| |
| |||||||
Log-Analyse und Auswertung: Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up'sWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
12.01.2013, 16:33
| #1 |
| |  Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's Hallo liebes Trojaner-Board, ich habe seit einiger Zeit ein Problem, das mich so sehr nervt, dass ich mich extra hier angemeldet habe. Es ist sogar mein erstes Malüberhaupt in einem Forum, daher bitte ich darum formale Fehler zu entschuldigen und mich darauf hinzuweisen. Nun zum Problem: Wenn ich surfe und auf Links klicke werde ich statt auf die gewünschte Seite auf irgendwelche Werbeseiten weitergeleitet, nachdem kurz der Text "The document has moved, redirecting" eingeblendet wurde. Das ist allerdings nicht alles. In unregelmäßigen Abständen poppt unten rechts ein Fenster auf, das ebenfalls auf ominöse Seiten verweist. Es sind keine "normalen" Pop-Up's, da sie erscheinen können,egal auf welcher Seite ich bin und sie kommen zu oft. Aber nun zum merkwürdigsten Symptom. Unten Links im Browser scheint permanent ein unsichtbares, rechteckiges Feld zu sein, welches alle dort befindlichen Links überlagert, d. h. ich kann diese nicht anklicken. Selten hat dieses Feld ein kleines x umes zu schliessen, dabei ist aber wirklich nur das x zu sehen. Ich weiss, es klingt komisch aber das sind die Symptome. Ich hatte das gleiche Problem, bis auf das unsichtbare Feld, schon einmal. Damals hatte ich noch kein Antiviren-Programm. Nachdem ich eines installiert (Avast) und ausgeführt hatte war das Problem behoben. Seit es nun wieder aufgetreten ist habe ich etliche Programme versucht aber nichts hat geholfen. Ich hoffe ihr könnt mir helfen. Da ich noch neu bin, weiss ich nicht wie man die Logs verstecken kann. Für einen Hinweis wäre ich dankbar. Hier die Gmer-File: GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-12 15:15:47 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GJ10 465,76GB Running: gmer-2.0.18444.exe; Driver: C:\Users\***\AppData\Local\Temp\fglcypod.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77] .text ... * 9 .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77] .text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77] ---- Threads - GMER 2.0 ---- Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4544] 00000000731de2db Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4624] 000000006de38de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4628] 000000006de38de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4632] 000000006de38de0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4636] 000000006de34e00 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808] 0000000075330000 ---- Registry - GMER 2.0 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52afe06b5c Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52afe06b5c@b0899132c151 0xC6 0x20 0x34 0xF4 ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78efffa7 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52afe06b5c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52afe06b5c@b0899132c151 0xC6 0x20 0x34 0xF4 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78efffa7 (not active ControlSet) ---- EOF - GMER 2.0 ---- OTL hat keine Extra.txt erstellt. Ich weiß nicht warum. Hier die OTL-File: OTL logfile created on: 12.01.2013 15:40:34 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,80 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 58,01% Memory free 7,60 Gb Paging File | 5,88 Gb Available in Paging File | 77,36% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,82 Gb Total Space | 225,85 Gb Free Space | 49,66% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 2,46 Gb Free Space | 25,24% Space Free | Partition Type: NTFS Computer Name: ***-THINK | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.14 20:10:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe PRC - [2012.12.11 14:50:00 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.11 14:49:20 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.11 14:49:19 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.07 18:23:02 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012.12.07 18:22:58 | 018,880,392 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe PRC - [2012.11.16 10:09:00 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe PRC - [2012.01.04 19:31:14 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.04.14 13:24:26 | 000,410,984 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2011.04.14 13:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2011.01.14 14:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2011.01.14 14:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe PRC - [2011.01.14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2010.07.06 13:22:22 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2010.04.07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2010.04.07 06:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.04.07 04:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2010.04.01 06:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2009.12.21 10:49:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009.11.24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2009.11.11 09:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe PRC - [2009.11.04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.01.26 13:36:35 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ========== Services (SafeList) ========== SRV:64bit: - [2011.02.01 13:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2011.01.13 13:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV - [2012.12.11 14:50:00 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.11 14:49:20 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.12.07 18:46:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.07 18:23:02 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2012.01.04 19:31:14 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2011.01.14 14:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2011.01.14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.24 19:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2010.07.06 13:22:22 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.04.07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2010.04.07 06:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.04.07 04:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.11.04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.11 14:50:07 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.11 14:50:07 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.12.11 10:08:59 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.03.16 18:10:19 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.15 11:15:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2011.11.15 11:15:24 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2011.11.15 11:15:24 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewsercd.sys -- (ewsercd) DRV:64bit: - [2011.11.14 08:48:16 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.07.19 20:52:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.07.19 20:52:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.05.19 20:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.02.01 13:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2011.01.13 13:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2011.01.13 13:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.08.24 19:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2010.07.30 10:13:04 | 000,947,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010.06.22 05:28:06 | 000,729,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.06.17 09:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.04.28 10:43:12 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:64bit: - [2010.04.13 01:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.04.08 16:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010.03.31 07:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.03.22 09:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.02.26 08:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.02 22:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.01.15 06:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.15 06:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.15 06:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.09.17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.07 07:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008.05.12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV - [2011.11.30 11:54:30 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2011.11.30 11:54:30 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewsercd.sys -- (ewsercd) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.12.13 11:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4} IE:64bit: - HKLM\..