| |
| |||||||
Log-Analyse und Auswertung: Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up'sWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
12.01.2013, 16:33
| #1 |
| |  Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's Hallo liebes Trojaner-Board, ich habe seit einiger Zeit ein Problem, das mich so sehr nervt, dass ich mich extra hier angemeldet habe. Es ist sogar mein erstes Malüberhaupt in einem Forum, daher bitte ich darum formale Fehler zu entschuldigen und mich darauf hinzuweisen. Nun zum Problem: Wenn ich surfe und auf Links klicke werde ich statt auf die gewünschte Seite auf irgendwelche Werbeseiten weitergeleitet, nachdem kurz der Text "The document has moved, redirecting" eingeblendet wurde. Das ist allerdings nicht alles. In unregelmäßigen Abständen poppt unten rechts ein Fenster auf, das ebenfalls auf ominöse Seiten verweist. Es sind keine "normalen" Pop-Up's, da sie erscheinen können,egal auf welcher Seite ich bin und sie kommen zu oft. Aber nun zum merkwürdigsten Symptom. Unten Links im Browser scheint permanent ein unsichtbares, rechteckiges Feld zu sein, welches alle dort befindlichen Links überlagert, d. h. ich kann diese nicht anklicken. Selten hat dieses Feld ein kleines x umes zu schliessen, dabei ist aber wirklich nur das x zu sehen. Ich weiss, es klingt komisch aber das sind die Symptome. Ich hatte das gleiche Problem, bis auf das unsichtbare Feld, schon einmal. Damals hatte ich noch kein Antiviren-Programm. Nachdem ich eines installiert (Avast) und ausgeführt hatte war das Problem behoben. Seit es nun wieder aufgetreten ist habe ich etliche Programme versucht aber nichts hat geholfen. Ich hoffe ihr könnt mir helfen. Da ich noch neu bin, weiss ich nicht wie man die Logs verstecken kann. Für einen Hinweis wäre ich dankbar. Hier die Gmer-File: GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-12 15:15:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GJ10 465,76GB Running: gmer-2.0.18444.exe; Driver: C:\Users\***\AppData\Local\Temp\fglcypod.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] ---- Threads - GMER 2.0 ---- Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4544] 00000000731de2db Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4624] 000000006de38de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4628] 000000006de38de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4632] 000000006de38de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4636] 000000006de34e00 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808] 0000000075330000 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52afe06b5c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52afe06b5c@b0899132c151 0xC6 0x20 0x34 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78efffa7 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52afe06b5c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52afe06b5c@b0899132c151 0xC6 0x20 0x34 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78efffa7 (not active ControlSet) ---- EOF - GMER 2.0 ---- OTL hat keine Extra.txt erstellt. Ich weiß nicht warum. Hier die OTL-File: OTL logfile created on: 12.01.2013 15:40:34 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 58,01% Memory free 7,60 Gb Paging File | 5,88 Gb Available in Paging File | 77,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,82 Gb Total Space | 225,85 Gb Free Space | 49,66% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 2,46 Gb Free Space | 25,24% Space Free | Partition Type: NTFS Computer Name: ***-THINK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.14 20:10:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe PRC - [2012.12.11 14:50:00 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 14:49:20 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.11 14:49:19 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.07 18:23:02 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.12.07 18:22:58 | 018,880,392 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe PRC - [2012.11.16 10:09:00 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe PRC - [2012.01.04 19:31:14 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.04.14 13:24:26 | 000,410,984 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2011.04.14 13:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011.01.14 14:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2011.01.14 14:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe PRC - [2011.01.14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2010.07.06 13:22:22 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.04.07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2010.04.07 06:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.04.07 04:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2010.04.01 06:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2009.12.21 10:49:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009.11.24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2009.11.11 09:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe PRC - [2009.11.04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.01.26 13:36:35 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.02.01 13:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011.01.13 13:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV - [2012.12.11 14:50:00 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 14:49:20 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.07 18:46:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.07 18:23:02 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2012.01.04 19:31:14 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011.01.14 14:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2011.01.14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.24 19:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2010.07.06 13:22:22 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.04.07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2010.04.07 06:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.04.07 04:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 14:50:07 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 14:50:07 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.11 10:08:59 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.16 18:10:19 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.15 11:15:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.11.15 11:15:24 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2011.11.15 11:15:24 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewsercd.sys -- (ewsercd) DRV:64bit: - [2011.11.14 08:48:16 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.19 20:52:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.19 20:52:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.05.19 20:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.02.01 13:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2011.01.13 13:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2011.01.13 13:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.08.24 19:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2010.07.30 10:13:04 | 000,947,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010.06.22 05:28:06 | 000,729,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.06.17 09:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.04.28 10:43:12 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2010.04.13 01:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.08 16:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010.03.31 07:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.03.22 09:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.02.26 08:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.02 22:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.01.15 06:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.15 06:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.15 06:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.09.17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.07 07:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008.05.12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV - [2011.11.30 11:54:30 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2011.11.30 11:54:30 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewsercd.sys -- (ewsercd) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.12.13 11:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4} IE:64bit: - HKLM\..\SearchScopes\{7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/ IE - HKLM\..\SearchScopes,DefaultScope = {7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4} IE - HKLM\..\SearchScopes\{7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A0F6ADCF-40F4-11E1-8706-CC52AFE06B5C} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=101570&babsrc=SP_ss&mntrId=1a4b7a1b000000000000cc52afe06b5c IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms} IE - HKCU\..\SearchScopes\{C4CDF737-FB25-4A13-A592-629EAFF0720C}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQniHFOzJ&i=26 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A0F6ADCF-40F4-11E1-8706-CC52AFE06B5C} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.2 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.12 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 10:08:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 10:08:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.27 09:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.01.12 14:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions [2012.12.11 10:08:04 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013.01.12 14:57:50 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\firefox@ghostery.com [2012.12.11 10:08:06 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013.01.12 14:57:47 | 000,281,667 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f6j4nnvl.default-1354993378265\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.12.08 20:07:23 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f6j4nnvl.default-1354993378265\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.07 18:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.07 18:46:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.07 18:46:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.07 18:46:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 22:44:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 14:43:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.28 22:44:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.28 22:44:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.28 22:44:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.28 22:44:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.10 17:11:37 | 000,001,280 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 178.250.45.15 www.google-analytics.com. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 www.statcounter.com. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F27C7B4B-CA84-4486-B06A-5854B3AA7984}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{15e58d81-0f71-11e1-8a39-cc52afe06b5c}\Shell - "" = AutoRun O33 - MountPoints2\{15e58d81-0f71-11e1-8a39-cc52afe06b5c}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{34a401ff-b1ed-11e0-990c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{34a401ff-b1ed-11e0-990c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{95a9bbb2-fc1f-11e1-a34c-cc52afe06b5c}\Shell - "" = AutoRun O33 - MountPoints2\{95a9bbb2-fc1f-11e1-a34c-cc52afe06b5c}\Shell\AutoRun\command - "" = D:\pushinst.exe O33 - MountPoints2\{f04373b8-15f4-11e2-879c-cc52afe06b5c}\Shell - "" = AutoRun O33 - MountPoints2\{f04373b8-15f4-11e2-879c-cc52afe06b5c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.14 20:10:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe ========== Files - Modified Within 30 Days ========== [2013.01.12 15:36:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.01.12 15:34:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.01.12 15:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.12 15:14:43 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 15:14:43 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 15:06:48 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.01.12 15:06:33 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.12 15:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.12 15:06:07 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys [2013.01.12 14:52:05 | 000,365,568 | ---- | M] () -- C:\Users\Lucas\Desktop\gmer-2.0.18444.exe [2013.01.12 14:48:49 | 000,000,000 | ---- | M] () -- C:\Users\Lucas\defogger_reenable [2013.01.12 14:33:11 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.14 20:10:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe [2012.12.14 20:09:41 | 000,050,477 | ---- | M] () -- C:\Users\Lucas\Desktop\Defogger.exe ========== Files Created - No Company Name ========== [2013.01.12 14:52:04 | 000,365,568 | ---- | C] () -- C:\Users\Lucas\Desktop\gmer-2.0.18444.exe [2013.01.12 14:48:49 | 000,000,000 | ---- | C] () -- C:\Users\Lucas\defogger_reenable [2012.12.14 20:09:39 | 000,050,477 | ---- | C] () -- C:\Users\Lucas\Desktop\Defogger.exe [2012.09.13 07:05:28 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.02.03 17:34:47 | 000,000,127 | ---- | C] () -- C:\Users\Lucas\wxDownloadFast.ini [2011.11.19 19:37:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.11.19 19:37:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.11.19 19:37:11 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.11.19 19:37:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.15 16:02:43 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.22 10:15:10 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.07.19 11:13:10 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.07.19 11:13:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.07.19 11:13:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.07.19 11:13:09 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.07.19 11:13:09 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.27 13:39:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2012.12.11 16:27:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.04.11 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012 [2012.02.24 01:13:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2011.12.27 16:55:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DarkWave Studio [2012.01.24 20:39:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2012.02.21 23:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image-Line [2012.09.28 20:37:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit [2011.11.15 11:09:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.11.15 11:31:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo [2012.08.31 20:23:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LOVE [2012.01.26 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.11.18 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.10.31 19:49:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.05.26 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator [2012.02.22 00:09:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SynthMaker [2011.11.15 16:03:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.03.16 18:45:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2012.09.02 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Verbindungsassistent [2012.01.17 11:20:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\www.rene-zeidler.de ========== Purity Check ========== < End of report > |
|
12.01.2013, 17:24
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ |
|
12.01.2013, 18:23
| #3 |
| | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's Hallo und danke für die schnelle Antwort.
