| |
| |||||||
Log-Analyse und Auswertung: ADWARE/Adware.Gen7 Datei einfach löschen?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.05.2013, 21:41
| #1 |
| |  ADWARE/Adware.Gen7 Datei einfach löschen? Hallo, Avira hat die Datei ADWARE/Adware.Gen7 gefunden. In der Setup.exe von Firefox. Reicht es die Datei einfach zu löschen? Nachdem ich mir den Thread zu dem Thema auf diesem Forum durchgelesen habe, bin ich etwas verunsichert. Eigentlich geht soweit alles, Avira hat die Datei in Quarantäne gestellt und meckert nicht weiter. Ich habe trotzdem mal die logs von OTL und GMER reinkopiert. Danke schonmal AB OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 13.05.2013 13:43:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\a\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,70 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 78,53% Memory free 15,41 Gb Paging File | 13,27 Gb Available in Paging File | 86,11% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 144,54 Gb Total Space | 81,43 Gb Free Space | 56,33% Space Free | Partition Type: NTFS Drive D: | 29,80 Gb Total Space | 1,33 Gb Free Space | 4,46% Space Free | Partition Type: FAT32 Drive Q: | 13,67 Gb Total Space | 3,27 Gb Free Space | 23,88% Space Free | Partition Type: NTFS Computer Name: THINK | User Name: a | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.13 11:06:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe PRC - [2013.05.07 20:55:52 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.19 20:41:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.04.19 20:40:23 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.04.17 13:02:54 | 000,155,864 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe PRC - [2013.04.17 13:02:50 | 000,032,480 | ---- | M] (Macheen) -- C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe PRC - [2013.01.16 13:05:24 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe PRC - [2012.06.01 21:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe PRC - [2012.06.01 21:49:00 | 000,290,160 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe PRC - [2012.06.01 21:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2012.06.01 21:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2012.05.30 19:31:16 | 000,420,960 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2012.05.30 19:29:30 | 000,367,712 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2012.05.30 19:29:16 | 000,273,504 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2012.05.30 19:29:14 | 000,134,240 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2012.05.15 23:32:00 | 001,662,560 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE PRC - [2012.05.15 23:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe PRC - [2012.05.15 17:45:22 | 000,065,336 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe PRC - [2012.04.19 01:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe PRC - [2012.04.10 13:37:52 | 000,275,320 | ---- | M] () -- C:\Program Files (x86)\Integrated Camera\Monitor.exe PRC - [2012.02.28 10:20:58 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.28 10:20:56 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.28 10:20:40 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.26 20:01:56 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.03 11:30:06 | 000,655,400 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe PRC - [2012.01.25 09:44:56 | 000,567,360 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011.12.29 12:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe ========== Modules (No Company Name) ========== MOD - [2013.04.25 12:10:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll MOD - [2013.04.25 12:10:23 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll MOD - [2013.04.25 12:09:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.04.23 13:01:37 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013.04.23 13:00:29 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll MOD - [2013.04.23 12:59:23 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013.04.23 10:25:19 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013.04.23 10:24:21 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.04.23 10:24:15 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013.04.23 10:23:48 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.04.23 10:23:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.04.23 10:23:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.04.23 10:23:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.04.23 10:23:04 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.02.15 05:19:00 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2013.02.15 05:18:17 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2012.04.10 13:37:52 | 000,275,320 | ---- | M] () -- C:\Program Files (x86)\Integrated Camera\Monitor.exe MOD - [2010.11.21 05:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.02.29 08:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.05 14:25:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.23 13:00:11 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.19 20:41:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.04.19 20:40:23 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.04.17 13:02:50 | 000,032,480 | ---- | M] (Macheen) [Auto | Running] -- C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe -- (MacheenService) SRV - [2013.02.04 10:26:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2013.01.16 13:05:24 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe -- (WebUpdate4) SRV - [2012.06.01 21:49:06 | 000,179,568 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM) SRV - [2012.06.01 21:48:58 | 000,061,296 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2012.06.01 21:48:38 | 000,058,224 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2012.05.30 19:29:16 | 000,273,504 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2012.05.30 19:29:14 | 000,134,240 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2012.05.29 16:27:14 | 000,144,992 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV - [2012.05.24 00:15:08 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2) SRV - [2012.05.15 23:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc) SRV - [2012.05.15 23:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2012.05.15 23:32:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2012.04.19 01:15:38 | 000,084,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService) SRV - [2012.04.01 13:21:52 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2012.03.28 17:06:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.02.28 10:20:58 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.28 10:20:56 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.28 10:20:40 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.26 06:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2012.02.26 06:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2012.02.26 06:07:32 | 000,626,960 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2012.02.26 06:07:26 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2012.02.03 11:30:06 | 000,655,400 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.12.29 12:20:42 | 000,144,960 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2011.07.12 09:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2011.07.12 09:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV - [2011.07.12 09:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.19 20:41:30 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.04.19 20:41:30 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.19 20:41:30 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.15 05:28:29 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.05 15:43:24 | 000,443,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.07.05 15:43:24 | 000,027,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012.05.29 15:40:30 | 000,098,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LenLan.sys -- (LenLan) DRV:64bit: - [2012.05.22 04:17:44 | 003,056,248 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv) DRV:64bit: - [2012.05.15 23:32:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64) DRV:64bit: - [2012.05.15 23:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2012.04.19 18:36:26 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2012.04.19 18:36:26 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2012.04.01 04:52:30 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2012.04.01 04:52:26 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2012.04.01 04:52:24 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums) DRV:64bit: - [2012.03.19 09:32:02 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.03.05 13:29:42 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2012.03.05 13:29:40 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2012.02.29 08:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2012.02.26 20:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.26 20:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.26 20:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.20 13:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012.02.09 09:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT) DRV:64bit: - [2012.02.01 09:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.01.13 11:08:42 | 000,102,440 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps) DRV:64bit: - [2011.12.26 11:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.12.08 23:06:07 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.12.08 23:06:07 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.12.07 19:59:52 | 000,027,432 | ---- | M] (ThinkVantage Communications Utility) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvtvcamd.sys -- (tvtvcamd) DRV:64bit: - [2011.12.07 11:54:20 | 000,282,152 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2011.12.05 21:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.09 18:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.05 12:38:32 | 000,029,736 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2011.10.05 12:38:30 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2011.09.17 02:38:52 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2011.08.22 16:47:50 | 000,483,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2011.08.22 16:47:50 | 000,430,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV:64bit: - [2011.08.22 16:47:50 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2011.08.22 16:47:44 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV:64bit: - [2011.05.29 12:48:04 