| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TrojanDownloader:Win32/Adload.DA-VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.01.2013, 11:58
| #1 |
 |  TrojanDownloader:Win32/Adload.DA-Virus Hallo, das Win7 Wartungscenter meldete den Virus "TrojanDownloader:Win32/Adload.DA-Virus". Wie empfohlen habe ich den "Microsoft Safety Scanner" ausgeführt. Dieser hat aber nichts gefunden. In der Meldung vom Wartungscenter stand, dass der Virus meinen PC 2 Mal beeinträchtigt hat. Das letzte Mal Ende Oktober. Ich habe die Meldung anscheinend ziehmlich lange übersehen. Wie soll ich jetzt vorgehen? Gestern hatte ich außerdem eine externe Festplatte angeschlossen. Kann es sein, dass sich der Virus jetzt auch darauf befindet? Auf meinen Laptop ist außerdem auch Ubuntu als Betriebssystem. Kann der Virus etwas ausrichten, wenn ich unter Ubuntu arbeite? Ich habe OML und GMER laufen lassen. Die log-Files hänge ich an. Vielen Dank schon mal für jede Hilfe! |
|
13.01.2013, 21:12
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TrojanDownloader:Win32/Adload.DA-Virus Hallo und
__________________ Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
__________________ |
|
13.01.2013, 21:32
| #3 |
| | TrojanDownloader:Win32/Adload.DA-Virus Hallo,
__________________ich habe das aus dem 2. Post von http://www.trojaner-board.de/69886-a...-beachten.html so herausgelesen. Das "Bitte nur machen wenn vom Helfer gefordert" habe ich so verstanden, dass man die Logs nur posten soll, wenn von einem Helfer gefordert, gemeint war wohl, dass man es nur dann als Anhang machen soll. Also hier nochmal die Logs: von otl.txt: Code:
ATTFilter OTL logfile created on: 13.01.2013 10:32:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julia\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 48,20% Memory free 3,74 Gb Paging File | 2,16 Gb Available in Paging File | 57,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 101,06 Gb Total Space | 16,40 Gb Free Space | 16,22% Space Free | Partition Type: NTFS Drive D: | 70,14 Gb Total Space | 47,55 Gb Free Space | 67,79% Space Free | Partition Type: NTFS Computer Name: JULIANETBOOK | User Name: Julia | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.13 10:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe PRC - [2013.01.04 23:29:06 | 028,539,232 | ---- | M] (Dropbox, Inc.) -- C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.12.20 21:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.12.20 18:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.12.20 18:44:26 | 001,476,104 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.12.07 11:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.11.06 08:18:24 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2010.09.17 17:52:56 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2010.09.17 17:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2010.09.17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2010.09.17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2010.07.30 16:07:48 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe PRC - [2010.07.27 17:05:00 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2010.07.27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2010.07.27 13:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe PRC - [2010.07.27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe PRC - [2010.04.07 06:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.04.07 04:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe PRC - [2010.03.27 18:39:06 | 000,362,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010.03.27 18:38:26 | 005,141,512 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010.03.15 12:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe PRC - [2009.11.24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2009.10.02 17:39:46 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe PRC - [2009.08.28 13:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2009.08.07 04:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.08.07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe PRC - [2008.01.22 10:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2008.01.22 10:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe ========== Modules (No Company Name) ========== MOD - [2013.01.12 17:38:46 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll MOD - [2013.01.12 17:35:04 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll MOD - [2013.01.12 11:13:36 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll MOD - [2013.01.12 11:13:06 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll MOD - [2013.01.12 11:12:43 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll MOD - [2013.01.12 11:12:25 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll MOD - [2013.01.12 11:12:24 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll MOD - [2013.01.12 11:12:20 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll MOD - [2013.01.12 11:12:08 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll MOD - [2013.01.12 11:11:57 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.03.27 18:39:06 | 000,362,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe MOD - [2010.03.27 18:38:26 | 005,141,512 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe MOD - [2010.03.27 16:30:50 | 000,279,904 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll MOD - [2010.03.27 15:14:56 | 000,028,512 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll MOD - [2010.03.27 15:13:36 | 000,019,808 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll MOD - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe ========== Services (SafeList) ========== SRV:64bit: - [2009.11.18 06:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:64bit: - [2009.10.09 11:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV - [2013.01.10 20:53:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.10 16:29:39 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.12.07 11:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.11.06 08:18:24 