__________________Nein, weitere Logs habe ich nicht. |
|
13.01.2013, 19:44
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.01.2013, 21:20
| #5 |
| | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's Hallo, hier die Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.09.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lucas :: LUCAS-THINK [administrator]
13.01.2013 21:09:37
mbar-log-2013-01-13 (21-09-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27112
Time elapsed: 13 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
13.01.2013, 21:22
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's |
|
13.01.2013, 22:09
| #7 |
| | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's Die TDSS-Log: Code:
ATTFilter 22:05:06.0618 5900 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:05:07.0006 5900 ============================================================
22:05:07.0006 5900 Current date / time: 2013/01/13 22:05:07.0006
22:05:07.0006 5900 SystemInfo:
22:05:07.0006 5900
22:05:07.0006 5900 OS Version: 6.1.7601 ServicePack: 1.0
22:05:07.0006 5900 Product type: Workstation
22:05:07.0006 5900 ComputerName: LUCAS-THINK
22:05:07.0007 5900 UserName: Lucas
22:05:07.0007 5900 Windows directory: C:\Windows
22:05:07.0007 5900 System windows directory: C:\Windows
22:05:07.0007 5900 Running under WOW64
22:05:07.0007 5900 Processor architecture: Intel x64
22:05:07.0007 5900 Number of processors: 4
22:05:07.0007 5900 Page size: 0x1000
22:05:07.0007 5900 Boot type: Normal boot
22:05:07.0007 5900 ============================================================
22:05:07.0551 5900 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:05:07.0559 5900 ============================================================
22:05:07.0559 5900 \Device\Harddisk0\DR0:
22:05:07.0560 5900 MBR partitions:
22:05:07.0560 5900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2, BlocksNum 0x258030
22:05:07.0560 5900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258032, BlocksNum 0x38DA501A
22:05:07.0560 5900 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38FFD04C, BlocksNum 0x1388046
22:05:07.0560 5900 ============================================================
22:05:07.0584 5900 C: <-> \Device\Harddisk0\DR0\Partition2
22:05:07.0638 5900 Q: <-> \Device\Harddisk0\DR0\Partition3
22:05:07.0638 5900 ============================================================
22:05:07.0638 5900 Initialize success
22:05:07.0638 5900 ============================================================
22:05:27.0123 0484 ============================================================
22:05:27.0123 0484 Scan started
22:05:27.0123 0484 Mode: Manual; SigCheck; TDLFS;
22:05:27.0123 0484 ============================================================
22:05:27.0583 0484 ================ Scan system memory ========================
22:05:27.0583 0484 System memory - ok
22:05:27.0585 0484 ================ Scan services =============================
22:05:27.0853 0484 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:05:27.0965 0484 1394ohci - ok
22:05:28.0026 0484 [ 506BBDCDFC0314CB75B75CC0281EE0D1 ] 5U877 C:\Windows\system32\DRIVERS\5U877.sys
22:05:28.0131 0484 5U877 - ok
22:05:28.0170 0484 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:05:28.0202 0484 ACPI - ok
22:05:28.0250 0484 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:05:28.0294 0484 AcpiPmi - ok
22:05:28.0437 0484 [ DEECCADBD25F65D65293A09721B3A447 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
22:05:28.0460 0484 AcPrfMgrSvc - ok
22:05:28.0488 0484 [ A7753804C6C66C9C80F4E29659FD721C ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
22:05:28.0510 0484 AcSvc - ok
22:05:28.0622 0484 [ E9BACEDF8511EF671E817D8690E12DE3 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
22:05:28.0679 0484 Ad-Aware Service - ok
22:05:28.0744 0484 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:05:28.0778 0484 adp94xx - ok
22:05:28.0840 0484 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:05:28.0868 0484 adpahci - ok
22:05:28.0877 0484 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:05:28.0901 0484 adpu320 - ok
22:05:28.0947 0484 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:05:29.0053 0484 AeLookupSvc - ok
22:05:29.0115 0484 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:05:29.0191 0484 AFD - ok
22:05:29.0248 0484 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:05:29.0269 0484 agp440 - ok
22:05:29.0304 0484 AIDA64Driver - ok
22:05:29.0344 0484 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:05:29.0421 0484 ALG - ok
22:05:29.0470 0484 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:05:29.0500 0484 aliide - ok
22:05:29.0529 0484 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:05:29.0548 0484 amdide - ok
22:05:29.0568 0484 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:05:29.0609 0484 AmdK8 - ok
22:05:29.0618 0484 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:05:29.0646 0484 AmdPPM - ok
22:05:29.0699 0484 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:05:29.0721 0484 amdsata - ok
22:05:29.0739 0484 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:05:29.0763 0484 amdsbs - ok
22:05:29.0784 0484 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:05:29.0804 0484 amdxata - ok
22:05:30.0011 0484 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:05:30.0031 0484 AntiVirSchedulerService - ok
22:05:30.0108 0484 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:05:30.0124 0484 AntiVirService - ok
22:05:30.0173 0484 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:05:30.0261 0484 AppID - ok
22:05:30.0302 0484 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:05:30.0397 0484 AppIDSvc - ok
22:05:30.0451 0484 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
22:05:30.0564 0484 Appinfo - ok
22:05:30.0609 0484 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:05:30.0630 0484 arc - ok
22:05:30.0653 0484 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:05:30.0674 0484 arcsas - ok
22:05:30.0697 0484 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:05:30.0788 0484 AsyncMac - ok
22:05:30.0825 0484 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:05:30.0844 0484 atapi - ok
22:05:30.0894 0484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:05:31.0006 0484 AudioEndpointBuilder - ok
22:05:31.0020 0484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:05:31.0098 0484 AudioSrv - ok
22:05:31.0175 0484 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:05:31.0211 0484 avgntflt - ok
22:05:31.0261 0484 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:05:31.0283 0484 avipbb - ok
22:05:31.0319 0484 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:05:31.0337 0484 avkmgr - ok
22:05:31.0375 0484 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:05:31.0445 0484 AxInstSV - ok
22:05:31.0515 0484 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:05:31.0560 0484 b06bdrv - ok
22:05:31.0604 0484 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:05:31.0652 0484 b57nd60a - ok
22:05:31.0780 0484 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
22:05:31.0823 0484 BBSvc - ok
22:05:31.0885 0484 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
22:05:31.0924 0484 BBUpdate - ok
22:05:31.0954 0484 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:05:32.0001 0484 BDESVC - ok
22:05:32.0033 0484 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:05:32.0131 0484 Beep - ok
22:05:32.0191 0484 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:05:32.0317 0484 BFE - ok
22:05:32.0389 0484 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:05:32.0502 0484 BITS - ok
22:05:32.0551 0484 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:05:32.0609 0484 blbdrive - ok
22:05:32.0655 0484 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:05:32.0701 0484 bowser - ok
22:05:32.0762 0484 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:05:32.0821 0484 BrFiltLo - ok
22:05:32.0828 0484 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:05:32.0864 0484 BrFiltUp - ok
22:05:32.0923 0484 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:05:32.0960 0484 Browser - ok
22:05:32.0996 0484 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:05:33.0044 0484 Brserid - ok
22:05:33.0051 0484 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:05:33.0083 0484 BrSerWdm - ok
22:05:33.0089 0484 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:05:33.0122 0484 BrUsbMdm - ok
22:05:33.0154 0484 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:05:33.0202 0484 BrUsbSer - ok
22:05:33.0258 0484 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:05:33.0298 0484 BthEnum - ok
22:05:33.0327 0484 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:05:33.0379 0484 BTHMODEM - ok
22:05:33.0417 0484 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:05:33.0484 0484 BthPan - ok
22:05:33.0543 0484 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:05:33.0598 0484 BTHPORT - ok
22:05:33.0648 0484 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:05:33.0717 0484 bthserv - ok
22:05:33.0748 0484 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:05:33.0796 0484 BTHUSB - ok
22:05:33.0835 0484 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
22:05:33.0865 0484 btusbflt - ok
22:05:33.0889 0484 [ A72A9101F9730DB7332714E566614E4D ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:05:33.0907 0484 btwaudio - ok
22:05:33.0934 0484 [ 5CEEC634B617525F2B6AD29F871033F7 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
22:05:33.0954 0484 btwavdt - ok