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C) DRV:64bit: - [2011.05.25 18:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2012.03.26 17:07:06 | 000,033,344 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE) DRV - [2011.05.30 19:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE534 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013.02.14 20:49:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP2X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2013.02.14 20:49:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.23 13:00:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.05.04 13:44:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.23 13:00:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.22 08:58:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions [2013.04.23 13:00:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.23 13:00:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.04.23 13:00:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.23 13:00:06 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [Integrated Camera_Monitor] C:\Program Files (x86)\Integrated Camera\monitor.exe () O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [MobileAccess] C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe (Lenovo) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F374502-E862-425C-A4FA-4859F329EE4C}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84AF2893-50C2-4977-A2A4-878E2431DD5D}: NameServer = 195.230.105.134 195.230.105.135 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB69B297-07C8-4CCF-9EF6-F7F5471E1BED}: DhcpNameServer = 172.168.12.2 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.08.04 18:13:52 | 000,000,110 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2011.12.15 05:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{334a5027-76d5-11e2-a00c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{334a5027-76d5-11e2-a00c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011.12.15 05:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.13 13:42:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe [2013.05.07 20:56:38 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 09:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.05.07 09:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.05.07 09:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.05.06 21:14:27 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\LibreOffice [2013.05.06 21:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0 [2013.05.06 21:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0 [2013.05.05 20:10:03 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Macromedia [2013.05.05 14:25:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.05.05 14:25:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.05.05 14:17:49 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\VeriSign [2013.05.05 14:17:49 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Google [2013.05.04 22:13:35 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Apps [2013.05.04 20:37:16 | 000,000,000 | ---D | C] -- C:\Users\a\Daten [2013.05.04 13:44:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.05.03 21:59:40 | 000,000,000 | ---D | C] -- C:\ldiag [2013.04.26 14:48:31 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\FileOpen [2013.04.26 14:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen [2013.04.26 14:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Mobile Access [2013.04.26 14:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CompanyDir [2013.04.23 13:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.23 12:36:25 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Thunderbird [2013.04.23 12:36:25 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Thunderbird [2013.04.23 12:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.04.22 08:59:03 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Adobe [2013.04.22 08:58:47 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Mozilla [2013.04.22 08:58:47 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Mozilla [2013.04.22 08:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.04.22 08:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.04.19 20:49:40 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Avira [2013.04.19 20:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.04.19 20:44:09 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.19 20:44:09 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.19 20:44:09 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.04.19 20:44:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.04.19 20:44:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.04.18 09:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013.04.16 21:38:52 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\LSC [2013.04.16 21:30:08 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Adobe [2013.04.16 21:26:30 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\LSC [2013.04.16 21:19:19 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Nitro PDF [2013.04.16 21:14:13 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\PwrMgr [2013.04.16 21:13:47 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Lenovo [2013.04.16 21:13:46 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Broadcom [2013.04.16 21:13:46 | 000,000,000 | ---D | C] -- C:\Users\a\Documents\Bluetooth-Exchange-Ordner [2013.04.16 21:13:39 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Lenovo [2013.04.16 21:13:39 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Leadertech [2013.04.16 21:13:27 | 000,000,000 | R--D | C] -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.04.16 21:13:27 | 000,000,000 | R--D | C] -- C:\Users\a\Searches [2013.04.16 21:13:27 | 000,000,000 | R--D | C] -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.04.16 21:13:20 | 000,000,000 | R--D | C] -- C:\Users\a\Contacts [2013.04.16 21:13:20 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Identities [2013.04.16 21:12:24 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\VirtualStore [2013.04.16 21:10:56 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\MobileAccess [2013.04.16 21:10:09 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Absolute_Software [2013.04.16 21:09:53 | 000,000,000 | --SD | C] -- C:\Users\a\AppData\Roaming\Microsoft [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\Videos [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\Saved Games [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\Pictures [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\Music [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\Links [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\Favorites [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\Downloads [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\Documents [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\Desktop [2013.04.16 21:09:53 | 000,000,000 | R--D | C] -- C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Vorlagen [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\AppData\Local\Verlauf [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\AppData\Local\Temporary Internet Files [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Startmenü [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\SendTo [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Recent [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Netzwerkumgebung [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Lokale Einstellungen [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Documents\Eigene Videos [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Documents\Eigene Musik [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Eigene Dateien [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Documents\Eigene Bilder [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Druckumgebung [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Cookies [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\AppData\Local\Anwendungsdaten [2013.04.16 21:09:53 | 000,000,000 | -HSD | C] -- C:\Users\a\Anwendungsdaten [2013.04.16 21:09:53 | 000,000,000 | -H-D | C] -- C:\Users\a\AppData [2013.04.16 21:09:53 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Temp [2013.04.16 21:09:53 | 000,000,000 | ---D | C] -- C:\Users\a\Roaming [2013.04.16 21:09:53 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Local\Microsoft [2013.04.16 21:09:53 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Media Center Programs [2013.04.16 21:09:53 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Macromedia [2013.04.16 21:09:53 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Intel [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\Programme [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.04.16 21:09:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten ========== Files - Modified Within 30 Days ========== [2013.05.13 13:41:36 | 000,000,000 | ---- | M] () -- C:\Users\a\defogger_reenable [2013.05.13 13:40:41 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.13 13:40:41 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.13 13:40:41 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.13 13:40:41 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.13 13:40:41 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.13 13:39:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.13 13:39:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.13 11:06:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe [2013.05.13 10:41:34 | 000,034,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 10:41:34 | 000,034,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.13 10:33:41 | 1909,112,831 | -HS- | M] () -- C:\hiberfil.sys [2013.05.12 19:21:35 | 000,000,487 | ---- | M] () -- C:\ProgramData\LastUpdate.xml [2013.05.12 19:21:34 | 000,000,031 | ---- | M] () -- C:\Windows\WebUpdateSvc4.INI [2013.05.07 20:56:17 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.07 09:45:01 | 000,322,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.06 21:13:45 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk [2013.05.04 21:54:53 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.05.04 03:04:04 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.04 03:04:04 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.22 08:55:50 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.19 20:41:30 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.19 20:41:30 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.19 20:41:30 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.04.19 