Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.01.2013, 15:33   #1
Lutzow
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Hallo liebes Trojaner-Board,

ich habe seit einiger Zeit ein Problem, das mich so sehr nervt, dass ich mich extra hier angemeldet habe. Es ist sogar mein erstes Malüberhaupt in einem Forum, daher bitte ich darum formale Fehler zu entschuldigen und mich darauf hinzuweisen.

Nun zum Problem: Wenn ich surfe und auf Links klicke werde ich statt auf die gewünschte Seite auf irgendwelche Werbeseiten weitergeleitet, nachdem kurz der Text "The document has moved, redirecting" eingeblendet wurde. Das ist allerdings nicht alles. In unregelmäßigen Abständen poppt unten rechts ein Fenster auf, das ebenfalls auf ominöse Seiten verweist. Es sind keine "normalen" Pop-Up's, da sie erscheinen können,egal auf welcher Seite ich bin und sie kommen zu oft. Aber nun zum merkwürdigsten Symptom. Unten Links im Browser scheint permanent ein unsichtbares, rechteckiges Feld zu sein, welches alle dort befindlichen Links überlagert, d. h. ich kann diese nicht anklicken. Selten hat dieses Feld ein kleines x umes zu schliessen, dabei ist aber wirklich nur das x zu sehen. Ich weiss, es klingt komisch aber das sind die Symptome.

Ich hatte das gleiche Problem, bis auf das unsichtbare Feld, schon einmal. Damals hatte ich noch kein Antiviren-Programm. Nachdem ich eines installiert (Avast) und ausgeführt hatte war das Problem behoben. Seit es nun wieder aufgetreten ist habe ich etliche Programme versucht aber nichts hat geholfen. Ich hoffe ihr könnt mir helfen.

Da ich noch neu bin, weiss ich nicht wie man die Logs verstecken kann. Für einen Hinweis wäre ich dankbar.

Hier die Gmer-File:

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-12 15:15:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GJ10 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\***\AppData\Local\Temp\fglcypod.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1716] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1836] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[3740] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\PROGRA~2\AD-AWA~1\AdAware.exe[3824] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077461401 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077461419 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077461431 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007746144a 2 bytes [46, 77]
.text ... * 9
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000774614dd 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000774614f5 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007746150d 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077461525 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007746153d 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077461555 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007746156d 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077461585 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007746159d 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000774615b5 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000774615cd 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000774616b2 2 bytes [46, 77]
.text C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe[4684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000774616bd 2 bytes [46, 77]

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4544] 00000000731de2db
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4624] 000000006de38de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4628] 000000006de38de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4632] 000000006de38de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808:4636] 000000006de34e00
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1808] 0000000075330000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52afe06b5c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52afe06b5c@b0899132c151 0xC6 0x20 0x34 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78efffa7
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52afe06b5c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52afe06b5c@b0899132c151 0xC6 0x20 0x34 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78efffa7 (not active ControlSet)

---- EOF - GMER 2.0 ----

OTL hat keine Extra.txt erstellt. Ich weiß nicht warum. Hier die OTL-File:

OTL logfile created on: 12.01.2013 15:40:34 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,80 Gb Total Physical Memory | 2,21 Gb Available Physical Memory | 58,01% Memory free
7,60 Gb Paging File | 5,88 Gb Available in Paging File | 77,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,82 Gb Total Space | 225,85 Gb Free Space | 49,66% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 2,46 Gb Free Space | 25,24% Space Free | Partition Type: NTFS

Computer Name: ***-THINK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.12.14 20:10:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
PRC - [2012.12.11 14:50:00 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 14:49:20 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.11 14:49:19 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.07 18:23:02 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012.12.07 18:22:58 | 018,880,392 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe
PRC - [2012.11.16 10:09:00 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2012.01.04 19:31:14 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.04.14 13:24:26 | 000,410,984 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2011.04.14 13:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011.01.14 14:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.01.14 14:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2011.01.14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2010.07.06 13:22:22 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.04.07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.07 06:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.04.07 04:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2010.04.01 06:50:46 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.12.21 10:49:46 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.11.24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.11 09:33:12 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009.11.04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.11.04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe


========== Modules (No Company Name) ==========

MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.01.26 13:36:35 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe


========== Services (SafeList) ==========

SRV:64bit: - [2011.02.01 13:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2011.01.13 13:05:46 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2012.12.11 14:50:00 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 14:49:20 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.07 18:46:19 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.07 18:23:02 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012.09.20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.01.04 19:31:14 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.04.14 13:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011.04.14 13:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011.01.14 14:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011.01.14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.24 19:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010.07.06 13:22:22 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.04.07 06:37:40 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.04.07 06:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.04.07 04:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.11.04 05:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.11.04 05:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.12.11 14:50:07 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 14:50:07 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.11 10:08:59 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.03.16 18:10:19 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.15 11:15:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2011.11.15 11:15:24 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2011.11.15 11:15:24 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewsercd.sys -- (ewsercd)
DRV:64bit: - [2011.11.14 08:48:16 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.19 20:52:34 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.19 20:52:34 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.05.19 20:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.02.01 13:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2011.01.13 13:04:20 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.01.13 13:02:28 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.24 19:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010.07.30 10:13:04 | 000,947,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010.06.22 05:28:06 | 000,729,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.06.17 09:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.04.28 10:43:12 | 000,161,664 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010.04.13 01:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.08 16:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010.03.31 07:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.03.22 09:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.02.26 08:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.02 22:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.01.15 06:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.15 06:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 06:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.09.17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 07:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.05.12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2011.11.30 11:54:30 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2011.11.30 11:54:30 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewsercd.sys -- (ewsercd)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.12.13 11:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}
IE:64bit: - HKLM\..\SearchScopes\{7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.chatzum.com/
IE - HKLM\..\SearchScopes,DefaultScope = {7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}
IE - HKLM\..\SearchScopes\{7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A0F6ADCF-40F4-11E1-8706-CC52AFE06B5C}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=101570&babsrc=SP_ss&mntrId=1a4b7a1b000000000000cc52afe06b5c
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKCU\..\SearchScopes\{C4CDF737-FB25-4A13-A592-629EAFF0720C}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb119/?search={searchTerms}&loc=IB_DS&a=6PQniHFOzJ&i=26
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={A0F6ADCF-40F4-11E1-8706-CC52AFE06B5C}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.12
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 10:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 10:08:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.05.27 09:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.01.12 14:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions
[2012.12.11 10:08:04 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.01.12 14:57:50 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\firefox@ghostery.com
[2012.12.11 10:08:06 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013.01.12 14:57:47 | 000,281,667 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f6j4nnvl.default-1354993378265\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.12.08 20:07:23 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\f6j4nnvl.default-1354993378265\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.07 18:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.07 18:46:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.12.07 18:46:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.07 18:46:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 22:44:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 14:43:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.28 22:44:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.28 22:44:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.28 22:44:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.28 22:44:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2012.12.10 17:11:37 | 000,001,280 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F27C7B4B-CA84-4486-B06A-5854B3AA7984}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{15e58d81-0f71-11e1-8a39-cc52afe06b5c}\Shell - "" = AutoRun
O33 - MountPoints2\{15e58d81-0f71-11e1-8a39-cc52afe06b5c}\Shell\AutoRun\command - "" = E:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{34a401ff-b1ed-11e0-990c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{34a401ff-b1ed-11e0-990c-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{95a9bbb2-fc1f-11e1-a34c-cc52afe06b5c}\Shell - "" = AutoRun
O33 - MountPoints2\{95a9bbb2-fc1f-11e1-a34c-cc52afe06b5c}\Shell\AutoRun\command - "" = D:\pushinst.exe
O33 - MountPoints2\{f04373b8-15f4-11e2-879c-cc52afe06b5c}\Shell - "" = AutoRun
O33 - MountPoints2\{f04373b8-15f4-11e2-879c-cc52afe06b5c}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.12.14 20:10:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2013.01.12 15:36:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.01.12 15:34:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.01.12 15:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.12 15:14:43 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 15:14:43 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.12 15:06:48 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.01.12 15:06:33 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.12 15:06:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.12 15:06:07 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.12 14:52:05 | 000,365,568 | ---- | M] () -- C:\Users\Lucas\Desktop\gmer-2.0.18444.exe
[2013.01.12 14:48:49 | 000,000,000 | ---- | M] () -- C:\Users\Lucas\defogger_reenable
[2013.01.12 14:33:11 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.14 20:10:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lucas\Desktop\OTL.exe
[2012.12.14 20:09:41 | 000,050,477 | ---- | M] () -- C:\Users\Lucas\Desktop\Defogger.exe