22:05:34.0057 0484 [ 1D2A95842F8DDDEDD9B600A9CC7936B5 ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
22:05:34.0122 0484 btwdins - ok
22:05:34.0156 0484 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:05:34.0169 0484 btwl2cap - ok
22:05:34.0187 0484 [ 2AF5604D28BEF77B7CF4B9D232FE7CD3 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:05:34.0202 0484 btwrchid - ok
22:05:34.0229 0484 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:05:34.0319 0484 cdfs - ok
22:05:34.0381 0484 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:05:34.0414 0484 cdrom - ok
22:05:34.0445 0484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:05:34.0534 0484 CertPropSvc - ok
22:05:34.0585 0484 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:05:34.0634 0484 circlass - ok
22:05:34.0677 0484 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:05:34.0720 0484 CLFS - ok
22:05:34.0805 0484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:05:34.0836 0484 clr_optimization_v2.0.50727_32 - ok
22:05:34.0893 0484 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:05:34.0912 0484 clr_optimization_v2.0.50727_64 - ok
22:05:34.0977 0484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:05:35.0012 0484 clr_optimization_v4.0.30319_32 - ok
22:05:35.0058 0484 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:05:35.0078 0484 clr_optimization_v4.0.30319_64 - ok
22:05:35.0112 0484 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:05:35.0158 0484 CmBatt - ok
22:05:35.0179 0484 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:05:35.0197 0484 cmdide - ok
22:05:35.0250 0484 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:05:35.0306 0484 CNG - ok
22:05:35.0375 0484 [ A7D943BCFB70F1F053C274B348267B55 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
22:05:35.0422 0484 CnxtHdAudService - ok
22:05:35.0464 0484 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:05:35.0482 0484 Compbatt - ok
22:05:35.0504 0484 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:05:35.0574 0484 CompositeBus - ok
22:05:35.0599 0484 COMSysApp - ok
22:05:35.0627 0484 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:05:35.0646 0484 crcdisk - ok
22:05:35.0734 0484 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:05:35.0778 0484 CryptSvc - ok
22:05:35.0905 0484 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:05:35.0959 0484 cvhsvc - ok
22:05:36.0018 0484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:05:36.0121 0484 DcomLaunch - ok
22:05:36.0167 0484 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:05:36.0264 0484 defragsvc - ok
22:05:36.0300 0484 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:05:36.0395 0484 DfsC - ok
22:05:36.0439 0484 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:05:36.0490 0484 Dhcp - ok
22:05:36.0532 0484 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:05:36.0636 0484 discache - ok
22:05:36.0688 0484 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:05:36.0708 0484 Disk - ok
22:05:36.0738 0484 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:05:36.0787 0484 Dnscache - ok
22:05:36.0827 0484 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:05:36.0900 0484 dot3svc - ok
22:05:36.0922 0484 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:05:37.0019 0484 DPS - ok
22:05:37.0062 0484 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:05:37.0119 0484 drmkaud - ok
22:05:37.0181 0484 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:05:37.0233 0484 DXGKrnl - ok
22:05:37.0257 0484 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:05:37.0355 0484 EapHost - ok
22:05:37.0505 0484 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:05:37.0610 0484 ebdrv - ok
22:05:37.0649 0484 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:05:37.0699 0484 EFS - ok
22:05:37.0782 0484 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:05:37.0861 0484 ehRecvr - ok
22:05:37.0895 0484 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:05:37.0920 0484 ehSched - ok
22:05:37.0968 0484 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:05:38.0002 0484 elxstor - ok
22:05:38.0008 0484 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:05:38.0050 0484 ErrDev - ok
22:05:38.0104 0484 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:05:38.0202 0484 EventSystem - ok
22:05:38.0240 0484 [ 4A158424FE9E32365D67989304733241 ] ewsercd C:\Windows\system32\DRIVERS\ewsercd.sys
22:05:38.0288 0484 ewsercd - ok
22:05:38.0341 0484 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:05:38.0435 0484 exfat - ok
22:05:38.0463 0484 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:05:38.0559 0484 fastfat - ok
22:05:38.0614 0484 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:05:38.0670 0484 Fax - ok
22:05:38.0713 0484 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:05:38.0747 0484 fdc - ok
22:05:38.0790 0484 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:05:38.0859 0484 fdPHost - ok
22:05:38.0873 0484 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:05:38.0965 0484 FDResPub - ok
22:05:39.0018 0484 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:05:39.0040 0484 FileInfo - ok
22:05:39.0056 0484 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:05:39.0154 0484 Filetrace - ok
22:05:39.0204 0484 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:05:39.0239 0484 flpydisk - ok
22:05:39.0265 0484 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:05:39.0295 0484 FltMgr - ok
22:05:39.0338 0484 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
22:05:39.0406 0484 FontCache - ok
22:05:39.0466 0484 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:05:39.0486 0484 FontCache3.0.0.0 - ok
22:05:39.0513 0484 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:05:39.0532 0484 FsDepends - ok
22:05:39.0569 0484 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:05:39.0588 0484 Fs_Rec - ok
22:05:39.0611 0484 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:05:39.0641 0484 fvevol - ok
22:05:39.0672 0484 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:05:39.0693 0484 gagp30kx - ok
22:05:39.0758 0484 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys
22:05:39.0775 0484 gfibto - ok
22:05:39.0822 0484 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:05:39.0906 0484 gpsvc - ok
22:05:39.0968 0484 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:05:39.0986 0484 gupdate - ok
22:05:40.0001 0484 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:05:40.0017 0484 gupdatem - ok
22:05:40.0086 0484 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:05:40.0115 0484 gusvc - ok
22:05:40.0156 0484 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:05:40.0198 0484 hcw85cir - ok
22:05:40.0238 0484 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:05:40.0298 0484 HdAudAddService - ok
22:05:40.0336 0484 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:05:40.0389 0484 HDAudBus - ok
22:05:40.0451 0484 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:05:40.0470 0484 HECIx64 - ok
22:05:40.0492 0484 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:05:40.0529 0484 HidBatt - ok
22:05:40.0556 0484 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:05:40.0610 0484 HidBth - ok
22:05:40.0641 0484 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:05:40.0669 0484 HidIr - ok
22:05:40.0692 0484 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:05:40.0763 0484 hidserv - ok
22:05:40.0803 0484 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:05:40.0824 0484 HidUsb - ok
22:05:40.0852 0484 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:05:40.0948 0484 hkmsvc - ok
22:05:40.0980 0484 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:05:41.0028 0484 HomeGroupListener - ok
22:05:41.0070 0484 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:05:41.0130 0484 HomeGroupProvider - ok
22:05:41.0181 0484 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:05:41.0201 0484 HpSAMD - ok
22:05:41.0258 0484 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:05:41.0361 0484 HTTP - ok
22:05:41.0432 0484 [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:05:41.0475 0484 hwdatacard - ok
22:05:41.0505 0484 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:05:41.0524 0484 hwpolicy - ok
22:05:41.0553 0484 [ 1F24CF1F7DB6D4461AC65A86DB8E4BC2 ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys
22:05:41.0595 0484 hwusbfake - ok
22:05:41.0642 0484 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:05:41.0675 0484 i8042prt - ok
22:05:41.0738 0484 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\Windows\system32\drivers\iaStor.sys
22:05:41.0789 0484 iaStor - ok
22:05:41.0847 0484 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:05:41.0889 0484 iaStorV - ok
22:05:41.0944 0484 [ A9BD44426A69079240767FE4AEE0EA71 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:05:41.0969 0484 IBMPMDRV - ok
22:05:42.0000 0484 [ 57D4A3ED5497DB0C5A53E680A9BDD1C6 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
22:05:42.0018 0484 IBMPMSVC - ok
22:05:42.0082 0484 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:05:42.0139 0484 idsvc - ok
22:05:42.0404 0484 [ 09CE164AFA8483E41808784D7FCA154E ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:05:42.0641 0484 igfx - ok
22:05:42.0707 0484 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:05:42.0727 0484 iirsp - ok
22:05:42.0782 0484 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:05:42.0911 0484 IKEEXT - ok
22:05:42.0965 0484 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:05:43.0004 0484 Impcd - ok