12:39:58 | 000,005,560 | ---- | M] () -- C:\Users\a\AppData\Roaming\AbsoluteReminder.xml [2013.04.17 05:06:35 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.04.17 05:06:35 | 000,055,513 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.04.16 21:10:19 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\drivers\17AA_Lenovo_ThinkPad_X1_Carbon_3460_82G.MRK [2013.04.16 21:09:55 | 000,000,000 | ---- | M] () -- C:\Windows\firstboot.dat ========== Files Created - No Company Name ========== [2013.05.13 13:41:36 | 000,000,000 | ---- | C] () -- C:\Users\a\defogger_reenable [2013.05.06 21:13:45 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk [2013.05.05 14:25:20 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.04 21:54:53 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2013.05.04 13:44:04 | 000,002,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.05.04 03:04:04 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.04 03:04:04 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.04.23 09:44:21 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.04.22 09:09:25 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.04.22 08:55:50 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.22 08:55:50 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.16 21:13:10 | 000,000,487 | ---- | C] () -- C:\ProgramData\LastUpdate.xml [2013.04.16 21:13:10 | 000,000,031 | ---- | C] () -- C:\Windows\WebUpdateSvc4.INI [2013.04.16 21:10:09 | 000,005,560 | ---- | C] () -- C:\Users\a\AppData\Roaming\AbsoluteReminder.xml [2013.04.16 21:09:55 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2013.02.14 20:42:58 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2013.02.14 20:42:58 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2013.02.14 20:42:58 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2013.02.14 20:42:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2013.02.14 20:42:08 | 000,035,404 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2013.02.14 20:42:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2012.05.07 03:41:50 | 000,002,272 | ---- | C] () -- C:\Windows\remove.ini [2012.03.09 09:52:30 | 000,291,704 | ---- | C] () -- C:\Windows\SysWow64\VCamPPage.dll [2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012.01.13 08:31:48 | 000,002,882 | ---- | C] () -- C:\Windows\Dext_18.ini [2012.01.13 08:22:52 | 000,003,672 | ---- | C] () -- C:\Windows\Dext_01.ini [2012.01.13 08:12:44 | 000,004,116 | ---- | C] () -- C:\Windows\Dext_10.ini [2012.01.13 08:03:38 | 000,004,022 | ---- | C] () -- C:\Windows\Dext_22.ini [2012.01.13 06:32:10 | 000,004,006 | ---- | C] () -- C:\Windows\Dext_1046.ini [2012.01.13 06:00:06 | 000,003,944 | ---- | C] () -- C:\Windows\Dext_19.ini [2012.01.13 05:52:44 | 000,004,196 | ---- | C] () -- C:\Windows\Dext_11.ini [2012.01.13 05:46:14 | 000,003,952 | ---- | C] () -- C:\Windows\Dext_16.ini [2012.01.13 05:40:18 | 000,003,762 | ---- | C] () -- C:\Windows\Dext_29.ini [2012.01.13 05:29:04 | 000,004,196 | ---- | C] () -- C:\Windows\Dext_21.ini [2012.01.13 05:05:00 | 000,004,168 | ---- | C] () -- C:\Windows\Dext_12.ini [2012.01.13 04:56:18 | 000,002,900 | ---- | C] () -- C:\Windows\Dext_17.ini [2012.01.13 04:47:12 | 000,004,062 | ---- | C] () -- C:\Windows\Dext_36.ini [2012.01.13 04:39:22 | 000,004,188 | ---- | C] () -- C:\Windows\Dext_27.ini [2012.01.13 04:28:28 | 000,004,082 | ---- | C] () -- C:\Windows\Dext_05.ini [2012.01.13 04:19:50 | 000,003,916 | ---- | C] () -- C:\Windows\Dext_20.ini [2012.01.12 11:44:40 | 000,003,928 | ---- | C] () -- C:\Windows\Dext_07.ini [2012.01.12 11:27:16 | 000,004,038 | ---- | C] () -- C:\Windows\Dext_08.ini [2012.01.12 11:18:14 | 000,003,622 | ---- | C] () -- C:\Windows\Dext_13.ini [2012.01.12 11:06:22 | 000,004,098 | ---- | C] () -- C:\Windows\Dext_31.ini [2012.01.12 10:55:16 | 000,004,100 | ---- | C] () -- C:\Windows\Dext_14.ini [2012.01.12 10:47:08 | 000,004,178 | ---- | C] () -- C:\Windows\Dext_25.ini [2012.01.12 10:39:06 | 000,003,940 | ---- | C] () -- C:\Windows\Dext_06.ini [2012.01.12 10:38:44 | 000,002,792 | ---- | C] () -- C:\Windows\Dext_2052.ini [2012.01.12 10:38:36 | 000,003,006 | ---- | C] () -- C:\Windows\Dext_04.ini [2012.01.12 10:37:54 | 000,003,640 | ---- | C] () -- C:\Windows\Dext_09.ini [2012.01.03 12:01:30 | 000,014,482 | ---- | C] () -- C:\Windows\TWAIN2080.ini [2012.01.03 11:25:36 | 000,097,192 | ---- | C] () -- C:\Windows\un_dext.exe [2012.01.03 11:25:26 | 000,087,928 | ---- | C] () -- C:\Windows\SPRemove_x64.exe ========== ZeroAccess Check ========== [2010.01.05 13:55:24 | 000,005,044 | ---- | M] () -- C:\Users\a\Daten\Mozilla\chwp677p.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}\skin\L.png [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.26 14:48:31 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FileOpen [2013.04.16 21:13:39 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Leadertech [2013.04.16 21:59:49 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Lenovo [2013.05.06 21:14:27 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\LibreOffice [2013.04.16 21:26:30 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\LSC [2013.05.13 10:36:44 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Nitro PDF [2013.04.16 21:14:13 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\PwrMgr [2013.04.23 12:36:25 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > OTL extrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.05.2013 13:43:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\a\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,70 Gb Total Physical Memory | 6,05 Gb Available Physical Memory | 78,53% Memory free