========== Files Created - No Company Name ==========

[2013.01.12 14:52:04 | 000,365,568 | ---- | C] () -- C:\Users\Lucas\Desktop\gmer-2.0.18444.exe
[2013.01.12 14:48:49 | 000,000,000 | ---- | C] () -- C:\Users\Lucas\defogger_reenable
[2012.12.14 20:09:39 | 000,050,477 | ---- | C] () -- C:\Users\Lucas\Desktop\Defogger.exe
[2012.09.13 07:05:28 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.02.03 17:34:47 | 000,000,127 | ---- | C] () -- C:\Users\Lucas\wxDownloadFast.ini
[2011.11.19 19:37:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.19 19:37:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.11.19 19:37:11 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.11.19 19:37:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.15 16:02:43 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.22 10:15:10 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.07.19 11:13:10 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.07.19 11:13:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011.07.19 11:13:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011.07.19 11:13:09 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.07.19 11:13:09 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.09.27 13:39:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.12.11 16:27:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.04.11 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVG2012
[2012.02.24 01:13:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2011.12.27 16:55:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DarkWave Studio
[2012.01.24 20:39:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2012.02.21 23:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Image-Line
[2012.09.28 20:37:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IObit
[2011.11.15 11:09:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2011.11.15 11:31:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo
[2012.08.31 20:23:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LOVE
[2012.01.26 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.11.18 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.10.31 19:49:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.05.26 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spyware Terminator
[2012.02.22 00:09:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SynthMaker
[2011.11.15 16:03:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.03.16 18:45:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2012.09.02 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Verbindungsassistent
[2012.01.17 11:20:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\www.rene-zeidler.de

========== Purity Check ==========



< End of report >

Alt 12.01.2013, 16:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 12.01.2013, 17:23   #3
Lutzow
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Hallo und danke für die schnelle Antwort.

Nein, weitere Logs habe ich nicht.
__________________

Alt 13.01.2013, 18:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Alt 13.01.2013, 20:20   #5
Lutzow
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Hallo, hier die Log:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lucas :: LUCAS-THINK [administrator]

13.01.2013 21:09:37
mbar-log-2013-01-13 (21-09-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27112
Time elapsed: 13 minute(s), 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 13.01.2013, 20:22   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
--> Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's

Alt 13.01.2013, 21:09   #7
Lutzow
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Die TDSS-Log:

Code:
ATTFilter
22:05:06.0618 5900  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:05:07.0006 5900  ============================================================
22:05:07.0006 5900  Current date / time: 2013/01/13 22:05:07.0006
22:05:07.0006 5900  SystemInfo:
22:05:07.0006 5900  
22:05:07.0006 5900  OS Version: 6.1.7601 ServicePack: 1.0
22:05:07.0006 5900  Product type: Workstation
22:05:07.0006 5900  ComputerName: LUCAS-THINK
22:05:07.0007 5900  UserName: Lucas
22:05:07.0007 5900  Windows directory: C:\Windows
22:05:07.0007 5900  System windows directory: C:\Windows
22:05:07.0007 5900  Running under WOW64
22:05:07.0007 5900  Processor architecture: Intel x64
22:05:07.0007 5900  Number of processors: 4
22:05:07.0007 5900  Page size: 0x1000
22:05:07.0007 5900  Boot type: Normal boot
22:05:07.0007 5900  ============================================================
22:05:07.0551 5900  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:05:07.0559 5900  ============================================================
22:05:07.0559 5900  \Device\Harddisk0\DR0:
22:05:07.0560 5900  MBR partitions:
22:05:07.0560 5900  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2, BlocksNum 0x258030
22:05:07.0560 5900  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258032, BlocksNum 0x38DA501A
22:05:07.0560 5900  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38FFD04C, BlocksNum 0x1388046
22:05:07.0560 5900  ============================================================
22:05:07.0584 5900  C: <-> \Device\Harddisk0\DR0\Partition2
22:05:07.0638 5900  Q: <-> \Device\Harddisk0\DR0\Partition3
22:05:07.0638 5900  ============================================================
22:05:07.0638 5900  Initialize success
22:05:07.0638 5900  ============================================================
22:05:27.0123 0484  ============================================================
22:05:27.0123 0484  Scan started
22:05:27.0123 0484  Mode: Manual; SigCheck; TDLFS; 
22:05:27.0123 0484  ============================================================
22:05:27.0583 0484  ================ Scan system memory ========================
22:05:27.0583 0484  System memory - ok
22:05:27.0585 0484  ================ Scan services =============================
22:05:27.0853 0484  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:05:27.0965 0484  1394ohci - ok
22:05:28.0026 0484  [ 506BBDCDFC0314CB75B75CC0281EE0D1 ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
22:05:28.0131 0484  5U877 - ok
22:05:28.0170 0484  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:05:28.0202 0484  ACPI - ok
22:05:28.0250 0484  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:05:28.0294 0484  AcpiPmi - ok
22:05:28.0437 0484  [ DEECCADBD25F65D65293A09721B3A447 ] AcPrfMgrSvc     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
22:05:28.0460 0484  AcPrfMgrSvc - ok
22:05:28.0488 0484  [ A7753804C6C66C9C80F4E29659FD721C ] AcSvc           C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
22:05:28.0510 0484  AcSvc - ok
22:05:28.0622 0484  [ E9BACEDF8511EF671E817D8690E12DE3 ] Ad-Aware Service C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
22:05:28.0679 0484  Ad-Aware Service - ok
22:05:28.0744 0484  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:05:28.0778 0484  adp94xx - ok
22:05:28.0840 0484  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:05:28.0868 0484  adpahci - ok
22:05:28.0877 0484  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:05:28.0901 0484  adpu320 - ok
22:05:28.0947 0484  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:05:29.0053 0484  AeLookupSvc - ok
22:05:29.0115 0484  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:05:29.0191 0484  AFD - ok
22:05:29.0248 0484  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:05:29.0269 0484  agp440 - ok
22:05:29.0304 0484  AIDA64Driver - ok
22:05:29.0344 0484  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:05:29.0421 0484  ALG - ok
22:05:29.0470 0484  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:05:29.0500 0484  aliide - ok
22:05:29.0529 0484  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:05:29.0548 0484  amdide - ok
22:05:29.0568 0484  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:05:29.0609 0484  AmdK8 - ok
22:05:29.0618 0484  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
22:05:29.0646 0484  AmdPPM - ok
22:05:29.0699 0484  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:05:29.0721 0484  amdsata - ok
22:05:29.0739 0484  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
22:05:29.0763 0484  amdsbs - ok
22:05:29.0784 0484  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:05:29.0804 0484  amdxata - ok
22:05:30.0011 0484  [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:05:30.0031 0484  AntiVirSchedulerService - ok
22:05:30.0108 0484  [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:05:30.0124 0484  AntiVirService - ok
22:05:30.0173 0484  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:05:30.0261 0484  AppID - ok
22:05:30.0302 0484  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:05:30.0397 0484  AppIDSvc - ok
22:05:30.0451 0484  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
22:05:30.0564 0484  Appinfo - ok
22:05:30.0609 0484  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
22:05:30.0630 0484  arc - ok
22:05:30.0653 0484  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:05:30.0674 0484  arcsas - ok
22:05:30.0697 0484  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:05:30.0788 0484  AsyncMac - ok
22:05:30.0825 0484  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:05:30.0844 0484  atapi - ok
22:05:30.0894 0484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:05:31.0006 0484  AudioEndpointBuilder - ok
22:05:31.0020 0484  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:05:31.0098 0484  AudioSrv - ok
22:05:31.0175 0484  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:05:31.0211 0484  avgntflt - ok
22:05:31.0261 0484  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:05:31.0283 0484  avipbb - ok
22:05:31.0319 0484  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:05:31.0337 0484  avkmgr - ok
22:05:31.0375 0484  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:05:31.0445 0484  AxInstSV - ok
22:05:31.0515 0484  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
22:05:31.0560 0484  b06bdrv - ok
22:05:31.0604 0484  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:05:31.0652 0484  b57nd60a - ok
22:05:31.0780 0484  [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
22:05:31.0823 0484  BBSvc - ok
22:05:31.0885 0484  [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
22:05:31.0924 0484  BBUpdate - ok
22:05:31.0954 0484  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:05:32.0001 0484  BDESVC - ok
22:05:32.0033 0484  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:05:32.0131 0484  Beep - ok
22:05:32.0191 0484  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:05:32.0317 0484  BFE - ok
22:05:32.0389 0484  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:05:32.0502 0484  BITS - ok
22:05:32.0551 0484  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:05:32.0609 0484  blbdrive - ok
22:05:32.0655 0484  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:05:32.0701 0484  bowser - ok
22:05:32.0762 0484  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
22:05:32.0821 0484  BrFiltLo - ok
22:05:32.0828 0484  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
22:05:32.0864 0484  BrFiltUp - ok
22:05:32.0923 0484  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:05:32.0960 0484  Browser - ok
22:05:32.0996 0484  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:05:33.0044 0484  Brserid - ok
22:05:33.0051 0484  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:05:33.0083 0484  BrSerWdm - ok
22:05:33.0089 0484  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:05:33.0122 0484  BrUsbMdm - ok
22:05:33.0154 0484  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:05:33.0202 0484  BrUsbSer - ok
22:05:33.0258 0484  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
22:05:33.0298 0484  BthEnum - ok
22:05:33.0327 0484  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:05:33.0379 0484  BTHMODEM - ok
22:05:33.0417 0484  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:05:33.0484 0484  BthPan - ok
22:05:33.0543 0484  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
22:05:33.0598 0484  BTHPORT - ok
22:05:33.0648 0484  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:05:33.0717 0484  bthserv - ok
22:05:33.0748 0484  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
22:05:33.0796 0484  BTHUSB - ok
22:05:33.0835 0484  [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
22:05:33.0865 0484  btusbflt - ok
22:05:33.0889 0484  [ A72A9101F9730DB7332714E566614E4D ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
22:05:33.0907 0484  btwaudio - ok
22:05:33.0934 0484  [ 5CEEC634B617525F2B6AD29F871033F7 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
22:05:33.0954 0484  btwavdt - ok
22:05:34.0057 0484  [ 1D2A95842F8DDDEDD9B600A9CC7936B5 ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
22:05:34.0122 0484  btwdins - ok
22:05:34.0156 0484  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
22:05:34.0169 0484  btwl2cap - ok
22:05:34.0187 0484  [ 2AF5604D28BEF77B7CF4B9D232FE7CD3 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
22:05:34.0202 0484  btwrchid - ok
22:05:34.0229 0484  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:05:34.0319 0484  cdfs - ok
22:05:34.0381 0484  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:05:34.0414 0484  cdrom - ok
22:05:34.0445 0484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:05:34.0534 0484  CertPropSvc - ok
22:05:34.0585 0484  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
22:05:34.0634 0484  circlass - ok
22:05:34.0677 0484  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:05:34.0720 0484  CLFS - ok
22:05:34.0805 0484  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:05:34.0836 0484  clr_optimization_v2.0.50727_32 - ok
22:05:34.0893 0484  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:05:34.0912 0484  clr_optimization_v2.0.50727_64 - ok
22:05:34.0977 0484  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:05:35.0012 0484  clr_optimization_v4.0.30319_32 - ok
22:05:35.0058 0484  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:05:35.0078 0484  clr_optimization_v4.0.30319_64 - ok
22:05:35.0112 0484  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:05:35.0158 0484  CmBatt - ok
22:05:35.0179 0484  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:05:35.0197 0484  cmdide - ok
22:05:35.0250 0484  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:05:35.0306 0484  CNG - ok
22:05:35.0375 0484  [ A7D943BCFB70F1F053C274B348267B55 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
22:05:35.0422 0484  CnxtHdAudService - ok
22:05:35.0464 0484  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:05:35.0482 0484  Compbatt - ok
22:05:35.0504 0484  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
22:05:35.0574 0484  CompositeBus - ok
22:05:35.0599 0484  COMSysApp - ok
22:05:35.0627 0484  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:05:35.0646 0484  crcdisk - ok
22:05:35.0734 0484  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:05:35.0778 0484  CryptSvc - ok
22:05:35.0905 0484  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:05:35.0959 0484  cvhsvc - ok
22:05:36.0018 0484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:05:36.0121 0484  DcomLaunch - ok
22:05:36.0167 0484  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:05:36.0264 0484  defragsvc - ok
22:05:36.0300 0484  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:05:36.0395 0484  DfsC - ok
22:05:36.0439 0484  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:05:36.0490 0484  Dhcp - ok
22:05:36.0532 0484  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:05:36.0636 0484  discache - ok
22:05:36.0688 0484  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
22:05:36.0708 0484  Disk - ok
22:05:36.0738 0484  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:05:36.0787 0484  Dnscache - ok
22:05:36.0827 0484  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:05:36.0900 0484  dot3svc - ok
22:05:36.0922 0484  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:05:37.0019 0484  DPS - ok
22:05:37.0062 0484  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:05:37.0119 0484  drmkaud - ok
22:05:37.0181 0484  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:05:37.0233 0484  DXGKrnl - ok
22:05:37.0257 0484  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:05:37.0355 0484  EapHost - ok
22:05:37.0505 0484  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
22:05:37.0610 0484  ebdrv - ok
22:05:37.0649 0484  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:05:37.0699 0484  EFS - ok
22:05:37.0782 0484  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:05:37.0861 0484  ehRecvr - ok
22:05:37.0895 0484  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:05:37.0920 0484  ehSched - ok
22:05:37.0968 0484  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:05:38.0002 0484  elxstor - ok
22:05:38.0008 0484  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:05:38.0050 0484  ErrDev - ok
22:05:38.0104 0484  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:05:38.0202 0484  EventSystem - ok
22:05:38.0240 0484  [ 4A158424FE9E32365D67989304733241 ] ewsercd         C:\Windows\system32\DRIVERS\ewsercd.sys
22:05:38.0288 0484  ewsercd - ok
22:05:38.0341 0484  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:05:38.0435 0484  exfat - ok
22:05:38.0463 0484  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:05:38.0559 0484  fastfat - ok
22:05:38.0614 0484  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:05:38.0670 0484  Fax - ok
22:05:38.0713 0484  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
22:05:38.0747 0484  fdc - ok
22:05:38.0790 0484  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:05:38.0859 0484  fdPHost - ok
22:05:38.0873 0484  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:05:38.0965 0484  FDResPub - ok
22:05:39.0018 0484  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:05:39.0040 0484  FileInfo - ok
22:05:39.0056 0484  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:05:39.0154 0484  Filetrace - ok
22:05:39.0204 0484  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
22:05:39.0239 0484  flpydisk - ok
22:05:39.0265 0484  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:05:39.0295 0484  FltMgr - ok
22:05:39.0338 0484  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
22:05:39.0406 0484  FontCache - ok
22:05:39.0466 0484  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:05:39.0486 0484  FontCache3.0.0.0 - ok
22:05:39.0513 0484  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:05:39.0532 0484  FsDepends - ok
22:05:39.0569 0484  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:05:39.0588 0484  Fs_Rec - ok
22:05:39.0611 0484  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:05:39.0641 0484  fvevol - ok
22:05:39.0672 0484  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:05:39.0693 0484  gagp30kx - ok
22:05:39.0758 0484  [ 14908F4F9005C29DE8F5587E271390EE ] gfibto          C:\Windows\system32\drivers\gfibto.sys
22:05:39.0775 0484  gfibto - ok
22:05:39.0822 0484  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:05:39.0906 0484  gpsvc - ok
22:05:39.0968 0484  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:05:39.0986 0484  gupdate - ok
22:05:40.0001 0484  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:05:40.0017 0484  gupdatem - ok
22:05:40.0086 0484  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:05:40.0115 0484  gusvc - ok
22:05:40.0156 0484  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:05:40.0198 0484  hcw85cir - ok
22:05:40.0238 0484  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:05:40.0298 0484  HdAudAddService - ok
22:05:40.0336 0484  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:05:40.0389 0484  HDAudBus - ok
22:05:40.0451 0484  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
22:05:40.0470 0484  HECIx64 - ok
22:05:40.0492 0484  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
22:05:40.0529 0484  HidBatt - ok
22:05:40.0556 0484  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:05:40.0610 0484  HidBth - ok
22:05:40.0641 0484  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:05:40.0669 0484  HidIr - ok
22:05:40.0692 0484  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:05:40.0763 0484  hidserv - ok
22:05:40.0803 0484  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:05:40.0824 0484  HidUsb - ok
22:05:40.0852 0484  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:05:40.0948 0484  hkmsvc - ok
22:05:40.0980 0484  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:05:41.0028 0484  HomeGroupListener - ok
22:05:41.0070 0484  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:05:41.0130 0484  HomeGroupProvider - ok
22:05:41.0181 0484  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:05:41.0201 0484  HpSAMD - ok
22:05:41.0258 0484  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:05:41.0361 0484  HTTP - ok
22:05:41.0432 0484  [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:05:41.0475 0484  hwdatacard - ok
22:05:41.0505 0484  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:05:41.0524 0484  hwpolicy - ok
22:05:41.0553 0484  [ 1F24CF1F7DB6D4461AC65A86DB8E4BC2 ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
22:05:41.0595 0484  hwusbfake - ok
22:05:41.0642 0484  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:05:41.0675 0484  i8042prt - ok
22:05:41.0738 0484  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
22:05:41.0789 0484  iaStor - ok
22:05:41.0847 0484  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:05:41.0889 0484  iaStorV - ok
22:05:41.0944 0484  [ A9BD44426A69079240767FE4AEE0EA71 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
22:05:41.0969 0484  IBMPMDRV - ok
22:05:42.0000 0484  [ 57D4A3ED5497DB0C5A53E680A9BDD1C6 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
22:05:42.0018 0484  IBMPMSVC - ok
22:05:42.0082 0484  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:05:42.0139 0484  idsvc - ok
22:05:42.0404 0484  [ 09CE164AFA8483E41808784D7FCA154E ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:05:42.0641 0484  igfx - ok
22:05:42.0707 0484  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:05:42.0727 0484  iirsp - ok
22:05:42.0782 0484  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:05:42.0911 0484  IKEEXT - ok
22:05:42.0965 0484  [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
22:05:43.0004 0484  Impcd - ok
22:05:43.0054 0484  [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
22:05:43.0105 0484  IntcDAud - ok
22:05:43.0129 0484  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:05:43.0149 0484  intelide - ok
22:05:43.0190 0484  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:05:43.0249 0484  intelppm - ok
22:05:43.0298 0484  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:05:43.0397 0484  IPBusEnum - ok
22:05:43.0432 0484  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:05:43.0529 0484  IpFilterDriver - ok
22:05:43.0571 0484  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:05:43.0635 0484  iphlpsvc - ok
22:05:43.0659 0484  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:05:43.0703 0484  IPMIDRV - ok
22:05:43.0734 0484  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:05:43.0832 0484  IPNAT - ok
22:05:43.0861 0484  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:05:43.0917 0484  IRENUM - ok
22:05:43.0924 0484  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:05:43.0944 0484  isapnp - ok
22:05:43.0977 0484  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:05:44.0004 0484  iScsiPrt - ok
22:05:44.0037 0484  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:05:44.0058 0484  kbdclass - ok
22:05:44.0109 0484  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:05:44.0164 0484  kbdhid - ok
22:05:44.0206 0484  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:05:44.0230 0484  KeyIso - ok
22:05:44.0253 0484  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:05:44.0275 0484  KSecDD - ok
22:05:44.0293 0484  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:05:44.0316 0484  KSecPkg - ok
22:05:44.0341 0484  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:05:44.0437 0484  ksthunk - ok
22:05:44.0496 0484  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:05:44.0587 0484  KtmRm - ok
22:05:44.0647 0484  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:05:44.0747 0484  LanmanServer - ok
22:05:44.0791 0484  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:05:44.0917 0484  LanmanWorkstation - ok
22:05:45.0000 0484  [ 8B5EB24FCE3926128138B769D50CEE1B ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
22:05:45.0023 0484  LENOVO.CAMMUTE - ok
22:05:45.0073 0484  [ C88EB33793420A79F601FB5E33E2EDD9 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
22:05:45.0091 0484  LENOVO.MICMUTE - ok
22:05:45.0119 0484  [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi      C:\Windows\system32\DRIVERS\smiifx64.sys
22:05:45.0137 0484  lenovo.smi - ok
22:05:45.0161 0484  [ F1A055E1381528E947CDB959117B67D0 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
22:05:45.0175 0484  LENOVO.TPKNRSVC - ok
22:05:45.0193 0484  [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
22:05:45.0208 0484  Lenovo.VIRTSCRLSVC - ok
22:05:45.0242 0484  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:05:45.0335 0484  lltdio - ok
22:05:45.0362 0484  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:05:45.0452 0484  lltdsvc - ok
22:05:45.0505 0484  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:05:45.0607 0484  lmhosts - ok
22:05:45.0667 0484  [ 5460828F8951D310B42B442877603B8D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:05:45.0688 0484  LMS - ok
22:05:45.0727 0484  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:05:45.0748 0484  LSI_FC - ok
22:05:45.0779 0484  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:05:45.0800 0484  LSI_SAS - ok
22:05:45.0806 0484  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
22:05:45.0826 0484  LSI_SAS2 - ok
22:05:45.0858 0484  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:05:45.0880 0484  LSI_SCSI - ok
22:05:45.0924 0484  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:05:46.0031 0484  luafv - ok
22:05:46.0093 0484  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:05:46.0144 0484  Mcx2Svc - ok
22:05:46.0194 0484  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:05:46.0226 0484  megasas - ok
22:05:46.0272 0484  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
22:05:46.0298 0484  MegaSR - ok
22:05:46.0327 0484  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:05:46.0400 0484  MMCSS - ok
22:05:46.0411 0484  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:05:46.0500 0484  Modem - ok
22:05:46.0545 0484  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:05:46.0615 0484  monitor - ok
22:05:46.0660 0484  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:05:46.0680 0484  mouclass - ok
22:05:46.0718 0484  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:05:46.0763 0484  mouhid - ok
22:05:46.0807 0484  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:05:46.0828 0484  mountmgr - ok
22:05:46.0904 0484  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:05:46.0925 0484  MozillaMaintenance - ok
22:05:46.0971 0484  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:05:47.0009 0484  mpio - ok
22:05:47.0031 0484  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:05:47.0102 0484  mpsdrv - ok
22:05:47.0145 0484  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:05:47.0233 0484  MpsSvc - ok
22:05:47.0240 0484  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:05:47.0301 0484  MRxDAV - ok
22:05:47.0341 0484  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:05:47.0380 0484  mrxsmb - ok
22:05:47.0420 0484  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:05:47.0443 0484  mrxsmb10 - ok
22:05:47.0458 0484  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:05:47.0508 0484  mrxsmb20 - ok
22:05:47.0552 0484  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:05:47.0580 0484  msahci - ok
22:05:47.0587 0484  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:05:47.0610 0484  msdsm - ok
22:05:47.0630 0484  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:05:47.0676 0484  MSDTC - ok
22:05:47.0708 0484  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:05:47.0806 0484  Msfs - ok
22:05:47.0836 0484  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:05:47.0927 0484  mshidkmdf - ok
22:05:47.0953 0484  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:05:47.0971 0484  msisadrv - ok
22:05:48.0020 0484  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:05:48.0107 0484  MSiSCSI - ok
22:05:48.0113 0484  msiserver - ok
22:05:48.0165 0484  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:05:48.0251 0484  MSKSSRV - ok
22:05:48.0275 0484  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:05:48.0363 0484  MSPCLOCK - ok
22:05:48.0387 0484  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:05:48.0479 0484  MSPQM - ok
22:05:48.0510 0484  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:05:48.0541 0484  MsRPC - ok
22:05:48.0564 0484  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:05:48.0583 0484  mssmbios - ok
22:05:48.0610 0484  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:05:48.0697 0484  MSTEE - ok