22:05:43.0054 0484 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
22:05:43.0105 0484 IntcDAud - ok
22:05:43.0129 0484 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:05:43.0149 0484 intelide - ok
22:05:43.0190 0484 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:05:43.0249 0484 intelppm - ok
22:05:43.0298 0484 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:05:43.0397 0484 IPBusEnum - ok
22:05:43.0432 0484 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:05:43.0529 0484 IpFilterDriver - ok
22:05:43.0571 0484 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:05:43.0635 0484 iphlpsvc - ok
22:05:43.0659 0484 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:05:43.0703 0484 IPMIDRV - ok
22:05:43.0734 0484 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:05:43.0832 0484 IPNAT - ok
22:05:43.0861 0484 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:05:43.0917 0484 IRENUM - ok
22:05:43.0924 0484 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:05:43.0944 0484 isapnp - ok
22:05:43.0977 0484 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:05:44.0004 0484 iScsiPrt - ok
22:05:44.0037 0484 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:05:44.0058 0484 kbdclass - ok
22:05:44.0109 0484 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:05:44.0164 0484 kbdhid - ok
22:05:44.0206 0484 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:05:44.0230 0484 KeyIso - ok
22:05:44.0253 0484 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:05:44.0275 0484 KSecDD - ok
22:05:44.0293 0484 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:05:44.0316 0484 KSecPkg - ok
22:05:44.0341 0484 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:05:44.0437 0484 ksthunk - ok
22:05:44.0496 0484 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:05:44.0587 0484 KtmRm - ok
22:05:44.0647 0484 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:05:44.0747 0484 LanmanServer - ok
22:05:44.0791 0484 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:05:44.0917 0484 LanmanWorkstation - ok
22:05:45.0000 0484 [ 8B5EB24FCE3926128138B769D50CEE1B ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
22:05:45.0023 0484 LENOVO.CAMMUTE - ok
22:05:45.0073 0484 [ C88EB33793420A79F601FB5E33E2EDD9 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
22:05:45.0091 0484 LENOVO.MICMUTE - ok
22:05:45.0119 0484 [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
22:05:45.0137 0484 lenovo.smi - ok
22:05:45.0161 0484 [ F1A055E1381528E947CDB959117B67D0 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
22:05:45.0175 0484 LENOVO.TPKNRSVC - ok
22:05:45.0193 0484 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
22:05:45.0208 0484 Lenovo.VIRTSCRLSVC - ok
22:05:45.0242 0484 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:05:45.0335 0484 lltdio - ok
22:05:45.0362 0484 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:05:45.0452 0484 lltdsvc - ok
22:05:45.0505 0484 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:05:45.0607 0484 lmhosts - ok
22:05:45.0667 0484 [ 5460828F8951D310B42B442877603B8D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:05:45.0688 0484 LMS - ok
22:05:45.0727 0484 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:05:45.0748 0484 LSI_FC - ok
22:05:45.0779 0484 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:05:45.0800 0484 LSI_SAS - ok
22:05:45.0806 0484 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:05:45.0826 0484 LSI_SAS2 - ok
22:05:45.0858 0484 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:05:45.0880 0484 LSI_SCSI - ok
22:05:45.0924 0484 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:05:46.0031 0484 luafv - ok
22:05:46.0093 0484 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:05:46.0144 0484 Mcx2Svc - ok
22:05:46.0194 0484 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:05:46.0226 0484 megasas - ok
22:05:46.0272 0484 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:05:46.0298 0484 MegaSR - ok
22:05:46.0327 0484 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:05:46.0400 0484 MMCSS - ok
22:05:46.0411 0484 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:05:46.0500 0484 Modem - ok
22:05:46.0545 0484 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:05:46.0615 0484 monitor - ok
22:05:46.0660 0484 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:05:46.0680 0484 mouclass - ok
22:05:46.0718 0484 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:05:46.0763 0484 mouhid - ok
22:05:46.0807 0484 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:05:46.0828 0484 mountmgr - ok
22:05:46.0904 0484 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:05:46.0925 0484 MozillaMaintenance - ok
22:05:46.0971 0484 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:05:47.0009 0484 mpio - ok
22:05:47.0031 0484 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:05:47.0102 0484 mpsdrv - ok
22:05:47.0145 0484 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:05:47.0233 0484 MpsSvc - ok
22:05:47.0240 0484 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:05:47.0301 0484 MRxDAV - ok
22:05:47.0341 0484 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:05:47.0380 0484 mrxsmb - ok
22:05:47.0420 0484 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:05:47.0443 0484 mrxsmb10 - ok
22:05:47.0458 0484 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:05:47.0508 0484 mrxsmb20 - ok
22:05:47.0552 0484 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:05:47.0580 0484 msahci - ok
22:05:47.0587 0484 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:05:47.0610 0484 msdsm - ok
22:05:47.0630 0484 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:05:47.0676 0484 MSDTC - ok
22:05:47.0708 0484 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:05:47.0806 0484 Msfs - ok
22:05:47.0836 0484 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:05:47.0927 0484 mshidkmdf - ok
22:05:47.0953 0484 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:05:47.0971 0484 msisadrv - ok
22:05:48.0020 0484 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:05:48.0107 0484 MSiSCSI - ok
22:05:48.0113 0484 msiserver - ok
22:05:48.0165 0484 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:05:48.0251 0484 MSKSSRV - ok
22:05:48.0275 0484 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:05:48.0363 0484 MSPCLOCK - ok
22:05:48.0387 0484 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:05:48.0479 0484 MSPQM - ok
22:05:48.0510 0484 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:05:48.0541 0484 MsRPC - ok
22:05:48.0564 0484 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:05:48.0583 0484 mssmbios - ok
22:05:48.0610 0484 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:05:48.0697 0484 MSTEE - ok
22:05:48.0703 0484 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:05:48.0731 0484 MTConfig - ok
22:05:48.0764 0484 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:05:48.0784 0484 Mup - ok
22:05:48.0816 0484 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:05:48.0932 0484 napagent - ok
22:05:48.0992 0484 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:05:49.0051 0484 NativeWifiP - ok
22:05:49.0091 0484 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:05:49.0140 0484 NDIS - ok
22:05:49.0172 0484 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:05:49.0243 0484 NdisCap - ok
22:05:49.0287 0484 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:05:49.0355 0484 NdisTapi - ok
22:05:49.0384 0484 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:05:49.0474 0484 Ndisuio - ok
22:05:49.0502 0484 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:05:49.0597 0484 NdisWan - ok
22:05:49.0625 0484 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:05:49.0693 0484 NDProxy - ok
22:05:49.0719 0484 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:05:49.0811 0484 NetBIOS - ok
22:05:49.0853 0484 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:05:49.0940 0484 NetBT - ok
22:05:49.0962 0484 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:05:49.0983 0484 Netlogon - ok
22:05:50.0024 0484 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:05:50.0128 0484 Netman - ok
22:05:50.0170 0484 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:05:50.0276 0484 netprofm - ok
22:05:50.0326 0484 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:05:50.0344 0484 NetTcpPortSharing - ok
22:05:50.0400 0484 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:05:50.0420 0484 nfrd960 - ok
22:05:50.0469 0484 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:05:50.0535 0484 NlaSvc - ok
22:05:50.0568 0484 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:05:50.0637 0484 Npfs - ok
22:05:50.0663 0484 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:05:50.0753 0484 nsi - ok
22:05:50.0790 0484 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:05:50.0908 0484 nsiproxy - ok
22:05:50.0985 0484 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:05:51.0063 0484 Ntfs - ok
22:05:51.0079 0484 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:05:51.0190 0484 Null - ok
22:05:51.0262 0484 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:05:51.0297 0484 nvraid - ok
22:05:51.0312 0484 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:05:51.0335 0484 nvstor - ok
22:05:51.0384 0484 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:05:51.0407 0484 nv_agp - ok
22:05:51.0413 0484 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:05:51.0449 0484 ohci1394 - ok
22:05:51.0518 0484 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:05:51.0540 0484 ose - ok