15,41 Gb Paging File | 13,27 Gb Available in Paging File | 86,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,54 Gb Total Space | 81,43 Gb Free Space | 56,33% Space Free | Partition Type: NTFS
Drive D: | 29,80 Gb Total Space | 1,33 Gb Free Space | 4,46% Space Free | Partition Type: FAT32
Drive Q: | 13,67 Gb Total Space | 3,27 Gb Free Space | 23,88% Space Free | Partition Type: NTFS
Computer Name: THINK | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1369A765-1343-4E1D-8235-B1768ECEF2A5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{14F884C8-C341-47DE-8D7D-7B49F8D46B7B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16439A1A-8BA3-4AA1-893F-D640C059C6B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17C7F0C2-B726-4A87-8598-4C4CEFBB6683}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2BABE04A-DF76-438E-BB4E-682B4ADADFA5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{30AA2673-047C-4276-A6F0-E3E9C3943E2C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{5874F801-3D95-4BF3-B85E-261079C2A204}" = rport=137 | protocol=17 | dir=out | app=system |
"{6303A85C-E713-4155-A660-299B5D7C817A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6DB62FCF-02D6-4B40-BCF6-8209229915E6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6FB91CD3-8606-4C60-888B-E8B58A413EC7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{70950D8D-72B0-482A-AF70-AE430156B040}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7848DF41-3A1A-498C-9AFC-7D902CDB2A7D}" = lport=138 | protocol=17 | dir=in | app=system |
"{9DC655C8-3827-4398-AA67-18744711F203}" = rport=138 | protocol=17 | dir=out | app=system |
"{C0584EBF-A6FD-4705-8FE5-078E2D03D7F7}" = rport=445 | protocol=6 | dir=out | app=system |
"{D59029E8-7AD9-4057-B3AB-17A532FEC82C}" = lport=139 | protocol=6 | dir=in | app=system |
"{D7AB2318-2CD9-4FCD-9814-8B66E833FF40}" = lport=445 | protocol=6 | dir=in | app=system |
"{DE5AC4D3-78EB-44B6-A1FB-DF66C3A813E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E4C3007C-1FFF-493E-A0FD-AB124D0DF6C7}" = rport=139 | protocol=6 | dir=out | app=system |
"{ED0ECF09-2B09-4B07-9994-D28B6BB9AF43}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0DFFB36-1471-4D31-8572-D5B5D4D09715}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F448FD29-9BE8-4004-B003-C79BCB5E7059}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FD597278-5649-4CAE-A21B-19E96970540D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD77A209-D9EE-496A-99A6-26104D754757}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09749BAB-761A-4A2A-828C-5147E1580DCF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1705BE8B-F484-4557-9A4D-5212BD91C632}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{17EFEA42-152B-430F-AE4D-328F8D184783}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FD859C1-3628-4F1C-BC03-C97E8C703DCF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{25C5B523-DB65-4714-BA1B-71EFE77EA4C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{387F9C7E-C71A-4200-A88E-D4E9BC055A3E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B8A5DF4-702C-4868-8548-0E6B8D862104}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3CA68B3B-5B06-4C41-8E2E-4A22163DC9DC}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{432675CB-05CD-42AF-81E0-785AE3BF60BA}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{43F880A2-DFF5-408E-8660-E04E03EDEF94}" = protocol=6 | dir=out | app=system |
"{4C4A4A6E-899F-4340-86D2-DB14DFE688BB}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{6893DCD8-D611-487E-BE4E-7FDA113B6845}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6E391C19-F38A-4B5B-A905-FCDD48B5E8D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6EFFA9C3-96D0-4504-ACB3-F716DFBEEA73}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6FA8BEA2-3073-40DD-8E91-DA4E6F356929}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71A4088F-3730-472B-908F-296839A620F8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{74F8862F-07A1-4B33-ADE0-9BB8F759DC14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C7574EC-76C0-4EAE-A867-508AB4D85150}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86001C6A-BACD-400F-8AEF-D52DCCD18471}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95104749-8D00-4D25-A363-3FF760407303}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1C971DA-5EBC-4FBE-BB24-D410BAC6AB07}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A356FECE-B760-42ED-8273-64C99386F707}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3A78B74-8CED-4369-ADBF-0576D7F07F9D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD304C77-48F9-462A-88FF-E9C700ACEE35}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C99F2411-F6AC-429F-9A95-929472B752FD}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{D75A267C-3C2F-417C-978B-BC1A9A0653ED}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{F92E5A24-2353-46EF-B9E0-41C055C3D21D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FB472114-8FEF-45D4-A56D-23B87F742A51}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{36710189-55DF-4D75-8B6A-523CC61B7047}" = Nitro Pro 7