22:05:48.0703 0484  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
22:05:48.0731 0484  MTConfig - ok
22:05:48.0764 0484  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:05:48.0784 0484  Mup - ok
22:05:48.0816 0484  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:05:48.0932 0484  napagent - ok
22:05:48.0992 0484  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:05:49.0051 0484  NativeWifiP - ok
22:05:49.0091 0484  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:05:49.0140 0484  NDIS - ok
22:05:49.0172 0484  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:05:49.0243 0484  NdisCap - ok
22:05:49.0287 0484  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:05:49.0355 0484  NdisTapi - ok
22:05:49.0384 0484  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:05:49.0474 0484  Ndisuio - ok
22:05:49.0502 0484  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:05:49.0597 0484  NdisWan - ok
22:05:49.0625 0484  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:05:49.0693 0484  NDProxy - ok
22:05:49.0719 0484  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:05:49.0811 0484  NetBIOS - ok
22:05:49.0853 0484  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:05:49.0940 0484  NetBT - ok
22:05:49.0962 0484  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:05:49.0983 0484  Netlogon - ok
22:05:50.0024 0484  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:05:50.0128 0484  Netman - ok
22:05:50.0170 0484  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:05:50.0276 0484  netprofm - ok
22:05:50.0326 0484  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:05:50.0344 0484  NetTcpPortSharing - ok
22:05:50.0400 0484  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:05:50.0420 0484  nfrd960 - ok
22:05:50.0469 0484  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:05:50.0535 0484  NlaSvc - ok
22:05:50.0568 0484  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:05:50.0637 0484  Npfs - ok
22:05:50.0663 0484  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:05:50.0753 0484  nsi - ok
22:05:50.0790 0484  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:05:50.0908 0484  nsiproxy - ok
22:05:50.0985 0484  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:05:51.0063 0484  Ntfs - ok
22:05:51.0079 0484  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:05:51.0190 0484  Null - ok
22:05:51.0262 0484  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:05:51.0297 0484  nvraid - ok
22:05:51.0312 0484  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:05:51.0335 0484  nvstor - ok
22:05:51.0384 0484  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:05:51.0407 0484  nv_agp - ok
22:05:51.0413 0484  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:05:51.0449 0484  ohci1394 - ok
22:05:51.0518 0484  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:05:51.0540 0484  ose - ok
22:05:51.0700 0484  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:05:51.0894 0484  osppsvc - ok
22:05:51.0921 0484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:05:51.0947 0484  p2pimsvc - ok
22:05:51.0969 0484  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:05:51.0997 0484  p2psvc - ok
22:05:52.0029 0484  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
22:05:52.0051 0484  Parport - ok
22:05:52.0088 0484  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:05:52.0108 0484  partmgr - ok
22:05:52.0133 0484  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:05:52.0196 0484  PcaSvc - ok
22:05:52.0229 0484  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:05:52.0252 0484  pci - ok
22:05:52.0293 0484  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:05:52.0311 0484  pciide - ok
22:05:52.0319 0484  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:05:52.0344 0484  pcmcia - ok
22:05:52.0367 0484  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:05:52.0387 0484  pcw - ok
22:05:52.0413 0484  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:05:52.0520 0484  PEAUTH - ok
22:05:52.0618 0484  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:05:52.0673 0484  PerfHost - ok
22:05:52.0759 0484  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:05:52.0876 0484  pla - ok
22:05:52.0940 0484  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:05:52.0997 0484  PlugPlay - ok
22:05:53.0024 0484  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:05:53.0086 0484  PNRPAutoReg - ok
22:05:53.0122 0484  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:05:53.0152 0484  PNRPsvc - ok
22:05:53.0186 0484  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:05:53.0287 0484  PolicyAgent - ok
22:05:53.0325 0484  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
22:05:53.0392 0484  Power - ok
22:05:53.0470 0484  [ BAC02775CF629E5FE80BEA952F4448EF ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
22:05:53.0494 0484  Power Manager DBC Service - ok
22:05:53.0533 0484  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:05:53.0630 0484  PptpMiniport - ok
22:05:53.0651 0484  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
22:05:53.0690 0484  Processor - ok
22:05:53.0730 0484  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:05:53.0756 0484  ProfSvc - ok
22:05:53.0773 0484  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:05:53.0795 0484  ProtectedStorage - ok
22:05:53.0820 0484  [ A70AD30223866947E39BC221DF4C2306 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
22:05:53.0837 0484  psadd - ok
22:05:53.0867 0484  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:05:53.0958 0484  Psched - ok
22:05:54.0059 0484  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:05:54.0133 0484  ql2300 - ok
22:05:54.0140 0484  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:05:54.0163 0484  ql40xx - ok
22:05:54.0195 0484  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:05:54.0232 0484  QWAVE - ok
22:05:54.0259 0484  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:05:54.0316 0484  QWAVEdrv - ok
22:05:54.0322 0484  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:05:54.0392 0484  RasAcd - ok
22:05:54.0446 0484  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:05:54.0515 0484  RasAgileVpn - ok
22:05:54.0538 0484  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:05:54.0634 0484  RasAuto - ok
22:05:54.0665 0484  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:05:54.0761 0484  Rasl2tp - ok
22:05:54.0811 0484  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:05:54.0891 0484  RasMan - ok
22:05:54.0911 0484  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:05:55.0025 0484  RasPppoe - ok
22:05:55.0058 0484  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:05:55.0154 0484  RasSstp - ok
22:05:55.0187 0484  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:05:55.0277 0484  rdbss - ok
22:05:55.0319 0484  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
22:05:55.0373 0484  rdpbus - ok
22:05:55.0415 0484  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:05:55.0483 0484  RDPCDD - ok
22:05:55.0504 0484  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:05:55.0605 0484  RDPENCDD - ok
22:05:55.0634 0484  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:05:55.0702 0484  RDPREFMP - ok
22:05:55.0736 0484  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:05:55.0783 0484  RDPWD - ok
22:05:55.0822 0484  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:05:55.0847 0484  rdyboost - ok
22:05:55.0871 0484  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:05:55.0944 0484  RemoteAccess - ok
22:05:55.0963 0484  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:05:56.0056 0484  RemoteRegistry - ok
22:05:56.0110 0484  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:05:56.0163 0484  RFCOMM - ok
22:05:56.0193 0484  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:05:56.0287 0484  RpcEptMapper - ok
22:05:56.0324 0484  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:05:56.0362 0484  RpcLocator - ok
22:05:56.0401 0484  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:05:56.0479 0484  RpcSs - ok
22:05:56.0521 0484  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:05:56.0616 0484  rspndr - ok
22:05:56.0654 0484  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
22:05:56.0677 0484  RSUSBSTOR - ok
22:05:56.0716 0484  [ 4FBDA07EF0A3097CE14C5CABF723B278 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:05:56.0741 0484  RTL8167 - ok
22:05:56.0799 0484  [ 9A1CEA6E20E19AFCE888D3F3E4358381 ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
22:05:56.0842 0484  RTL8192Ce - ok
22:05:56.0863 0484  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:05:56.0885 0484  SamSs - ok
22:05:57.0059 0484  [ 99FC1599F89A80216E41175B8CA44D89 ] SBAMSvc         C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
22:05:57.0211 0484  SBAMSvc - ok
22:05:57.0269 0484  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:05:57.0303 0484  sbp2port - ok
22:05:57.0338 0484  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:05:57.0430 0484  SCardSvr - ok
22:05:57.0456 0484  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:05:57.0542 0484  scfilter - ok
22:05:57.0600 0484  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:05:57.0717 0484  Schedule - ok
22:05:57.0749 0484  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:05:57.0815 0484  SCPolicySvc - ok
22:05:57.0852 0484  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:05:57.0897 0484  SDRSVC - ok
22:05:58.0047 0484  [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:05:58.0116 0484  SDScannerService - ok
22:05:58.0216 0484  [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:05:58.0270 0484  SDUpdateService - ok
22:05:58.0323 0484  [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:05:58.0344 0484  SDWSCService - ok
22:05:58.0386 0484  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:05:58.0480 0484  secdrv - ok
22:05:58.0526 0484  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:05:58.0639 0484  seclogon - ok
22:05:58.0666 0484  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:05:58.0781 0484  SENS - ok
22:05:58.0818 0484  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:05:58.0863 0484  SensrSvc - ok
22:05:58.0919 0484  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:05:58.0963 0484  Serenum - ok
22:05:59.0005 0484  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
22:05:59.0052 0484  Serial - ok
22:05:59.0059 0484  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:05:59.0093 0484  sermouse - ok
22:05:59.0152 0484  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:05:59.0272 0484  SessionEnv - ok
22:05:59.0290 0484  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:05:59.0318 0484  sffdisk - ok
22:05:59.0324 0484  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:05:59.0377 0484  sffp_mmc - ok
22:05:59.0404 0484  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:05:59.0456 0484  sffp_sd - ok
22:05:59.0484 0484  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:05:59.0532 0484  sfloppy - ok
22:05:59.0593 0484  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
22:05:59.0630 0484  Sftfs - ok
22:05:59.0692 0484  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:05:59.0724 0484  sftlist - ok
22:05:59.0755 0484  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:05:59.0778 0484  Sftplay - ok
22:05:59.0795 0484  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:05:59.0809 0484  Sftredir - ok
22:05:59.0837 0484  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
22:05:59.0853 0484  Sftvol - ok
22:05:59.0879 0484  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:05:59.0903 0484  sftvsa - ok
22:05:59.0938 0484  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:06:00.0040 0484  SharedAccess - ok
22:06:00.0089 0484  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:06:00.0185 0484  ShellHWDetection - ok
22:06:00.0240 0484  [ 380B52126E62C6C2D3C8BA805AADFDC7 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
22:06:00.0256 0484  Shockprf - ok
22:06:00.0304 0484  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
22:06:00.0323 0484  SiSRaid2 - ok
22:06:00.0330 0484  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:06:00.0353 0484  SiSRaid4 - ok
22:06:00.0386 0484  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:06:00.0504 0484  Smb - ok
22:06:00.0554 0484  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:06:00.0577 0484  SNMPTRAP - ok
22:06:00.0595 0484  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:06:00.0614 0484  spldr - ok
22:06:00.0641 0484  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:06:00.0675 0484  Spooler - ok
22:06:00.0784 0484  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:06:00.0949 0484  sppsvc - ok
22:06:00.0986 0484  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:06:01.0057 0484  sppuinotify - ok
22:06:01.0094 0484  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:06:01.0162 0484  srv - ok
22:06:01.0198 0484  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:06:01.0258 0484  srv2 - ok
22:06:01.0294 0484  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:06:01.0316 0484  srvnet - ok
22:06:01.0348 0484  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:06:01.0422 0484  SSDPSRV - ok
22:06:01.0446 0484  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:06:01.0518 0484  SstpSvc - ok
22:06:01.0558 0484  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
22:06:01.0589 0484  stexstor - ok
22:06:01.0630 0484  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:06:01.0693 0484  stisvc - ok
22:06:01.0724 0484  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:06:01.0743 0484  swenum - ok
22:06:01.0780 0484  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:06:01.0891 0484  swprv - ok
22:06:02.0001 0484  [ FFDD13B42D4B106AC9FAFBB0E1F7FAA5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:06:02.0075 0484  SynTP - ok
22:06:02.0144 0484  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:06:02.0212 0484  SysMain - ok
22:06:02.0233 0484  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:06:02.0293 0484  TabletInputService - ok
22:06:02.0350 0484  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:06:02.0439 0484  TapiSrv - ok
22:06:02.0462 0484  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:06:02.0555 0484  TBS - ok
22:06:02.0661 0484  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:06:02.0742 0484  Tcpip - ok
22:06:02.0783 0484  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:06:02.0859 0484  TCPIP6 - ok
22:06:02.0888 0484  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:06:02.0910 0484  tcpipreg - ok
22:06:02.0952 0484  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:06:03.0000 0484  TDPIPE - ok
22:06:03.0039 0484  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:06:03.0064 0484  TDTCP - ok
22:06:03.0086 0484  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:06:03.0177 0484  tdx - ok
22:06:03.0211 0484  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:06:03.0231 0484  TermDD - ok
22:06:03.0273 0484  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:06:03.0375 0484  TermService - ok
22:06:03.0400 0484  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:06:03.0437 0484  Themes - ok
22:06:03.0451 0484  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:06:03.0520 0484  THREADORDER - ok
22:06:03.0532 0484  [ 5523C729F1ED31B63C88490AF3D220FA ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
22:06:03.0546 0484  TPDIGIMN - ok
22:06:03.0572 0484  [ ECB098A3404ACB8A05F0673DC086BB43 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
22:06:03.0589 0484  TPHDEXLGSVC - ok
22:06:03.0671 0484  [ 2CF225E19490F499528B926263FE4554 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
22:06:03.0694 0484  TPHKSVC - ok
22:06:03.0735 0484  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
22:06:03.0778 0484  TPM - ok
22:06:03.0849 0484  [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
22:06:03.0867 0484  TPPWRIF - ok
22:06:03.0899 0484  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:06:03.0998 0484  TrkWks - ok
22:06:04.0064 0484  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
22:06:04.0090 0484  truecrypt - ok
22:06:04.0141 0484  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:06:04.0221 0484  TrustedInstaller - ok
22:06:04.0240 0484  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:06:04.0337 0484  tssecsrv - ok
22:06:04.0381 0484  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:06:04.0458 0484  TsUsbFlt - ok
22:06:04.0471 0484  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
22:06:04.0513 0484  TsUsbGD - ok
22:06:04.0556 0484  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:06:04.0652 0484  tunnel - ok
22:06:04.0677 0484  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:06:04.0698 0484  uagp35 - ok
22:06:04.0722 0484  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:06:04.0821 0484  udfs - ok
22:06:04.0875 0484  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:06:04.0919 0484  UI0Detect - ok
22:06:04.0961 0484  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:06:04.0981 0484  uliagpkx - ok
22:06:05.0004 0484  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:06:05.0049 0484  umbus - ok
22:06:05.0101 0484  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
22:06:05.0152 0484  UmPass - ok
22:06:05.0287 0484  [ 9E89C2D6945389270DE067CE51FF7425 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:06:05.0382 0484  UNS - ok
22:06:05.0416 0484  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:06:05.0523 0484  upnphost - ok
22:06:05.0556 0484  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:06:05.0601 0484  usbccgp - ok
22:06:05.0651 0484  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:06:05.0681 0484  usbcir - ok
22:06:05.0713 0484  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:06:05.0769 0484  usbehci - ok
22:06:05.0819 0484  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:06:05.0872 0484  usbhub - ok
22:06:05.0927 0484  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:06:05.0966 0484  usbohci - ok
22:06:05.0988 0484  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:06:06.0039 0484  usbprint - ok
22:06:06.0082 0484  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:06:06.0116 0484  USBSTOR - ok
22:06:06.0122 0484  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:06:06.0164 0484  usbuhci - ok
22:06:06.0232 0484  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:06:06.0262 0484  usbvideo - ok
22:06:06.0296 0484  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:06:06.0389 0484  UxSms - ok
22:06:06.0420 0484  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:06:06.0440 0484  VaultSvc - ok
22:06:06.0461 0484  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:06:06.0481 0484  vdrvroot - ok
22:06:06.0507 0484  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:06:06.0610 0484  vds - ok
22:06:06.0642 0484  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:06:06.0669 0484  vga - ok
22:06:06.0682 0484  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:06:06.0772 0484  VgaSave - ok
22:06:06.0798 0484  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:06:06.0822 0484  vhdmp - ok
22:06:06.0850 0484  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:06:06.0868 0484  viaide - ok
22:06:06.0883 0484  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:06:06.0903 0484  volmgr - ok
22:06:06.0925 0484  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:06:06.0953 0484  volmgrx - ok
22:06:06.0969 0484  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:06:06.0996 0484  volsnap - ok
22:06:07.0029 0484  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:06:07.0052 0484  vsmraid - ok
22:06:07.0134 0484  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:06:07.0258 0484  VSS - ok
22:06:07.0290 0484  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:06:07.0344 0484  vwifibus - ok
22:06:07.0384 0484  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:06:07.0440 0484  vwififlt - ok
22:06:07.0501 0484  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:06:07.0578 0484  W32Time - ok
22:06:07.0619 0484  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:06:07.0662 0484  WacomPen - ok
22:06:07.0699 0484  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:06:07.0794 0484  WANARP - ok
22:06:07.0817 0484  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:06:07.0885 0484  Wanarpv6 - ok
22:06:07.0950 0484  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:06:08.0011 0484  WatAdminSvc - ok
22:06:08.0067 0484  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:06:08.0116 0484  wbengine - ok
22:06:08.0132 0484  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:06:08.0168 0484  WbioSrvc - ok
22:06:08.0188 0484  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:06:08.0247 0484  wcncsvc - ok
22:06:08.0290 0484  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:06:08.0347 0484  WcsPlugInService - ok
22:06:08.0402 0484  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
22:06:08.0436 0484  Wd - ok
22:06:08.0493 0484  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:06:08.0549 0484  Wdf01000 - ok
22:06:08.0567 0484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:06:08.0691 0484  WdiServiceHost - ok
22:06:08.0696 0484  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:06:08.0730 0484  WdiSystemHost - ok
22:06:08.0759 0484  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:06:08.0824 0484  WebClient - ok
22:06:08.0858 0484  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:06:08.0954 0484  Wecsvc - ok
22:06:08.0988 0484  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:06:09.0074 0484  wercplsupport - ok
22:06:09.0113 0484  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:06:09.0184 0484  WerSvc - ok
22:06:09.0218 0484  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:06:09.0286 0484  WfpLwf - ok
22:06:09.0322 0484  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:06:09.0341 0484  WIMMount - ok
22:06:09.0381 0484  WinDefend - ok
22:06:09.0394 0484  WinHttpAutoProxySvc - ok
22:06:09.0472 0484  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:06:09.0559 0484  Winmgmt - ok
22:06:09.0626 0484  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:06:09.0733 0484  WinRM - ok
22:06:09.0810 0484  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:06:09.0871 0484  WinUsb - ok
22:06:09.0925 0484  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:06:10.0002 0484  Wlansvc - ok
22:06:10.0058 0484  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:06:10.0086 0484  wlcrasvc - ok
22:06:10.0181 0484  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:06:10.0271 0484  wlidsvc - ok
22:06:10.0305 0484  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
22:06:10.0367 0484  WmiAcpi - ok
22:06:10.0419 0484  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:06:10.0471 0484  wmiApSrv - ok
22:06:10.0507 0484  WMPNetworkSvc - ok
22:06:10.0538 0484  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:06:10.0560 0484  WPCSvc - ok
22:06:10.0579 0484  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:06:10.0606 0484  WPDBusEnum - ok
22:06:10.0632 0484  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:06:10.0699 0484  ws2ifsl - ok
22:06:10.0713 0484  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:06:10.0770 0484  wscsvc - ok
22:06:10.0775 0484  WSearch - ok
22:06:10.0841 0484  [ C07FFEAB4E6CE0ED2808417D1336063F ] WTGService      C:\Program Files (x86)\Verbindungsassistent\WTGService.exe
22:06:10.0879 0484  WTGService - ok
22:06:10.0958 0484  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:06:11.0050 0484  wuauserv - ok
22:06:11.0089 0484  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:06:11.0143 0484  WudfPf - ok
22:06:11.0191 0484  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:06:11.0242 0484  WUDFRd - ok
22:06:11.0275 0484  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:06:11.0327 0484  wudfsvc - ok
22:06:11.0370 0484  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:06:11.0435 0484  WwanSvc - ok
22:06:11.0498 0484  ================ Scan global ===============================
22:06:11.0520 0484  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:06:11.0578 0484  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:06:11.0590 0484  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
22:06:11.0625 0484  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:06:11.0662 0484  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:06:11.0669 0484  [Global] - ok
22:06:11.0671 0484  ================ Scan MBR ==================================
22:06:11.0681 0484  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:06:13.0082 0484  \Device\Harddisk0\DR0 - ok
22:06:13.0083 0484  ================ Scan VBR ==================================
22:06:13.0088 0484  [ D246A2729E8F52772B8E506EF16319EC ] \Device\Harddisk0\DR0\Partition1
22:06:13.0092 0484  \Device\Harddisk0\DR0\Partition1 - ok
22:06:13.0126 0484  [ 41947657748AC23D57B48B225EC76B4D ] \Device\Harddisk0\DR0\Partition2
22:06:13.0128 0484  \Device\Harddisk0\DR0\Partition2 - ok
22:06:13.0164 0484  [ D54646AA94E32F7D6088EAD596509D19 ] \Device\Harddisk0\DR0\Partition3
22:06:13.0166 0484  \Device\Harddisk0\DR0\Partition3 - ok
22:06:13.0167 0484  ============================================================
22:06:13.0167 0484  Scan finished
22:06:13.0167 0484  ============================================================
22:06:13.0185 5604  Detected object count: 0
22:06:13.0185 5604  Actual detected object count: 0
         