22:05:51.0700 0484 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:05:51.0894 0484 osppsvc - ok
22:05:51.0921 0484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:05:51.0947 0484 p2pimsvc - ok
22:05:51.0969 0484 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:05:51.0997 0484 p2psvc - ok
22:05:52.0029 0484 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:05:52.0051 0484 Parport - ok
22:05:52.0088 0484 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:05:52.0108 0484 partmgr - ok
22:05:52.0133 0484 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:05:52.0196 0484 PcaSvc - ok
22:05:52.0229 0484 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:05:52.0252 0484 pci - ok
22:05:52.0293 0484 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:05:52.0311 0484 pciide - ok
22:05:52.0319 0484 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:05:52.0344 0484 pcmcia - ok
22:05:52.0367 0484 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:05:52.0387 0484 pcw - ok
22:05:52.0413 0484 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:05:52.0520 0484 PEAUTH - ok
22:05:52.0618 0484 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:05:52.0673 0484 PerfHost - ok
22:05:52.0759 0484 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:05:52.0876 0484 pla - ok
22:05:52.0940 0484 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:05:52.0997 0484 PlugPlay - ok
22:05:53.0024 0484 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:05:53.0086 0484 PNRPAutoReg - ok
22:05:53.0122 0484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:05:53.0152 0484 PNRPsvc - ok
22:05:53.0186 0484 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:05:53.0287 0484 PolicyAgent - ok
22:05:53.0325 0484 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
22:05:53.0392 0484 Power - ok
22:05:53.0470 0484 [ BAC02775CF629E5FE80BEA952F4448EF ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
22:05:53.0494 0484 Power Manager DBC Service - ok
22:05:53.0533 0484 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:05:53.0630 0484 PptpMiniport - ok
22:05:53.0651 0484 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:05:53.0690 0484 Processor - ok
22:05:53.0730 0484 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:05:53.0756 0484 ProfSvc - ok
22:05:53.0773 0484 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:05:53.0795 0484 ProtectedStorage - ok
22:05:53.0820 0484 [ A70AD30223866947E39BC221DF4C2306 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
22:05:53.0837 0484 psadd - ok
22:05:53.0867 0484 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:05:53.0958 0484 Psched - ok
22:05:54.0059 0484 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:05:54.0133 0484 ql2300 - ok
22:05:54.0140 0484 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:05:54.0163 0484 ql40xx - ok
22:05:54.0195 0484 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:05:54.0232 0484 QWAVE - ok
22:05:54.0259 0484 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:05:54.0316 0484 QWAVEdrv - ok
22:05:54.0322 0484 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:05:54.0392 0484 RasAcd - ok
22:05:54.0446 0484 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:05:54.0515 0484 RasAgileVpn - ok
22:05:54.0538 0484 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:05:54.0634 0484 RasAuto - ok
22:05:54.0665 0484 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:05:54.0761 0484 Rasl2tp - ok
22:05:54.0811 0484 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:05:54.0891 0484 RasMan - ok
22:05:54.0911 0484 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:05:55.0025 0484 RasPppoe - ok
22:05:55.0058 0484 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:05:55.0154 0484 RasSstp - ok
22:05:55.0187 0484 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:05:55.0277 0484 rdbss - ok
22:05:55.0319 0484 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
22:05:55.0373 0484 rdpbus - ok
22:05:55.0415 0484 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:05:55.0483 0484 RDPCDD - ok
22:05:55.0504 0484 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:05:55.0605 0484 RDPENCDD - ok
22:05:55.0634 0484 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:05:55.0702 0484 RDPREFMP - ok
22:05:55.0736 0484 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:05:55.0783 0484 RDPWD - ok
22:05:55.0822 0484 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:05:55.0847 0484 rdyboost - ok
22:05:55.0871 0484 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:05:55.0944 0484 RemoteAccess - ok
22:05:55.0963 0484 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:05:56.0056 0484 RemoteRegistry - ok
22:05:56.0110 0484 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:05:56.0163 0484 RFCOMM - ok
22:05:56.0193 0484 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:05:56.0287 0484 RpcEptMapper - ok
22:05:56.0324 0484 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:05:56.0362 0484 RpcLocator - ok
22:05:56.0401 0484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:05:56.0479 0484 RpcSs - ok
22:05:56.0521 0484 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:05:56.0616 0484 rspndr - ok
22:05:56.0654 0484 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
22:05:56.0677 0484 RSUSBSTOR - ok
22:05:56.0716 0484 [ 4FBDA07EF0A3097CE14C5CABF723B278 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:05:56.0741 0484 RTL8167 - ok
22:05:56.0799 0484 [ 9A1CEA6E20E19AFCE888D3F3E4358381 ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
22:05:56.0842 0484 RTL8192Ce - ok
22:05:56.0863 0484 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:05:56.0885 0484 SamSs - ok
22:05:57.0059 0484 [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
22:05:57.0211 0484 SBAMSvc - ok
22:05:57.0269 0484 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:05:57.0303 0484 sbp2port - ok
22:05:57.0338 0484 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:05:57.0430 0484 SCardSvr - ok
22:05:57.0456 0484 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:05:57.0542 0484 scfilter - ok
22:05:57.0600 0484 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:05:57.0717 0484 Schedule - ok
22:05:57.0749 0484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:05:57.0815 0484 SCPolicySvc - ok
22:05:57.0852 0484 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:05:57.0897 0484 SDRSVC - ok
22:05:58.0047 0484 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:05:58.0116 0484 SDScannerService - ok
22:05:58.0216 0484 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:05:58.0270 0484 SDUpdateService - ok
22:05:58.0323 0484 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:05:58.0344 0484 SDWSCService - ok
22:05:58.0386 0484 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:05:58.0480 0484 secdrv - ok
22:05:58.0526 0484 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:05:58.0639 0484 seclogon - ok
22:05:58.0666 0484 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:05:58.0781 0484 SENS - ok
22:05:58.0818 0484 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:05:58.0863 0484 SensrSvc - ok
22:05:58.0919 0484 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
22:05:58.0963 0484 Serenum - ok
22:05:59.0005 0484 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
22:05:59.0052 0484 Serial - ok
22:05:59.0059 0484 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:05:59.0093 0484 sermouse - ok
22:05:59.0152 0484 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:05:59.0272 0484 SessionEnv - ok
22:05:59.0290 0484 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:05:59.0318 0484 sffdisk - ok
22:05:59.0324 0484 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:05:59.0377 0484 sffp_mmc - ok
22:05:59.0404 0484 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:05:59.0456 0484 sffp_sd - ok
22:05:59.0484 0484 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:05:59.0532 0484 sfloppy - ok
22:05:59.0593 0484 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
22:05:59.0630 0484 Sftfs - ok
22:05:59.0692 0484 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:05:59.0724 0484 sftlist - ok
22:05:59.0755 0484 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:05:59.0778 0484 Sftplay - ok
22:05:59.0795 0484 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:05:59.0809 0484 Sftredir - ok
22:05:59.0837 0484 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
22:05:59.0853 0484 Sftvol - ok
22:05:59.0879 0484 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:05:59.0903 0484 sftvsa - ok
22:05:59.0938 0484 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:06:00.0040 0484 SharedAccess - ok
22:06:00.0089 0484 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:06:00.0185 0484 ShellHWDetection - ok
22:06:00.0240 0484 [ 380B52126E62C6C2D3C8BA805AADFDC7 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
22:06:00.0256 0484 Shockprf - ok
22:06:00.0304 0484 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:06:00.0323 0484 SiSRaid2 - ok
22:06:00.0330 0484 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:06:00.0353 0484 SiSRaid4 - ok
22:06:00.0386 0484 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:06:00.0504 0484 Smb - ok
22:06:00.0554 0484 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:06:00.0577 0484 SNMPTRAP - ok
22:06:00.0595 0484 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:06:00.0614 0484 spldr - ok
22:06:00.0641 0484 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:06:00.0675 0484 Spooler - ok