\SearchScopes\{7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/ IE - HKLM\..\SearchScopes,DefaultScope = {7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4} IE - HKLM\..\SearchScopes\{7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A0F6ADCF-40F4-11E1-8706-CC52AFE06B5C} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=101570&babsrc=SP_ss&mntrId=1a4b7a1b000000000000cc52afe06b5c IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms} IE - HKCU\..\SearchScopes\{C4CDF737-FB25-4A13-A592-629EAFF0720C}: "URL" = hxxp://search.chatzum.com/?q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQniHFOzJ&i=26 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A0F6ADCF-40F4-11E1-8706-CC52AFE06B5C} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul" FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.2 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.12 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 10:08:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 10:08:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.27 09:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.01.12 14:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions [2012.12.11 10:08:04 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013.01.12 14:57:50 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\firefox@ghostery.com [2012.12.11 10:08:06 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013.01.12 14:57:47 | 000,281,667 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f6j4nnvl.default-1354993378265\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2012.12.08 20:07:23 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f6j4nnvl.default-1354993378265\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.07 18:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.07 18:46:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.12.07 18:46:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.12.07 18:46:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 22:44:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 14:43:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.28 22:44:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.28 22:44:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.28 22:44:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.28 22:44:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.10 17:11:37 | 000,001,280 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 178.250.45.15 www.google-analytics.com. O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net. O1 - Hosts: 178.250.45.15 www.statcounter.com. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F27C7B4B-CA84-4486-B06A-5854B3AA7984}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{15e58d81-0f71-11e1-8a39-cc52afe06b5c}\Shell - "" = AutoRun O33 - MountPoints2\{15e58d81-0f71-11e1-8a39-cc52afe06b5c}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{34a401ff-b1ed-11e0-990c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{34a401ff-b1ed-11e0-990c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{95a9bbb2-fc1f-11e1-a34c-cc52afe06b5c}\Shell - "" = AutoRun O33 - MountPoints2\{95a9bbb2-fc1f-11e1-a34c-cc52afe06b5c}\Shell\AutoRun\command - "" = D:\pushinst.exe O33 - MountPoints2\{f04373b8-15f4-11e2-879c-cc52afe06b5c}\Shell - "" = AutoRun O33 - MountPoints2\{f04373b8-15f4-11e2-879c-cc52afe06b5c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.14 20:10:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe ========== Files - Modified Within 30 Days ========== [2013.01.12 15:36:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.01.12 15:34:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2013.01.12 15:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.12 15:14:43 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 15:14:43 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.12 15:06:48 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.01.12 15:06:33 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.12 15:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.12 15:06:07 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys [2013.01.12 14:52:05 | 000,365,568 | ---- | M] () -- C:\Users\Lucas\Desktop\gmer-2.0.18444.exe [2013.01.12 14:48:49 | 000,000,000 | ---- | M] () -- C:\Users\Lucas\defogger_reenable [2013.01.12 14:33:11 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.14 20:10:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe [2012.12.14 20:09:41 | 000,050,477 | ---- | M] () -- C:\Users\Lucas\Desktop\Defogger.exe ========== Files Created - No Company Name ========== [2013.01.12 14:52:04 | 000,365,568 | ---- | C] () -- C:\Users\Lucas\Desktop\gmer-2.0.18444.exe [2013.01.12 14:48:49 | 000,000,000 | ---- | C] () -- C:\Users\Lucas\defogger_reenable [2012.12.14 20:09:39 | 000,050,477 | ---- | C] () -- C:\Users\Lucas\Desktop\Defogger.exe [2012.09.13 07:05:28 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.02.03 17:34:47 | 000,000,127 | ---- | C] () -- C:\Users\Lucas\wxDownloadFast.ini [2011.11.19 19:37:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.11.19 19:37:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.11.19 19:37:11 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.11.19 19:37:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.11.15 16:02:43 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.22 10:15:10 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.07.19 11:13:10 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2011.07.19 11:13:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2011.07.19 11:13:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2011.07.19 11:13:09 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2011.07.19 11:13:09 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.27 13:39:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft [2012.12.11 16:27:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.04.11 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012 [2012.02.24 01:13:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre [2011.12.27 16:55:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DarkWave Studio [2012.01.24 20:39:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2012.02.21 23:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image-Line [2012.09.28 20:37:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit [2011.11.15 11:09:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.11.15 11:31:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo [2012.08.31 20:23:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LOVE [2012.01.26 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011.11.18 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.10.31 19:49:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.05.26 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator [2012.02.22 00:09:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SynthMaker [2011.11.15 16:03:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.03.16 18:45:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt [2012.09.02 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Verbindungsassistent [2012.01.17 11:20:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\www.rene-zeidler.de ========== Purity Check ========== < End of report > |
| Themen zu Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's |
| ad-aware, antivirus, autorun, avast, avira, bho, bingbar, browser, desktop, explorer, fehler, firefox, helper, home, lenovo, logfile, mozilla, plug-in, problem, pwmtr64v.dll, realtek, registry, rundll, scan, security, software, spyware, system, temp, trojaner-board |
Baum-Darstellung