Und die aswMBR-Log:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-13 21:44:31
-----------------------------
21:44:31.890    OS Version: Windows x64 6.1.7601 Service Pack 1
21:44:31.890    Number of processors: 4 586 0x2505
21:44:31.892    ComputerName: LUCAS-THINK  UserName: Lucas
21:44:33.631    Initialize success
21:48:24.913    AVAST engine defs: 13011301
21:48:58.133    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:48:58.138    Disk 0 Vendor: TOSHIBA_ GJ10 Size: 476940MB BusType: 3
21:48:58.181    Disk 0 MBR read successfully
21:48:58.187    Disk 0 MBR scan
21:48:58.212    Disk 0 Windows VISTA default MBR code
21:48:58.218    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1200 MB offset 2
21:48:58.249    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       465738 MB offset 2457650
21:48:58.285    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        10000 MB offset 956289100
21:48:58.330    Disk 0 scanning C:\Windows\system32\drivers
21:49:09.703    Service scanning
21:49:45.699    Modules scanning
21:49:45.719    Disk 0 trace - called modules:
21:49:45.754    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
21:49:46.094    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c58060]
21:49:46.105    3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa800498e040]
21:49:46.114    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa800498f050]
21:49:47.664    AVAST engine scan C:\Windows
21:49:49.908    AVAST engine scan C:\Windows\system32
21:52:46.240    AVAST engine scan C:\Windows\system32\drivers
21:53:00.687    AVAST engine scan C:\Users\Lucas
21:58:15.061    AVAST engine scan C:\ProgramData
21:59:40.366    Scan finished successfully
22:02:13.313    Disk 0 MBR has been saved successfully to "C:\Users\Lucas\Desktop\MBR.dat"
22:02:13.325    The log file has been saved successfully to "C:\Users\Lucas\Desktop\aswMBR.txt"
         