22:06:00.0784 0484 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:06:00.0949 0484 sppsvc - ok
22:06:00.0986 0484 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:06:01.0057 0484 sppuinotify - ok
22:06:01.0094 0484 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:06:01.0162 0484 srv - ok
22:06:01.0198 0484 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:06:01.0258 0484 srv2 - ok
22:06:01.0294 0484 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:06:01.0316 0484 srvnet - ok
22:06:01.0348 0484 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:06:01.0422 0484 SSDPSRV - ok
22:06:01.0446 0484 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:06:01.0518 0484 SstpSvc - ok
22:06:01.0558 0484 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:06:01.0589 0484 stexstor - ok
22:06:01.0630 0484 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:06:01.0693 0484 stisvc - ok
22:06:01.0724 0484 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:06:01.0743 0484 swenum - ok
22:06:01.0780 0484 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:06:01.0891 0484 swprv - ok
22:06:02.0001 0484 [ FFDD13B42D4B106AC9FAFBB0E1F7FAA5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:06:02.0075 0484 SynTP - ok
22:06:02.0144 0484 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:06:02.0212 0484 SysMain - ok
22:06:02.0233 0484 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:06:02.0293 0484 TabletInputService - ok
22:06:02.0350 0484 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:06:02.0439 0484 TapiSrv - ok
22:06:02.0462 0484 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:06:02.0555 0484 TBS - ok
22:06:02.0661 0484 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:06:02.0742 0484 Tcpip - ok
22:06:02.0783 0484 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:06:02.0859 0484 TCPIP6 - ok
22:06:02.0888 0484 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:06:02.0910 0484 tcpipreg - ok
22:06:02.0952 0484 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:06:03.0000 0484 TDPIPE - ok
22:06:03.0039 0484 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:06:03.0064 0484 TDTCP - ok
22:06:03.0086 0484 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:06:03.0177 0484 tdx - ok
22:06:03.0211 0484 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:06:03.0231 0484 TermDD - ok
22:06:03.0273 0484 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:06:03.0375 0484 TermService - ok
22:06:03.0400 0484 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:06:03.0437 0484 Themes - ok
22:06:03.0451 0484 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:06:03.0520 0484 THREADORDER - ok
22:06:03.0532 0484 [ 5523C729F1ED31B63C88490AF3D220FA ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
22:06:03.0546 0484 TPDIGIMN - ok
22:06:03.0572 0484 [ ECB098A3404ACB8A05F0673DC086BB43 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
22:06:03.0589 0484 TPHDEXLGSVC - ok
22:06:03.0671 0484 [ 2CF225E19490F499528B926263FE4554 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
22:06:03.0694 0484 TPHKSVC - ok
22:06:03.0735 0484 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
22:06:03.0778 0484 TPM - ok
22:06:03.0849 0484 [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
22:06:03.0867 0484 TPPWRIF - ok
22:06:03.0899 0484 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:06:03.0998 0484 TrkWks - ok
22:06:04.0064 0484 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
22:06:04.0090 0484 truecrypt - ok
22:06:04.0141 0484 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:06:04.0221 0484 TrustedInstaller - ok
22:06:04.0240 0484 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:06:04.0337 0484 tssecsrv - ok
22:06:04.0381 0484 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:06:04.0458 0484 TsUsbFlt - ok
22:06:04.0471 0484 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:06:04.0513 0484 TsUsbGD - ok
22:06:04.0556 0484 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:06:04.0652 0484 tunnel - ok
22:06:04.0677 0484 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:06:04.0698 0484 uagp35 - ok
22:06:04.0722 0484 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:06:04.0821 0484 udfs - ok
22:06:04.0875 0484 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:06:04.0919 0484 UI0Detect - ok
22:06:04.0961 0484 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:06:04.0981 0484 uliagpkx - ok
22:06:05.0004 0484 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:06:05.0049 0484 umbus - ok
22:06:05.0101 0484 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:06:05.0152 0484 UmPass - ok
22:06:05.0287 0484 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:06:05.0382 0484 UNS - ok
22:06:05.0416 0484 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:06:05.0523 0484 upnphost - ok
22:06:05.0556 0484 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:06:05.0601 0484 usbccgp - ok
22:06:05.0651 0484 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:06:05.0681 0484 usbcir - ok
22:06:05.0713 0484 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:06:05.0769 0484 usbehci - ok
22:06:05.0819 0484 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:06:05.0872 0484 usbhub - ok
22:06:05.0927 0484 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:06:05.0966 0484 usbohci - ok
22:06:05.0988 0484 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:06:06.0039 0484 usbprint - ok
22:06:06.0082 0484 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:06:06.0116 0484 USBSTOR - ok
22:06:06.0122 0484 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:06:06.0164 0484 usbuhci - ok
22:06:06.0232 0484 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:06:06.0262 0484 usbvideo - ok
22:06:06.0296 0484 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:06:06.0389 0484 UxSms - ok
22:06:06.0420 0484 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:06:06.0440 0484 VaultSvc - ok
22:06:06.0461 0484 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:06:06.0481 0484 vdrvroot - ok
22:06:06.0507 0484 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:06:06.0610 0484 vds - ok
22:06:06.0642 0484 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:06:06.0669 0484 vga - ok
22:06:06.0682 0484 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:06:06.0772 0484 VgaSave - ok
22:06:06.0798 0484 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:06:06.0822 0484 vhdmp - ok
22:06:06.0850 0484 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:06:06.0868 0484 viaide - ok
22:06:06.0883 0484 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:06:06.0903 0484 volmgr - ok
22:06:06.0925 0484 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:06:06.0953 0484 volmgrx - ok
22:06:06.0969 0484 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:06:06.0996 0484 volsnap - ok
22:06:07.0029 0484 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:06:07.0052 0484 vsmraid - ok
22:06:07.0134 0484 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:06:07.0258 0484 VSS - ok
22:06:07.0290 0484 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:06:07.0344 0484 vwifibus - ok
22:06:07.0384 0484 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:06:07.0440 0484 vwififlt - ok
22:06:07.0501 0484 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:06:07.0578 0484 W32Time - ok
22:06:07.0619 0484 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:06:07.0662 0484 WacomPen - ok
22:06:07.0699 0484 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:06:07.0794 0484 WANARP - ok
22:06:07.0817 0484 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:06:07.0885 0484 Wanarpv6 - ok
22:06:07.0950 0484 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:06:08.0011 0484 WatAdminSvc - ok
22:06:08.0067 0484 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:06:08.0116 0484 wbengine - ok
22:06:08.0132 0484 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:06:08.0168 0484 WbioSrvc - ok
22:06:08.0188 0484 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:06:08.0247 0484 wcncsvc - ok
22:06:08.0290 0484 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:06:08.0347 0484 WcsPlugInService - ok
22:06:08.0402 0484 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:06:08.0436 0484 Wd - ok
22:06:08.0493 0484 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:06:08.0549 0484 Wdf01000 - ok
22:06:08.0567 0484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:06:08.0691 0484 WdiServiceHost - ok
22:06:08.0696 0484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:06:08.0730 0484 WdiSystemHost - ok
22:06:08.0759 0484 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:06:08.0824 0484 WebClient - ok
22:06:08.0858 0484 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:06:08.0954 0484 Wecsvc - ok
22:06:08.0988 0484 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:06:09.0074 0484 wercplsupport - ok
22:06:09.0113 0484 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:06:09.0184 0484 WerSvc - ok
22:06:09.0218 0484 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:06:09.0286 0484 WfpLwf - ok
22:06:09.0322 0484 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:06:09.0341 0484 WIMMount - ok
22:06:09.0381 0484 WinDefend - ok
22:06:09.0394 0484 WinHttpAutoProxySvc - ok
22:06:09.0472 0484 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:06:09.0559 0484 Winmgmt - ok
22:06:09.0626 0484 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:06:09.0733 0484 WinRM - ok
