C:\Users\Cornelia\Desktop\avira_support_collector_de.exe [2012.09.23 22:28:33 | 000,294,245 | ---- | M] () -- C:\Users\Cornelia\Desktop\GMER.zip [2012.09.20 11:38:49 | 000,000,512 | ---- | M] () -- C:\Users\Cornelia\Desktop\MBR.dat [2012.09.20 10:50:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Cornelia\Desktop\aswMBR.exe [2012.09.20 10:48:48 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cornelia\Desktop\tdsskiller.exe [2012.09.19 23:03:26 | 000,016,851 | ---- | M] () -- C:\Users\Cornelia\Desktop\Logfiles.zip [2012.09.19 21:56:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe [2012.09.19 21:55:09 | 000,000,000 | ---- | M] () -- C:\Users\Cornelia\defogger_reenable [2012.09.19 21:51:49 | 000,050,477 | ---- | M] () -- C:\Users\Cornelia\Desktop\Defogger.exe [2012.09.19 21:28:36 | 000,775,620 | ---- | M] () -- C:\Users\Cornelia\Desktop\Virenfunde_1.jpg [2012.09.16 13:29:42 | 594,592,768 | ---- | M] () -- C:\Users\Cornelia\Desktop\Raphaels Audiodatei von EK-Projekt-Aufnahmegerät.WAV [2012.09.12 10:36:23 | 000,006,656 | ---- | M] () -- C:\Users\Cornelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.06 13:37:58 | 000,002,133 | ---- | M] () -- C:\Users\Cornelia\.recently-used.xbel [2012.09.03 12:30:07 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.09.03 12:29:58 | 000,361,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.08.30 10:50:58 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.08.28 18:52:39 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.28 18:52:39 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012.09.25 12:03:18 | 000,513,501 | ---- | C] () -- C:\Users\Cornelia\Desktop\adwcleaner.exe [2012.09.24 15:45:59 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.24 00:56:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.24 00:56:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.24 00:56:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.24 00:56:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.24 00:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.23 23:09:20 | 014,553,967 | ---- | C] () -- C:\Users\Cornelia\Desktop\AVSUPINF.ZIP [2012.09.23 22:52:02 | 000,131,030 | ---- | C] () -- C:\Users\Cornelia\Desktop\Tlrsrl.zip [2012.09.23 22:43:55 | 000,600,864 | ---- | C] () -- C:\Users\Cornelia\Desktop\avira_support_collector_de.exe [2012.09.23 22:28:27 | 000,294,245 | ---- | C] () -- C:\Users\Cornelia\Desktop\GMER.zip [2012.09.20 11:38:49 | 000,000,512 | ---- | C] () -- C:\Users\Cornelia\Desktop\MBR.dat [2012.09.19 23:03:26 | 000,016,851 | ---- | C] () -- C:\Users\Cornelia\Desktop\Logfiles.zip [2012.09.19 21:55:09 | 000,000,000 | ---- | C] () -- C:\Users\Cornelia\defogger_reenable [2012.09.19 21:51:49 | 000,050,477 | ---- | C] () -- C:\Users\Cornelia\Desktop\Defogger.exe [2012.09.19 21:28:36 | 000,775,620 | ---- | C] () -- C:\Users\Cornelia\Desktop\Virenfunde_1.jpg [2012.09.16 12:22:38 | 594,592,768 | ---- | C] () -- C:\Users\Cornelia\Desktop\Raphaels Audiodatei von EK-Projekt-Aufnahmegerät.WAV [2012.09.06 13:37:58 | 000,002,133 | ---- | C] () -- C:\Users\Cornelia\.recently-used.xbel [2012.09.02 12:54:32 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job [2012.09.02 12:54:32 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job [2012.08.30 10:50:58 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk [2012.04.11 17:04:58 | 000,000,698 | ---- | C] () -- C:\Users\Cornelia\.ufrawrc [2012.04.10 23:53:03 | 000,006,656 | ---- | C] () -- C:\Users\Cornelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.04 13:50:20 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2012.01.23 13:16:27 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.12.23 08:54:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.12.23 00:24:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.23 00:24:40 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011.12.23 00:24:40 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.12.23 00:24:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.12.23 00:24:40 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll ========== ZeroAccess Check ========== [2009.07.14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.09.2012 00:38:10 - Run 2 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Cornelia\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,84 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,47% Memory free 7,69 Gb Paging File | 5,47 Gb Available in Paging File | 71,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,66 Gb Total Space | 53,17 Gb Free Space | 54,45% Space Free | Partition Type: NTFS Drive D: | 24,41 Gb Total Space | 14,83 