Alt 13.01.2013, 21:29   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Alt 14.01.2013, 17:14   #9
Lutzow
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Code:
ATTFilter
ComboFix 13-01-14.01 - Lucas 14.01.2013  17:21:18.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3893.2450 [GMT 1:00]
ausgeführt von:: c:\users\Lucas\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lucas\AppData\Roaming\Love
c:\users\Lucas\AppData\Roaming\Love\mari0\options.txt
Q:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-14 bis 2013-01-14  ))))))))))))))))))))))))))))))
.
.
2013-01-14 16:33 . 2013-01-14 16:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-12 13:46 . 2012-11-30 05:41	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-12-25 19:09 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-25 19:09 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-25 19:09 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-25 19:09 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 16:57 . 2012-11-14 05:59	85504	----a-w-	c:\windows\system32\jsproxy.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 16:02 . 2012-01-08 13:19	67599240	----a-w-	c:\windows\system32\MRT.exe
2012-12-11 13:50 . 2012-12-10 17:43	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 13:50 . 2012-12-10 17:43	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-11 09:08 . 2012-12-11 09:08	47496	----a-w-	c:\windows\system32\sbbd.exe
2012-12-11 09:08 . 2012-12-11 09:08	14456	----a-w-	c:\windows\system32\drivers\gfibto.sys
2012-12-10 19:05 . 2012-12-10 19:05	1700352	----a-w-	c:\windows\SysWow64\gdiplus.dll
2012-12-10 19:05 . 2012-12-10 19:05	1060864	----a-w-	c:\windows\SysWow64\mfc71.dll
2012-12-07 17:42 . 2012-12-07 17:42	8523344	----a-w-	c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-11-30 04:45 . 2013-01-12 13:46	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-16 19:17 . 2012-12-10 17:43	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-11-09 05:45 . 2012-12-14 18:40	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-14 18:40	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-11-08 17:24 . 2012-12-07 17:38	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6BA97CF4-A1FF-45E8-84E3-8153CC16E150}\mpengine.dll
2012-11-04 12:17 . 2012-11-04 12:17	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-04 12:17 . 2011-11-15 21:48	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-02 05:59 . 2012-12-14 18:39	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-14 18:39	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-10-30 22:50 . 2012-05-27 14:22	285328	----a-w-	c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-11-16 21:41	87448	----a-w-	c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-11-16 87448]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-02-09 4309184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]
.
c:\users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-7-6 1086240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;d:\aida64 extreme edition\kerneld.x64 [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [2011-11-15 112896]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2011-11-15 116224]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-24 75112]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-13 1255736]
R4 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-11 14456]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2011-01-13 23664]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-11-16 27800]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2008-05-12 15400]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-07 1236368]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-01-14 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-01-14 65896]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2012-01-04 329168]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-04-28 161664]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-22 347680]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-07-30 947816]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-15 21:22]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-15 21:22]
.
2013-01-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
2013-01-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 22:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-14 54632]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://search.chatzum.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - ExtSQL: 2012-12-07 18:46; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-07 18:46; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-08 20:07; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-08 20:09; {64161300-e22b-11db-8314-0800200c9a66}; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF - ExtSQL: 2012-12-08 20:09; firefox@ghostery.com; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\firefox@ghostery.com
FF - ExtSQL: 2012-12-11 10:08; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-12-11 10:08; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
SafeBoot-69155765.sys
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-RD - c:\program files (x86)\d-lusion\DT\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]
"ImagePath"="\??\d:\aida64 extreme edition\kerneld.x64"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-14  17:54:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-14 16:54
.
Vor Suchlauf: 11 Verzeichnis(se), 242.929.192.960 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 242.504.839.168 Bytes frei
.
- - End Of File - - 815686204D580C72DDCFCE7083B638C7
         