"{3849486C-FF09-4F5D-B491-3E179D58EE15}" = Message Center Plus
"{479016BF-5B8D-445F-BE15-A187F25D81C8}" = ThinkVantage Fingerprint Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DEFFC02-063C-4781-A371-077729F869B4}" = Lenovo Solution Center
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot Shield
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{728985C5-A04B-457C-9D62-15360F3EAF85}" = Intel(R) WiDi
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{BF601122-9F0A-41A9-BA06-3158D9FB4B80}" = Lenovo SimpleTap
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E97F409F-9E1C-42A0-B72D-765A78DF3696}" = Intel® PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0395D83D6A2C0E110509B9E80E9BC5F29238FA82" = Windows-Treiberpaket - Synaptics (SynTP) Mouse (07/05/2012 16.2.5.0)
"09839A9B5EDA69DA2DCC34637B5140AAF8A53B44" = Windows-Treiberpaket - Intel System (01/11/2012 9.3.0.1020)
"8D1FA6162A87496A05284A0C76A3B76705965B62" = Windows-Treiberpaket - Intel (ISCT) System (08/23/2011 1.0.5.0)
"97EE1802A0385A37DE6323FA39EC76BEB2D73E41" = Windows-Treiberpaket - Intel USB (08/26/2011 9.3.0.1011)
"99334E0BAA64ED1D117794050F2AA7D3951D9A7D" = Windows-Treiberpaket - Synaptics (SmbDrv) System (07/05/2012 16.2.5.0)
"9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8" = Windows-Treiberpaket - Intel System (08/26/2011 9.3.0.1011)
"D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35" = Windows-Treiberpaket - Intel System (08/26/2011 9.3.0.1011)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"E3535F123E7F666D573665142F90D3E5004DC326" = Windows-Treiberpaket - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1062AD6C-80F4-4BC6-AB7C-A28892B497B8}" = LibreOffice 4.0.2.2
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update
"{29584513-DC7F-4EB9-8654-7C541DF0DDCE}" = Lenovo USB 2.0 Ethernet Adapter
"{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{40F4FF7A-B214-4453-B973-080B09CED019}" = Absolute Reminder
"{4DD171A1-70FB-48EE-8844-98A7AA4C8DCC}" = Lenovo Mobile Access
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E6E7725-C7BC-4C39-8B3F-14B67331A120}" = Lenovo Patch Utility
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A62AEB2B-E2A0-4E77-8AAE-9645FE3B5487}" = ThinkVantage Access Connections
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}" = Lenovo Mobile Broadband Activation
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{EA9640BE-414E-4195-B53B-7905BF1A5A09}" = Mobile Broadband Drivers
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SugarSync" = SugarSync Manager
"Sunplus SPUVCb" = Integrated Camera
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.04.2013 04:09:02 | Computer Name = THINK | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.04.2013 04:09:04 | Computer Name = THINK | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.04.2013 04:09:24 | Computer Name = THINK | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 19.04.2013 05:01:54 | Computer Name = THINK | Source = WinMgmt | ID = 10
Description =
Error - 19.04.2013 06:33:13 | Computer Name = THINK | Source = WinMgmt | ID = 10
Description =
Error - 19.04.2013 14:36:38 | Computer Name = THINK | Source = WinMgmt | ID = 10
Description =
Error - 22.04.2013 02:48:03 | Computer Name = THINK | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2013 03:54:55 | Computer Name = THINK | Source = MsiInstaller | ID = 11500
Description =
Error - 23.04.2013 04:17:28 | Computer Name = THINK | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2013 04:20:12 | Computer Name = THINK | Source = WinMgmt | ID = 10
Description =
[ Lenovo-Message Center Plus/Admin Events ]
Error - 04.05.2013 14:34:04 | Computer Name = THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt
Error - 04.05.2013 14:34:18 | Computer Name = THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt
Error - 04.05.2013 14:34:32 | Computer Name = THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt
Error - 07.05.2013 04:27:28 | Computer Name = THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt
Error - 07.05.2013 04:27:28 | Computer Name = THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt
Error - 07.05.2013 04:27:28 | Computer Name = THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Message = Der angegebene Host ist unbekannt -> Exception message:
Der angegebene Host ist unbekannt
[ System Events ]
Error - 23.04.2013 14:11:12 | Computer Name = THINK | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 25.04.2013 06:08:53 | Computer Name = THINK | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
Error - 25.04.2013 06:08:58 | Computer Name = THINK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler
beendet: %%16405
Error - 25.04.2013 06:16:56 | Computer Name = THINK | Source = Microsoft-Windows-FilterManager | ID = 3
Description = Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume5"
herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar.
Der letzte Status war "0xc03a001c".
Error - 03.05.2013 19:16:01 | Computer Name = THINK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062
Error - 03.05.2013 19:20:59 | Computer Name = THINK | Source = Microsoft-Windows-LanguagePackSetup | ID = 1003