22:06:09.0810 0484 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:06:09.0871 0484 WinUsb - ok
22:06:09.0925 0484 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:06:10.0002 0484 Wlansvc - ok
22:06:10.0058 0484 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:06:10.0086 0484 wlcrasvc - ok
22:06:10.0181 0484 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:06:10.0271 0484 wlidsvc - ok
22:06:10.0305 0484 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:06:10.0367 0484 WmiAcpi - ok
22:06:10.0419 0484 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:06:10.0471 0484 wmiApSrv - ok
22:06:10.0507 0484 WMPNetworkSvc - ok
22:06:10.0538 0484 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:06:10.0560 0484 WPCSvc - ok
22:06:10.0579 0484 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:06:10.0606 0484 WPDBusEnum - ok
22:06:10.0632 0484 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:06:10.0699 0484 ws2ifsl - ok
22:06:10.0713 0484 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:06:10.0770 0484 wscsvc - ok
22:06:10.0775 0484 WSearch - ok
22:06:10.0841 0484 [ C07FFEAB4E6CE0ED2808417D1336063F ] WTGService C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
22:06:10.0879 0484 WTGService - ok
22:06:10.0958 0484 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:06:11.0050 0484 wuauserv - ok
22:06:11.0089 0484 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:06:11.0143 0484 WudfPf - ok
22:06:11.0191 0484 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:06:11.0242 0484 WUDFRd - ok
22:06:11.0275 0484 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:06:11.0327 0484 wudfsvc - ok
22:06:11.0370 0484 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:06:11.0435 0484 WwanSvc - ok
22:06:11.0498 0484 ================ Scan global ===============================
22:06:11.0520 0484 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:06:11.0578 0484 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:06:11.0590 0484 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:06:11.0625 0484 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:06:11.0662 0484 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:06:11.0669 0484 [Global] - ok
22:06:11.0671 0484 ================ Scan MBR ==================================
22:06:11.0681 0484 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:06:13.0082 0484 \Device\Harddisk0\DR0 - ok
22:06:13.0083 0484 ================ Scan VBR ==================================
22:06:13.0088 0484 [ D246A2729E8F52772B8E506EF16319EC ] \Device\Harddisk0\DR0\Partition1
22:06:13.0092 0484 \Device\Harddisk0\DR0\Partition1 - ok
22:06:13.0126 0484 [ 41947657748AC23D57B48B225EC76B4D ] \Device\Harddisk0\DR0\Partition2
22:06:13.0128 0484 \Device\Harddisk0\DR0\Partition2 - ok
22:06:13.0164 0484 [ D54646AA94E32F7D6088EAD596509D19 ] \Device\Harddisk0\DR0\Partition3
22:06:13.0166 0484 \Device\Harddisk0\DR0\Partition3 - ok
22:06:13.0167 0484 ============================================================
22:06:13.0167 0484 Scan finished
22:06:13.0167 0484 ============================================================
22:06:13.0185 5604 Detected object count: 0
22:06:13.0185 5604 Actual detected object count: 0
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-13 21:44:31
-----------------------------
21:44:31.890 OS Version: Windows x64 6.1.7601 Service Pack 1
21:44:31.890 Number of processors: 4 586 0x2505
21:44:31.892 ComputerName: LUCAS-THINK UserName: Lucas
21:44:33.631 Initialize success
21:48:24.913 AVAST engine defs: 13011301
21:48:58.133 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:48:58.138 Disk 0 Vendor: TOSHIBA_ GJ10 Size: 476940MB BusType: 3
21:48:58.181 Disk 0 MBR read successfully
21:48:58.187 Disk 0 MBR scan
21:48:58.212 Disk 0 Windows VISTA default MBR code
21:48:58.218 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2
21:48:58.249 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465738 MB offset 2457650
21:48:58.285 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956289100
21:48:58.330 Disk 0 scanning C:\Windows\system32\drivers
21:49:09.703 Service scanning
21:49:45.699 Modules scanning
21:49:45.719 Disk 0 trace - called modules:
21:49:45.754 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:49:46.094 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c58060]
21:49:46.105 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800498e040]
21:49:46.114 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800498f050]
21:49:47.664 AVAST engine scan C:\Windows
21:49:49.908 AVAST engine scan C:\Windows\system32
21:52:46.240 AVAST engine scan C:\Windows\system32\drivers
21:53:00.687 AVAST engine scan C:\Users\Lucas
21:58:15.061 AVAST engine scan C:\ProgramData
21:59:40.366 Scan finished successfully
22:02:13.313 Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"
22:02:13.325 The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"
|
|
13.01.2013, 22:29
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 18:14
| #9 |
| | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up'sCode:
ATTFilter ComboFix 13-01-14.01 - Lucas 14.01.2013 17:21:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3893.2450 [GMT 1:00]
ausgeführt von:: c:\users\Lucas\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lucas\AppData\Roaming\Love
c:\users\Lucas\AppData\Roaming\Love\mari0\options.txt
Q:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-14 bis 2013-01-14 ))))))))))))))))))))))))))))))
.
.
2013-01-14 16:33 . 2013-01-14 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-12 13:46 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-25 19:09 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-25 19:09 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-25 19:09 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-25 19:09 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 16:57 . 2012-11-14 05:59 85504 ----a-w- c:\windows\system32\jsproxy.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 16:02 . 2012-01-08 13:19 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-11 13:50 . 2012-12-10 17:43 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 13:50 . 2012-12-10 17:43 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-11 09:08 . 2012-12-11 09:08 47496 ----a-w- c:\windows\system32\sbbd.exe
2012-12-11 09:08 . 2012-12-11 09:08 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2012-12-10 19:05 . 2012-12-10 19:05 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-12-10 19:05 . 2012-12-10 19:05 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-12-07 17:42 . 2012-12-07 17:42 8523344 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-11-30 04:45 . 2013-01-12 13:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-16 19:17 . 2012-12-10 17:43 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-09 05:45 . 2012-12-14 18:40 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-14 18:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 17:24 . 2012-12-07 17:38 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BA97CF4-A1FF-45E8-84E3-8153CC16E150}\mpengine.dll
2012-11-04 12:17 . 2012-11-04 12:17 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 12:17 . 2011-11-15 21:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-02 05:59 . 2012-12-14 18:39 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-14 18:39 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-30 22:50 . 2012-05-27 14:22 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41 87448 ----a-w- c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
.
c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-7-6 1086240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;d:\aida64 extreme edition\kerneld.x64 [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [2011-11-15 112896]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2011-11-15 116224]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-24 75112]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-13 1255736]
R4 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-11 14456]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-07 1236368]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2012-01-04 329168]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-04-28 161664]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-07-30 947816]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-15 21:22]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-15 21:22]
.
2013-01-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
2013-01-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - ExtSQL: 2012-12-07 18:46; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-07 18:46; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-08 20:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-08 20:09; {64161300-e22b-11db-8314-0800200c9a66}; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2012-12-08 20:09; firefox@ghostery.com; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-12-11 10:08; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-12-11 10:08; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-69155765.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-RD - c:\program files (x86)\d-lusion\DT\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\d:\aida64 extreme edition\kerneld.x64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-14 17:54:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-01-14 16:54
.
Vor Suchlauf: 11 Verzeichnis(se), 242.929.192.960 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 242.504.839.168 Bytes frei
.