Gb Free Space | 60,75% Space Free | Partition Type: NTFS Drive M: | 330,50 Gb Total Space | 69,20 Gb Free Space | 20,94% Space Free | Partition Type: NTFS Drive Q: | 11,72 Gb Total Space | 2,26 Gb Free Space | 19,29% Space Free | Partition Type: NTFS Computer Name: CORNELIA-THINK | User Name: Cornelia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00E457AF-2F86-492D-B585-569D227AE6AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0989B5BE-2250-4F2B-B051-AB8C0539DF47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{116A4885-4D20-4D32-B329-F89EBC08F1B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{121B6EAD-1B87-4869-ACB0-ABAB66C1B1A0}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | "{26733762-646B-4970-95D4-F07EFE2B17AE}" = lport=10243 | protocol=6 | dir=in | app=system | "{42453629-3674-4105-955A-DF54EBE64B32}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{4A04191C-1520-499C-80FD-DE8066A844B4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{65A4C20E-E1A7-400E-A184-0CC824ECD4DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{72B3D077-05AC-491C-8AA0-8DD95E3C04B0}" = rport=10243 | protocol=6 | dir=out | app=system | "{746A8080-3E59-4E10-BC34-9263934A973F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7F704ECD-03F3-4973-8611-60A0EBADF9CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{806A087C-5597-45E0-A1A7-B3C13DAFD199}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{8BC766B9-3A70-4EF4-8B9C-FCADACFCFC3D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8DFBDF3C-A8A6-474A-8500-239E48AFFE6F}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | "{929FBF82-26A6-4DDA-9ACC-6ED89C131FB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9B3F2546-FA21-4618-8D61-332273D0D678}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{AA0AE140-A8BE-4AAF-B056-7E76E3852FF9}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | "{B3B74164-73CD-468A-8E15-866C5686DA9B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B58A5564-140A-4DC5-82C3-0DD946A36139}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{BE744D2E-BFED-4770-8275-DDEC92066000}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C851E316-08E7-458D-93B9-0AC558986FFB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C968CDD9-DD9F-4DEB-8EB7-02EB563F654D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EB35478E-320D-45B4-9DA9-04875B153478}" = lport=2869 | protocol=6 | dir=in | app=system | "{F571D193-031E-4093-9E61-8FA4BB1EB2C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{004D01E0-89DE-4408-8377-C835433BD3DD}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{01CC34D1-8538-4C7F-B4BE-7768B07DA93E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe | "{0C5B4376-EC33-45D8-AB3D-961D8FFF2B67}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{2DD0E60B-2425-47CF-A3B7-AC829B8C5E85}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{320D1B4B-84E0-4BC3-9367-78F486197CF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3380C042-6AE7-4B02-B834-5C45E8166CDD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{3DD6ABDB-94E8-4822-B7F9-2D9E7D22852C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4B482E16-0750-4BE8-AAD1-01AEF24E1276}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{54C2D9E9-3F15-49E6-97BE-7FB5F057F0B5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe | "{73646F3E-E9DF-441A-A750-DD85102841CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8040D42A-0E60-45F4-AFAE-EEBC8B907DAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{87CE04CC-A0EF-4429-90CC-0D0026D7E5EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8D857ACC-8158-4E7B-BE12-7CF8D9BC8F2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8DC75D03-B660-4944-B25E-C21D19859FD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8F755E63-1FE7-4870-B124-824D5BB6CB91}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{92AA014D-E7CA-42FE-8167-D7A856B58AE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{963D32B8-96F9-46AB-B34D-DFFFE768B1C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9F3128F0-D7C8-442C-87F0-486C97F1BD36}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{A1735CFD-45A2-4230-8480-91CAC5CDB967}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{A555D386-9699-4D10-9836-FED03EC8886E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{AFEC3BD9-1C25-46A0-8FD8-B9B52464E418}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B816811E-BA40-42B5-9C9C-EF2862246A43}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{BFDA7A78-0CC7-4124-8DF2-5AED77284E32}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{CC10969E-978B-40D4-A131-5C4B217F6EDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{CF94B830-984F-4861-8D3B-C8C28A5E3D4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D980223B-15A5-481A-8CED-08F0DD940F18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{DF25673C-2B43-474A-9487-B2D667957E7C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E7022AB1-359C-4643-911D-0A330F4398DB}" = protocol=6 | dir=out | app=system | "{FB4256F5-4813-4404-A390-653235935AFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{FC199175-7DC9-422D-97FA-A7912C40EFF7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "TCP Query User{32C48A3C-DD47-4F5E-8846-47DEFEB9FAF2}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | "UDP Query User{00EEAE3F-B337-4473-9466-9FD680AFEBBB}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software "{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290 "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software "{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro "{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock "{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) "95D0E47871170F0763151CFD697BBAB47A5794F7" = Windows-Treiberpaket - Intel (iaStor) hdc (04/26/2011 10.5.0.1026) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (05/19/2011 15.3.8.0) "DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 "Karteikasten .Net_is1" = Karteikasten 2.3.1 "LENOVO.SMIIF" = Lenovo System Interface Driver "LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "OnScreenDisplay" = Anzeige am Bildschirm "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0 "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor "{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4 "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1132 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB3B7C24-30A1-4961-8039-94919F5ED2EE}" = Noiseware Community Edition "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4911E92-A059-4901-8AB3-8638B6D96456}_is1" = Groovedown Version 0.84 "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F2672232-FF17-4DC9-8F24-A1E1829FE086}" = BisonCam Twain Pro "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ahnenblatt_is1" = Ahnenblatt 2.69 "Any Video Converter_is1" = Any Video Converter 3.3.5 "Avira AntiVir Desktop" = Avira Antivirus Premium 2012 "FileZilla Client" = FileZilla Client 3.5.3 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) "Free Studio_is1" = Free Studio version 5.3.3 "Google Chrome" = Google Chrome "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "IrfanView" = IrfanView (remove only) "Lenovo Welcome_is1" = Lenovo Welcome "MAGIX Fotos auf CD & DVD 6.5 D" = MAGIX Fotos auf CD & DVD 6.5 6.5.0.21 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "MediaMonkey_is1" = MediaMonkey 4.0 "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Nvu_is1" = Nvu 1.0 "ProInst" = Intel PROSet Wireless "UFRaw_is1" = UFRaw 0.18 "VLC media player" = VLC media player 1.1.11 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.07.2012 19:58:19 | Computer Name = Cornelia-THINK | Source = PC-Doctor | ID = 1 Description = (23484) Asapi: (19:58:19:5960)(23484) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium Error - 02.07.2012 17:29:56 | Computer Name = Cornelia-THINK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.9.0.123, Zeitstempel: 0x4fce1530 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x1100 Startzeit der fehlerhaften Anwendung: 0x01cd523e94d43855 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 1139b4c4-c48d-11e1-b3cf-047d7b3145ea Error - 03.07.2012 18:10:36 | Computer Name = Cornelia-THINK | Source = PC-Doctor | ID = 1 Description = (25768) Asapi: (18:10:36:0580)(25768) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium Error - 04.07.2012 11:22:50 | Computer Name = Cornelia-THINK | Source = WinMgmt | ID = 10 Description = Error - 05.07.2012 19:52:31 | Computer Name = Cornelia-THINK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.10.0.114, Zeitstempel: 0x4fd0ef26 Name des fehlerhaften Moduls: 5U877.ax, Version: 1.1.0.1132, Zeitstempel: 0x4c9875c5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000374c ID des fehlerhaften Prozesses: 0x1b40 Startzeit der fehlerhaften Anwendung: 0x01cd59f9ee6a7166 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\5U877.ax Berichtskennung: 7bd98108-c6fc-11e1-a976-047d7b3145ea Error - 05.07.2012 20:59:29 | Computer Name = Cornelia-THINK | Source = PC-Doctor | ID = 1 Description = (6876) Asapi: (20:59:29:0050)(6876) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium Error - 09.07.2012 10:51:31 | Computer Name = Cornelia-THINK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.10.0.114, Zeitstempel: 0x4fd0ef26 Name des fehlerhaften Moduls: 5U877.ax, Version: 1.1.0.1132, Zeitstempel: 0x4c9875c5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009297 ID des fehlerhaften Prozesses: 0x24d8 Startzeit der fehlerhaften Anwendung: 0x01cd5b0945d66098 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\5U877.ax Berichtskennung: 9160bf91-c9d5-11e1-a976-047d7b3145ea Error - 10.07.2012 18:26:49 | Computer Name = Cornelia-THINK | Source = WinMgmt | ID = 10 Description = Error - 11.07.2012 21:34:34 | Computer Name = Cornelia-THINK | Source = PC-Doctor | ID = 1 Description = (5628) Asapi: (21:34:34:5730)(5628) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium Error - 15.07.2012 15:13:03 | Computer Name = Cornelia-THINK | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.10.0.115, Zeitstempel: 0x4ff2e373 Name des fehlerhaften Moduls: 5U877.ax, Version: 1.1.0.1132, Zeitstempel: 0x4c9875c5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000373b ID des fehlerhaften Prozesses: 0x186c Startzeit der fehlerhaften Anwendung: 0x01cd5f6fa763ce76 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\5U877.ax Berichtskennung: 1956de29-ceb1-11e1-83a4-047d7b3145ea Error - 15.07.2012 16:00:24 | Computer Name = Cornelia-THINK | Source = PC-Doctor | ID = 1 Description = (15792) Asapi: (16:00:24:0740)(15792) S3LogPusherPlugin.Helper - Error -- 340 Unable to storage the test log to medium [ Lenovo-Message Center Plus/Admin Events ] Error - 31.01.2012 05:53:52 | Computer Name = Cornelia-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Der Remoteserver hat einen Fehler zurückgegeben: (401) Nicht autorisiert. -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (401) Nicht autorisiert. Error - 01.02.2012 19:04:40 | Computer Name = Cornelia-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Der Remoteserver hat einen Fehler zurückgegeben: (401) Nicht autorisiert. -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (401) Nicht autorisiert. Error - 20.09.2012 09:59:28 | Computer Name = Cornelia-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4 Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab does not have a Lenovo Digital Signature. The file will be deleted [ System Events ] Error - 12.08.2012 16:27:20 | Computer Name = Cornelia-THINK | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 16.08.2012 09:58:16 | Computer Name = Cornelia-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error - 17.08.2012 11:44:58 | Computer Name = Cornelia-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 19.08.2012 10:36:01 | Computer Name = Cornelia-THINK | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 19.08.2012 12:13:07 | Computer Name = Cornelia-THINK | Source = Schannel | ID = 36887 Description = Es wurde eine schwerwiegende Warnung empfangen: 80. Error - 21.08.2012 10:04:17 | Computer Name = Cornelia-THINK | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 23.08.2012 23:38:33 | Computer Name = Cornelia-THINK | Source = NetBT | ID = 4321 Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.104 registriert werden. Der Computer mit IP-Adresse 192.168.0.107 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 24.08.2012 10:42:43 | Computer Name = Cornelia-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst eventlog erreicht. Error - 26.08.2012 10:46:01 | Computer Name = Cornelia-THINK | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error - 29.08.2012 16:39:09 | Computer Name = Cornelia-THINK | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?29.?08.?2012 um 16:36:15 unerwartet heruntergefahren. < End of report > |
27.09.2012, 11:56 | #14 |
/// Malwareteam | WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Macht dein Rechner noch Probleme?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
27.09.2012, 12:50 | #15 |
| WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte Hallo! Nein, es sieht gut aus. Er öffnet keine komischen Programme mehr beim Hochfahren und im Verzeichnis AppData\Roaming ist auch nichts mehr zu sehen. Ebenso findet auch mein Avira AntiVirus absolut nichts mehr. VIELEN DANK schon mal! Allerdings hab ich mich natürlich noch nicht getraut, die externe Festplatte wieder anzuschließen. ;-) Grüße!!! |
Themen zu WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte |
antivirus, avg, avira, bho, computer, converter, fehlermeldung, festplatte, firefox, google, home, internet, lenovo, logfile, mozilla, mp3, plug-in, problem, prozesse, pwmtr64v.dll, realtek, registry, rundll, search the web, software, virus, windows, worm.dorkbot, wurm, übertragung |