Description = CBS-Fehler 0x8000ffff '' bei Verwendung des Benutzeroberflächen-Sprachpakets
für en-US.
Error - 03.05.2013 19:20:59 | Computer Name = THINK | Source = Microsoft-Windows-LanguagePackSetup | ID = 1043
Description = Das Sprachpaket für en-US kann von CBS nicht entfernt werden. Zurückgegebener
CBS-Fehlercode: 0x8000ffff.
Error - 03.05.2013 22:05:25 | Computer Name = THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 04.05.2013 14:38:21 | Computer Name = THINK | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht vergrößert werden kann.
Error - 04.05.2013 16:08:05 | Computer Name = THINK | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
< End of report >
und Gmer.txt GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-13 22:10:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 INTEL_SS rev.LE9i 167,68GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\a\AppData\Local\Temp\pxtdipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075131465 2 bytes [13, 75]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751314bb 2 bytes [13, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [1040:1508] 000007fefa3e59a0
Thread C:\Windows\System32\svchost.exe [1040:4120] 000007fef1cea2b0
Thread C:\Windows\System32\svchost.exe [1040:3540] 000007fef71188f8
Thread C:\Windows\System32\svchost.exe [1040:4988] 000007fef1083efc
Thread C:\Windows\System32\svchost.exe [1040:5488] 000007fef10c8a4c
Thread C:\Windows\System32\svchost.exe [1040:5452] 000007fee7a644e0
Thread C:\Windows\System32\svchost.exe [1040:6560] 000007fef03742c8
Thread C:\Windows\System32\svchost.exe [1040:4532] 000007fef88e5fd0
Thread C:\Windows\System32\svchost.exe [1040:4764] 000007fef88e63ec
Thread C:\Windows\System32\svchost.exe [1040:4508] 000007fee08514a0
Thread C:\Windows\system32\svchost.exe [1280:3968] 000007fee7eb034c
Thread C:\Windows\system32\svchost.exe [1280:5320] 000007fee7eafb90
Thread C:\Windows\system32\svchost.exe [1280:4188] 000007fef13c6ed4
Thread C:\Windows\system32\svchost.exe [1280:6932] 000007fef13c6b8c
Thread C:\Windows\System32\spoolsv.exe [1700:2044] 000007fef8b310c8
Thread C:\Windows\System32\spoolsv.exe [1700:736] 000007fef8af6144
Thread C:\Windows\System32\spoolsv.exe [1700:712] 000007fef88e5fd0
Thread C:\Windows\System32\spoolsv.exe [1700:1076] 000007fef88d3438
Thread C:\Windows\System32\spoolsv.exe [1700:1136] 000007fef88e63ec
Thread C:\Windows\System32\spoolsv.exe [1700:1088] 000007fef88d3438
Thread C:\Windows\System32\spoolsv.exe [1700:1196] 000007fef88e63ec
Thread C:\Windows\System32\spoolsv.exe [1700:1308] 000007fef8bc5e5c
Thread C:\Windows\system32\Dwm.exe [2116:2416] 000007fef814f0d8
Thread C:\Windows\system32\Dwm.exe [2116:2424] 000007fef766abf0
Thread C:\Windows\system32\svchost.exe [2304:2656] 000007fef88e5fd0
Thread C:\Windows\system32\svchost.exe [2304:2660] 000007fef88e63ec
Thread C:\Windows\system32\svchost.exe [2304:5964] 000007feeace8470
Thread C:\Windows\system32\svchost.exe [2304:5968] 000007feeacf2418
Thread C:\Windows\System32\WUDFHost.exe [1132:5276] 000007fef025bfac
Thread C:\Windows\system32\DllHost.exe [4984:5460] 000007fee83dae60
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6152:6292] 000007fee5b0cc10
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6152:6328] 000007fee59cb564
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [6152:4788] 000007fee59cb564
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{D4C0BDD2-D7C0-43B6-AA2B-8BEC325D3E37}\Connection@Name isatap.{48505D00-9431-43CF-95A5-8F8EA9DB75E1}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{D4C0BDD2-D7C0-43B6-AA2B-8BEC325D3E37}?\Device\{44FFCDE2-6CD6-46CC-BF40-ED6AE672D346}?\Device\{91B625BC-891D-4F4B-9F5B-B31C1F1069B8}?\Device\{AA49C4FB-DF88-42F3-A991-B7B9EC0FCC62}?\Device\{04FC11F5-83FC-4EB2-91C1-FF8C87C04CD6}?\Device\{2C627673-7987-4239-90A4-296FD3F998FA}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{D4C0BDD2-D7C0-43B6-AA2B-8BEC325D3E37}"?"{44FFCDE2-6CD6-46CC-BF40-ED6AE672D346}"?"{91B625BC-891D-4F4B-9F5B-B31C1F1069B8}"?"{AA49C4FB-DF88-42F3-A991-B7B9EC0FCC62}"?"{04FC11F5-83FC-4EB2-91C1-FF8C87C04CD6}"?"{2C627673-7987-4239-90A4-296FD3F998FA}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{D4C0BDD2-D7C0-43B6-AA2B-8BEC325D3E37}?\Device\TCPIP6TUNNEL_{44FFCDE2-6CD6-46CC-BF40-ED6AE672D346}?\Device\TCPIP6TUNNEL_{91B625BC-891D-4F4B-9F5B-B31C1F1069B8}?\Device\TCPIP6TUNNEL_{AA49C4FB-DF88-42F3-A991-B7B9EC0FCC62}?\Device\TCPIP6TUNNEL_{04FC11F5-83FC-4EB2-91C1-FF8C87C04CD6}?\Device\TCPIP6TUNNEL_{2C627673-7987-4239-90A4-296FD3F998FA}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f4b7e2f98b33
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D4C0BDD2-D7C0-43B6-AA2B-8BEC325D3E37}@InterfaceName isatap.{48505D00-9431-43CF-95A5-8F8EA9DB75E1}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{D4C0BDD2-D7C0-43B6-AA2B-8BEC325D3E37}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f4b7e2f98b33 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu ADWARE/Adware.Gen7 Datei einfach löschen? |
| 4d36e972-e325-11ce-bfc1-08002be10318, adobe, adware.gen7, adware/adware.gen7, antivir, autorun, dllhost.exe, error, fehler, flash player, format, helper, iexplore.exe, install.exe, logfile, löschen?, mozilla, msiinstaller, popup, pwmtr64v.dll, realtek, registry, rundll, scan, security, software, svchost.exe, symantec, tunnel, usb, windows |
Baum-Darstellung