- - End Of File - - 815686204D580C72DDCFCE7083B638C7
|
|
14.01.2013, 22:05
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.01.2013, 17:17
| #11 |
| | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's Hallo! Nachdem ich ComboFix ausgeführt habe ist keines der Symptome mehr aufgetreten, auch nicht das merkwürdige nicht sichtbare Feld, das sonst wirklich immer da war! Daher also schon mal vielen, vielen Dank. Hier trotzdem noch die adwCleaner-File: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 15/01/2013 um 17:11:36 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lucas - LUCAS-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lucas\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\adawaretb
Ordner Gefunden : C:\Program Files (x86)\Crawler
Ordner Gefunden : C:\Program Files (x86)\wxDfast
Ordner Gefunden : C:\ProgramData\blekko toolbars
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\Lucas\AppData\LocalLow\adawaretb
Ordner Gefunden : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\adawaretb
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Lucas\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [5517 octets] - [15/01/2013 17:11:36]
########## EOF - C:\AdwCleaner[R1].txt - [5577 octets] ##########
|
|
16.01.2013, 11:42
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.01.2013, 17:57
| #13 |
| | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up'sCode:
ATTFilter # AdwCleaner v2.105 - Datei am 16/01/2013 um 17:39:01 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lucas - LUCAS-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lucas\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\Program Files (x86)\Crawler
Ordner Gelöscht : C:\Program Files (x86)\wxDfast
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Lucas\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\adawaretb
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/ --> hxxp://www.google.com
-\\ Mozilla Firefox v17.0.1 (de)
Datei : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\prefs.js
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\Lucas\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [5634 octets] - [15/01/2013 17:11:36]
AdwCleaner[R2].txt - [5694 octets] - [16/01/2013 17:38:12]
AdwCleaner[S1].txt - [5035 octets] - [16/01/2013 17:39:01]
########## EOF - C:\AdwCleaner[S1].txt - [5095 octets] ##########
Code:
ATTFilter OTL logfile created on: 16.01.2013 17:43:05 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lucas\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 64,61% Memory free 7,60 Gb Paging File | 6,11 Gb Available in Paging File | 80,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,82 Gb Total Space | 225,32 Gb Free Space | 49,54% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 2,46 Gb Free Space | 25,24% Space Free | Partition Type: NTFS Computer Name: LUCAS-THINK | User Name: Lucas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Lucas\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) PRC - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe () PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.) SRV - (WTGService) -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe () SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (ewsercd) -- C:\Windows\SysNative\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS () DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV - (hwusbfake) -- C:\Windows\SysWOW64\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (ewsercd) -- C:\Windows\SysWOW64\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\..\SearchScopes\{C4CDF737-FB25-4A13-A592-629EAFF0720C}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.2 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.12 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 10:08:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 10:08:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.27 09:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\Extensions [2013.01.12 14:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions [2012.12.11 10:08:04 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013.01.12 14:57:50 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\firefox@ghostery.com [2012.12.11 10:08:06 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013.01.12 14:57:47 | 000,281,667 | ---- | M] () (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\f6j4nnvl.default-1354993378265\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.12.08 20:07:23 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\f6j4nnvl.default-1354993378265\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.07 18:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.07 18:46:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.07 18:46:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.07 18:46:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 22:44:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 14:43:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.28 22:44:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.28 22:44:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.28 22:44:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.28 22:44:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.01.14 17:33:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F27C7B4B-CA84-4486-B06A-5854B3AA7984}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.14 17:55:13 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.14 17:36:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.01.14 17:11:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.14 17:11:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.14 17:11:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.14 17:11:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.14 17:11:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.13 20:36:12 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\mbar ========== Files - Modified Within 30 Days ========== [2013.01.16 17:48:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.16 17:48:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.16 17:46:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.01.16 17:41:31 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.01.16 17:41:18 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.16 17:40:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.16 17:40:48 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys [2013.01.16 17:39:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.01.15 21:44:18 | 000,076,836 | ---- | M] () -- C:\Users\Lucas\Desktop\6335698_700b.jpg [2013.01.15 21:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.14 17:33:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.13 22:02:13 | 000,000,512 | ---- | M] () -- C:\Users\Lucas\Desktop\MBR.dat [2013.01.13 13:54:26 | 000,173,653 | ---- | M] () -- C:\Users\Lucas\Desktop\6320199_700b.jpg [2013.01.12 21:10:45 | 000,042,317 | ---- | M] () -- C:\Users\Lucas\Desktop\6310516_700b.jpg [2013.01.12 18:26:48 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.12 17:05:44 | 001,522,246 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.12 17:05:44 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.12 17:05:44 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.12 17:05:44 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.12 17:05:44 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.12 14:52:05 | 000,365,568 | ---- | M] () -- C:\Users\Lucas\Desktop\gmer-2.0.18444.exe [2013.01.12 14:48:49 | 000,000,000 | ---- | M] () -- C:\Users\Lucas\defogger_reenable ========== Files Created - No Company Name ========== [2013.01.15 21:44:18 | 000,076,836 | ---- | C] () -- C:\Users\Lucas\Desktop\6335698_700b.jpg [2013.01.14 17:11:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.14 17:11:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.14 17:11:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.14 17:11:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.14 17:11:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.13 22:02:13 | 000,000,512 | ---- | C] () -- C:\Users\Lucas\Desktop\MBR.dat [2013.01.13 13:54:25 | 000,173,653 | ---- | C] () -- C:\Users\Lucas\Desktop\6320199_700b.jpg [2013.01.12 21:10:44 | 000,042,317 | ---- | C] () -- C:\Users\Lucas\Desktop\6310516_700b.jpg [2013.01.12 14:52:04 | 000,365,568 | ---- | C] () -- C:\Users\Lucas\Desktop\gmer-2.0.18444.exe [2013.01.12 14:48:49 | 000,000,000 | ---- | C] () -- C:\Users\Lucas\defogger_reenable [2012.09.13 07:05:28 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.02.03 17:34:47 | 000,000,127 | ---- | C] () -- C:\Users\Lucas\wxDownloadFast.ini [2011.11.19 19:37:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.11.19 19:37:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.11.19 19:37:11 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.11.19 19:37:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.15 16:02:43 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.22 10:15:10 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.07.19 11:13:10 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.07.19 11:13:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.07.19 11:13:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.07.19 11:13:09 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.07.19 11:13:09 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.27 13:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft [2012.12.11 16:27:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Ad-Aware Antivirus [2012.04.11 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\AVG2012 [2012.02.24 01:13:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\calibre [2011.12.27 16:55:41 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DarkWave Studio [2012.01.24 20:39:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Foxit Software [2012.02.21 23:01:12 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Image-Line [2012.09.28 20:37:46 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\IObit [2011.11.15 11:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Leadertech [2011.11.15 11:31:30 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Lenovo [2012.01.26 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\OpenOffice.org [2011.11.18 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Opera [2012.10.31 19:49:53 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SoftGrid Client [2012.05.26 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Spyware Terminator [2012.02.22 00:09:35 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SynthMaker [2011.11.15 16:03:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TP [2012.03.16 18:45:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TrueCrypt [2012.09.02 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Verbindungsassistent [2012.01.17 11:20:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\www.rene-zeidler.de ========== Purity Check ========== < End of report > |
|
17.01.2013, 11:29
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up'sFixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\..\SearchScopes\{C4CDF737-FB25-4A13-A592-629EAFF0720C}: "URL" = http://search.chatzum.com/?q={searchTerms}
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Files
C:\Users\Lucas\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.01.2013, 17:31
| #15 |
| | Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's Bevor OTL verkündete, das ein Neustart erforderlich ist, tauchte noch ein Fenster auf. Es sagte "Ein ernsthafter Fehler ist aufgetreten. De Computer wird in einer Minute neu gestartet. Speichern sie jetzt ihre Daten." Danach lief aber alles so wie es sollte. Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4CDF737-FB25-4A13-A592-629EAFF0720C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CDF737-FB25-4A13-A592-629EAFF0720C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
C:\Users\Lucas\Desktop\MBR.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lucas\Desktop\cmd.bat deleted successfully.
C:\Users\Lucas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Lucas
->Temp folder emptied: 106863 bytes
->Temporary Internet Files folder emptied: 4536356 bytes
->Java cache emptied: 2764978 bytes
->FireFox cache emptied: 6285753 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1080 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29041 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 299609 bytes
RecycleBin emptied: 5694 bytes
Total Files Cleaned = 13,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 01172013_172056
Files\Folders moved on Reboot...
C:\Users\Lucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
| Themen zu Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's |
| ad-aware, antivirus, autorun, avast, avira, bho, bingbar, browser, desktop, explorer, fehler, firefox, helper, home, lenovo, logfile, mozilla, plug-in, problem, pwmtr64v.dll, realtek, registry, rundll, scan, security, software, spyware, system, temp, trojaner-board |
Textbox. 
Hybrid-Darstellung