Alt 14.01.2013, 21:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Alt 15.01.2013, 16:17   #11
Lutzow
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Hallo!

Nachdem ich ComboFix ausgeführt habe ist keines der Symptome mehr aufgetreten, auch nicht das merkwürdige nicht sichtbare Feld, das sonst wirklich immer da war! Daher also schon mal vielen, vielen Dank.

Hier trotzdem noch die adwCleaner-File:

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 15/01/2013 um 17:11:36 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lucas - LUCAS-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lucas\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files (x86)\adawaretb
Ordner Gefunden : C:\Program Files (x86)\Crawler
Ordner Gefunden : C:\Program Files (x86)\wxDfast
Ordner Gefunden : C:\ProgramData\blekko toolbars
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\Lucas\AppData\LocalLow\adawaretb
Ordner Gefunden : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\adawaretb

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gefunden : HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Lucas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5517 octets] - [15/01/2013 17:11:36]

########## EOF - C:\AdwCleaner[R1].txt - [5577 octets] ##########
         

Alt 16.01.2013, 10:42   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.

Alt 16.01.2013, 16:57   #13
Lutzow
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 16/01/2013 um 17:39:01 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lucas - LUCAS-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lucas\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\Program Files (x86)\Crawler
Ordner Gelöscht : C:\Program Files (x86)\wxDfast
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Lucas\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\adawaretb

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\chatzum_nt_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\Software\SweetIM
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.chatzum.com/ --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\prefs.js

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Lucas\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5634 octets] - [15/01/2013 17:11:36]
AdwCleaner[R2].txt - [5694 octets] - [16/01/2013 17:38:12]
AdwCleaner[S1].txt - [5035 octets] - [16/01/2013 17:39:01]

########## EOF - C:\AdwCleaner[S1].txt - [5095 octets] ##########
         
Code:
ATTFilter
OTL logfile created on: 16.01.2013 17:43:05 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lucas\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 64,61% Memory free
7,60 Gb Paging File | 6,11 Gb Available in Paging File | 80,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,82 Gb Total Space | 225,32 Gb Free Space | 49,54% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 2,46 Gb Free Space | 25,24% Space Free | Partition Type: NTFS
 
Computer Name: LUCAS-THINK | User Name: Lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lucas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
PRC - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (WTGService) -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewsercd) -- C:\Windows\SysNative\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS ()
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV - (hwusbfake) -- C:\Windows\SysWOW64\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (ewsercd) -- C:\Windows\SysWOW64\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{7EC6FC5E-3439-4C07-ADF5-55A353BEF3F4}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\..\SearchScopes\{C4CDF737-FB25-4A13-A592-629EAFF0720C}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.12
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 10:08:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.11 10:08:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.05.27 09:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\Extensions
[2013.01.12 14:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions
[2012.12.11 10:08:04 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013.01.12 14:57:50 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\firefox@ghostery.com
[2012.12.11 10:08:06 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Lucas\AppData\Roaming\mozilla\Firefox\Profiles\f6j4nnvl.default-1354993378265\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013.01.12 14:57:47 | 000,281,667 | ---- | M] () (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\f6j4nnvl.default-1354993378265\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012.12.08 20:07:23 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Lucas\AppData\Roaming\mozilla\firefox\profiles\f6j4nnvl.default-1354993378265\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.07 18:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.07 18:46:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.12.07 18:46:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.12.07 18:46:19 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 22:44:11 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 14:43:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.28 22:44:11 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.28 22:44:11 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.28 22:44:11 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.28 22:44:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.01.14 17:33:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - Startup: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F27C7B4B-CA84-4486-B06A-5854B3AA7984}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.14 17:55:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.14 17:36:34 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.01.14 17:11:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.14 17:11:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.14 17:11:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.14 17:11:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.14 17:11:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.13 20:36:12 | 000,000,000 | ---D | C] -- C:\Users\Lucas\Desktop\mbar
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 17:48:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 17:48:26 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 17:46:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.01.16 17:41:31 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013.01.16 17:41:18 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.16 17:40:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 17:40:48 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 17:39:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.01.15 21:44:18 | 000,076,836 | ---- | M] () -- C:\Users\Lucas\Desktop\6335698_700b.jpg
[2013.01.15 21:17:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.14 17:33:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.13 22:02:13 | 000,000,512 | ---- | M] () -- C:\Users\Lucas\Desktop\MBR.dat
[2013.01.13 13:54:26 | 000,173,653 | ---- | M] () -- C:\Users\Lucas\Desktop\6320199_700b.jpg
[2013.01.12 21:10:45 | 000,042,317 | ---- | M] () -- C:\Users\Lucas\Desktop\6310516_700b.jpg
[2013.01.12 18:26:48 | 000,294,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.12 17:05:44 | 001,522,246 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.12 17:05:44 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.12 17:05:44 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.12 17:05:44 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.12 17:05:44 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.12 14:52:05 | 000,365,568 | ---- | M] () -- C:\Users\Lucas\Desktop\gmer-2.0.18444.exe
[2013.01.12 14:48:49 | 000,000,000 | ---- | M] () -- C:\Users\Lucas\defogger_reenable
 
========== Files Created - No Company Name ==========
 
[2013.01.15 21:44:18 | 000,076,836 | ---- | C] () -- C:\Users\Lucas\Desktop\6335698_700b.jpg
[2013.01.14 17:11:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.14 17:11:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.14 17:11:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.14 17:11:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.14 17:11:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.13 22:02:13 | 000,000,512 | ---- | C] () -- C:\Users\Lucas\Desktop\MBR.dat
[2013.01.13 13:54:25 | 000,173,653 | ---- | C] () -- C:\Users\Lucas\Desktop\6320199_700b.jpg
[2013.01.12 21:10:44 | 000,042,317 | ---- | C] () -- C:\Users\Lucas\Desktop\6310516_700b.jpg
[2013.01.12 14:52:04 | 000,365,568 | ---- | C] () -- C:\Users\Lucas\Desktop\gmer-2.0.18444.exe
[2013.01.12 14:48:49 | 000,000,000 | ---- | C] () -- C:\Users\Lucas\defogger_reenable
[2012.09.13 07:05:28 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.02.03 17:34:47 | 000,000,127 | ---- | C] () -- C:\Users\Lucas\wxDownloadFast.ini
[2011.11.19 19:37:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.19 19:37:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.11.19 19:37:11 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.11.19 19:37:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.15 16:02:43 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.22 10:15:10 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.07.19 11:13:10 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.07.19 11:13:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011.07.19 11:13:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011.07.19 11:13:09 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.07.19 11:13:09 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.27 13:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\.minecraft
[2012.12.11 16:27:27 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Ad-Aware Antivirus
[2012.04.11 20:10:01 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\AVG2012
[2012.02.24 01:13:23 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\calibre
[2011.12.27 16:55:41 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\DarkWave Studio
[2012.01.24 20:39:37 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Foxit Software
[2012.02.21 23:01:12 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Image-Line
[2012.09.28 20:37:46 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\IObit
[2011.11.15 11:09:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Leadertech
[2011.11.15 11:31:30 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Lenovo
[2012.01.26 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\OpenOffice.org
[2011.11.18 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Opera
[2012.10.31 19:49:53 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SoftGrid Client
[2012.05.26 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Spyware Terminator
[2012.02.22 00:09:35 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\SynthMaker
[2011.11.15 16:03:14 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TP
[2012.03.16 18:45:00 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\TrueCrypt
[2012.09.02 16:24:19 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\Verbindungsassistent
[2012.01.17 11:20:44 | 000,000,000 | ---D | M] -- C:\Users\Lucas\AppData\Roaming\www.rene-zeidler.de
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 17.01.2013, 10:29   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-83256801-2867045764-4026361694-1000\..\SearchScopes\{C4CDF737-FB25-4A13-A592-629EAFF0720C}: "URL" = http://search.chatzum.com/?q={searchTerms}
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
:Files
C:\Users\Lucas\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Alt 17.01.2013, 16:31   #15
Lutzow
 
Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Standard

Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's



Bevor OTL verkündete, das ein Neustart erforderlich ist, tauchte noch ein Fenster auf. Es sagte "Ein ernsthafter Fehler ist aufgetreten. De Computer wird in einer Minute neu gestartet. Speichern sie jetzt ihre Daten." Danach lief aber alles so wie es sollte.

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-83256801-2867045764-4026361694-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4CDF737-FB25-4A13-A592-629EAFF0720C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CDF737-FB25-4A13-A592-629EAFF0720C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
C:\Users\Lucas\Desktop\MBR.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Lucas\Desktop\cmd.bat deleted successfully.
C:\Users\Lucas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Lucas
->Temp folder emptied: 106863 bytes
->Temporary Internet Files folder emptied: 4536356 bytes
->Java cache emptied: 2764978 bytes
->FireFox cache emptied: 6285753 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1080 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29041 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 299609 bytes
RecycleBin emptied: 5694 bytes
 
Total Files Cleaned = 13,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 01172013_172056

Files\Folders moved on Reboot...
C:\Users\Lucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Antwort

Themen zu Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's
ad-aware, antivirus, autorun, avast, avira, bho, bingbar, browser, desktop, explorer, fehler, firefox, helper, home, lenovo, logfile, mozilla, plug-in, problem, pwmtr64v.dll, realtek, registry, rundll, scan, security, software, spyware, system, temp, trojaner-board



Ähnliche Themen: Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's


  1. Falsche Weiterleitung, falsche Werbung, Laptop langsam, fährt lange runter
    Log-Analyse und Auswertung - 17.07.2015 (94)
  2. Bei Browserstart Weiterleitung auf verdächtige Seite, langsame Ladezeiten
    Log-Analyse und Auswertung - 22.01.2015 (7)
  3. Firefox ungewollte umleitungen auf verdächtige Seiten
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (21)
  4. Google Suche - Klick auf homepage - Weiterleitung über mehrere Seiten auf eine falsche Seite
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (23)
  5. Google Ergebnisse, Weiterleitung auf falsche Seiten
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (23)
  6. rocketnews virus; weiterleitung über google suche auf fremde falsche seiten
    Plagegeister aller Art und deren Bekämpfung - 26.06.2012 (1)
  7. Weiterleitung auf falsche Seiten (Suchmaschinen)
    Log-Analyse und Auswertung - 04.06.2012 (24)
  8. Suchmaschine: Weiterleitung auf falsche/andere als gewünschte Seiten "rocketnews" (Fehlleitung)
    Log-Analyse und Auswertung - 26.04.2012 (17)
  9. Google Suche: Weiterleitung auf falsche Seiten
    Log-Analyse und Auswertung - 15.12.2011 (28)
  10. Weiterleitung von Google auf falsche Seiten (100ksearches.com)
    Log-Analyse und Auswertung - 11.07.2011 (15)
  11. Ständige falsche Weiterleitung über Google Suchergebnisse zu diversen Seiten.
    Plagegeister aller Art und deren Bekämpfung - 12.12.2010 (5)
  12. Google verlinkt auf falsche bzw. verdächtige Seiten
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (27)
  13. Links führen auf falsche Seiten/Seiten öffnen sich automat. / HJT-Logfileseite nicht mehr nutzbar
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (8)
  14. Google verlinkt auf falsche Seiten (auch p****seiten)T_T
    Plagegeister aller Art und deren Bekämpfung - 22.05.2009 (2)
  15. Blue-Screen nach Weiterleitung auf eine verdächtige Seite
    Log-Analyse und Auswertung - 09.02.2009 (0)
  16. Falsche Fehlerseiten, andauernd Pop Ups und Googel leitet auf falsche Seiten weiter!
    Plagegeister aller Art und deren Bekämpfung - 26.12.2008 (1)
  17. suche über google - weiterleitung auf falsche Seiten
    Log-Analyse und Auswertung - 16.10.2006 (3)

Zum Thema Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's - Hallo liebes Trojaner-Board, ich habe seit einiger Zeit ein Problem, das mich so sehr nervt, dass ich mich extra hier angemeldet habe. Es ist sogar mein erstes Malüberhaupt in einem - Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's...
Archiv
Du betrachtest: Weiterleitung auf falsche Seiten und sehr verdächtige Pop-Up's auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.