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2010.09.17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2010.09.17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2010.08.25 03:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2010.07.27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2010.07.27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010.07.19 18:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.07.19 17:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV - [2010.04.07 06:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.04.07 04:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010.03.27 18:39:22 | 001,055,288 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.15 12:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.10.02 17:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.08.28 13:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2009.08.07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.03.09 16:29:44 | 002,232,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.06 08:18:25 | 000,252,512 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2010.11.06 08:18:23 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258) DRV:64bit: - [2010.11.06 08:18:20 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2010.11.06 08:18:15 | 000,271,456 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2010.08.25 03:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:64bit: - [2010.07.14 04:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.06.23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.06.17 17:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.03 19:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.02.19 04:08:18 | 000,720,952 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009.12.15 00:03:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.11.23 12:06:32 | 000,205,952 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi) DRV:64bit: - [2009.11.18 06:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:64bit: - [2009.10.09 11:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:64bit: - [2009.10.09 11:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:64bit: - [2009.10.06 11:11:38 | 000,199,168 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenHC.sys -- (EST_Server) DRV:64bit: - [2009.10.02 00:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009.08.28 11:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.08.28 11:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.08.13 05:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.08.07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.07.20 07:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.07.09 21:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV:64bit: - [2009.07.02 03:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.07 07:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2008.05.12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV - [2010.09.08 22:15:34 | 000,024,560 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020000}_0) DRV - [2009.09.30 01:58:18 | 000,225,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {208575C7-3F3D-401D-BC12-FBC971B02F97} IE:64bit: - HKLM\..\SearchScopes\{208575C7-3F3D-401D-BC12-FBC971B02F97}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {D341DBFB-124B-47EC-BFA7-3D0857DFADF7} IE - HKLM\..\SearchScopes\{D341DBFB-124B-47EC-BFA7-3D0857DFADF7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox; IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {9A61A335-4B23-467C-8418-957A93BEB2A7} IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{9A61A335-4B23-467C-8418-957A93BEB2A7}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{E91806AC-2FC7-425C-B406-BFE8AE1E8187}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=acf12f82-9d5b-4f40-87df-f09d0980e871&apn_sauid=4BFFC168-5438-43FE-AEAA-784BAA7F039C IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.13.100015 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=acf12f82-9d5b-4f40-87df-f09d0980e871&apn_ptnrs=^AGS&apn_sauid=4BFFC168-5438-43FE-AEAA-784BAA7F039C&apn_dtid=^YYYYYY^YY^DE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.07 17:19:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.10 20:53:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 23:23:26 | 000,000,000 | ---D | M] [2010.11.05 20:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\Extensions [2013.01.12 19:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\Firefox\Profiles\kxny5dmm.default\extensions [2012.12.03 19:29:04 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Julia\AppData\Roaming\mozilla\Firefox\Profiles\kxny5dmm.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013.01.10 20:24:47 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Julia\AppData\Roaming\mozilla\Firefox\Profiles\kxny5dmm.default\extensions\toolbar@ask.com [2012.11.23 19:33:24 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\firefox\profiles\kxny5dmm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.07 00:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\firefox\profiles\kxny5dmm.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js [2013.01.12 22:48:19 | 000,002,413 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\mozilla\firefox\profiles\kxny5dmm.default\searchplugins\askcom.xml [2012.08.14 18:56:27 | 000,002,792 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\mozilla\firefox\profiles\kxny5dmm.default\searchplugins\Plusnetwork.xml [2013.01.10 20:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.10 20:53:06 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe () O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe () O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKCU..\Run: [USBServer] "C:\Program Files (x86)\Generic\USB Server\USBServer.exe" /h File not found O4 - Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C834BF3-4639-4841-B68A-3972780AD0E1}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{69035466-e907-11df-b236-70f39533c70d}\Shell - "" = AutoRun O33 - MountPoints2\{69035466-e907-11df-b236-70f39533c70d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.13 10:30:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe [2013.01.12 16:58:17 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.01.12 16:47:23 | 000,000,000 | ---D | C] -- C:\TEMP [2013.01.12 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2013.01.12 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log [2013.01.12 11:28:52 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\Samsung [2013.01.12 11:28:44 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Samsung [2013.01.12 11:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2013.01.12 11:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2013.01.12 11:19:43 | 000,000,000 | ---D | C] -- C:\Users\Julia\Documents\samsung [2013.01.12 11:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung [2013.01.12 11:17:33 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2013.01.12 11:16:59 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2013.01.12 11:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2013.01.12 11:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2013.01.12 10:14:11 | 000,000,000 | ---D | C] -- C:\Users\Julia\Documents\Outlook-Dateien [2013.01.12 09:58:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.12 09:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.01.12 09:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.01.12 09:53:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.01.12 09:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.01.12 09:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.01.12 09:46:53 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.01.10 20:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.10 20:21:24 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Avira [2013.01.10 20:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.10 20:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013.01.10 20:14:52 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.10 20:14:52 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.10 20:14:52 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.10 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.10 20:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.04 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.01.04 12:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.01.04 12:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.01.04 12:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.01.04 12:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.31 08:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW 2011 Home Edition [2012.12.31 08:44:00 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\Programs [2012.12.18 10:06:10 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [2012.12.18 10:06:10 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx [2012.12.18 10:06:06 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax [2012.12.18 10:06:06 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll [2012.12.18 10:06:06 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll [2012.12.18 10:06:06 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax [2012.12.18 10:06:06 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll [2012.12.18 10:06:06 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll [2012.12.18 10:06:06 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe [2012.12.18 10:06:06 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll [2012.12.18 10:06:06 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll [2012.12.18 10:06:06 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax [2012.12.18 10:06:06 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax [2012.12.18 10:06:06 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll [2012.12.18 10:06:06 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax [2012.12.18 10:06:06 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll [2012.12.18 10:06:06 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll [2012.12.18 10:06:06 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll [2012.12.18 10:06:06 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll [2012.12.18 10:06:06 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll [2012.12.18 10:06:06 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll [2012.12.18 10:06:06 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll [2012.12.18 10:06:06 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe ========== Files - Modified Within 30 Days ========== [2013.01.13 10:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe [2013.01.13 10:28:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.13 10:02:45 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 10:02:45 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.13 09:44:16 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.13 09:34:45 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.13 09:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.13 09:33:21 | 000,477,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.13 09:33:05 | 1504,337,920 | -HS- | M] () -- C:\hiberfil.sys [2013.01.12 17:03:47 | 000,001,065 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.12 17:03:31 | 000,001,033 | ---- | M] () -- C:\Users\Julia\Desktop\Dropbox.lnk [2013.01.12 14:21:00 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.12 14:21:00 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.12 14:21:00 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.12 14:21:00 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.12 14:20:59 | 001,507,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.12 14:12:45 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013.01.12 11:28:24 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.01.12 10:26:40 | 000,352,256 | ---- | M] () -- C:\Users\Julia\Documents\Database1.accdb [2013.01.12 10:11:19 | 001,527,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.12 10:10:56 | 000,001,351 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013.01.12 10:10:06 | 000,003,231 | ---- | M] () -- C:\Users\Julia\Desktop\Microsoft Outlook 2010.lnk [2013.01.12 10:09:31 | 000,003,095 | ---- | M] () -- C:\Users\Julia\Desktop\Microsoft PowerPoint 2010.lnk [2013.01.12 10:08:51 | 000,003,047 | ---- | M] () -- C:\Users\Julia\Desktop\Microsoft Excel 2010.lnk [2013.01.12 10:08:17 | 000,003,029 | ---- | M] () -- C:\Users\Julia\Desktop\Microsoft Word 2010.lnk [2013.01.10 20:15:57 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.10 20:13:24 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.01.07 17:19:55 | 000,001,625 | ---- | M] () -- C:\Users\Julia\Desktop\DivX Movies.lnk [2013.01.07 17:19:22 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2013.01.07 17:18:49 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2013.01.04 12:57:08 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.21 10:02:35 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2012.12.18 10:06:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll [2012.12.18 10:06:10 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll [2012.12.18 10:06:10 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx [2012.12.18 10:06:10 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 10:06:06 | 000,974,848 | ---- | M] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 10:06:06 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax [2012.12.18 10:06:06 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll [2012.12.18 10:06:06 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll [2012.12.18 10:06:06 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax [2012.12.18 10:06:06 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll [2012.12.18 10:06:06 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll [2012.12.18 10:06:06 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe [2012.12.18 10:06:06 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll [2012.12.18 10:06:06 | 000,143,360 | ---- | M] () -- C:\Windows\SysWow64\3DAudio.ax [2012.12.18 10:06:06 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll [2012.12.18 10:06:06 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax [2012.12.18 10:06:06 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax [2012.12.18 10:06:06 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll [2012.12.18 10:06:06 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax [2012.12.18 10:06:06 | 000,081,920 | ---- | M] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 10:06:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 10:06:06 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll [2012.12.18 10:06:06 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll [2012.12.18 10:06:06 | 000,057,344 | ---- | M] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.12.18 10:06:06 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll [2012.12.18 10:06:06 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll [2012.12.18 10:06:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll [2012.12.18 10:06:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll [2012.12.18 10:06:06 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll [2012.12.18 10:06:06 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe [2012.12.18 10:06:00 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll [2012.12.16 20:07:53 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk ========== Files Created - No Company Name ========== [2013.01.12 16:59:46 | 000,001,033 | ---- | C] () -- C:\Users\Julia\Desktop\Dropbox.lnk [2013.01.12 16:58:23 | 000,001,065 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.01.12 11:19:04 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk [2013.01.12 10:26:18 | 000,352,256 | ---- | C] () -- C:\Users\Julia\Documents\Database1.accdb [2013.01.12 10:10:56 | 000,001,351 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013.01.12 10:10:06 | 000,003,231 | ---- | C] () -- C:\Users\Julia\Desktop\Microsoft Outlook 2010.lnk [2013.01.12 10:09:31 | 000,003,095 | ---- | C] () -- C:\Users\Julia\Desktop\Microsoft PowerPoint 2010.lnk [2013.01.12 10:08:51 | 000,003,047 | ---- | C] () -- C:\Users\Julia\Desktop\Microsoft Excel 2010.lnk [2013.01.12 10:08:17 | 000,003,029 | ---- | C] () -- C:\Users\Julia\Desktop\Microsoft Word 2010.lnk [2013.01.10 20:15:57 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.01.07 17:18:49 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2013.01.04 12:57:08 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.12.18 10:06:06 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\3DAudio.ax [2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.03.06 20:20:49 | 000,000,155 | ---- | C] () -- C:\Users\Julia\.Xauthority [2011.08.12 22:31:47 | 000,135,128 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.05.11 15:43:26 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Acronis [2012.01.21 11:55:47 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Ape [2013.01.12 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\BrowserCompanion [2012.03.13 12:11:21 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\com.essexreddevelopment.mergepdfmac [2013.01.10 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Dev-Cpp [2013.01.13 10:44:10 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Dropbox [2012.04.03 08:43:32 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\elsterformular [2012.05.04 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\EPSON [2012.04.22 15:33:51 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Garmin [2010.11.05 11:46:18 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Lenovo [2010.11.05 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\OpenOffice.org [2013.01.12 11:28:44 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Samsung [2012.08.07 16:47:47 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\texstudio [2012.03.13 12:42:41 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Ulead Systems [2011.10.13 11:02:54 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Update ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.01.2013 10:32:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 48,20% Memory free
3,74 Gb Paging File | 2,16 Gb Available in Paging File | 57,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101,06 Gb Total Space | 16,40 Gb Free Space | 16,22% Space Free | Partition Type: NTFS
Drive D: | 70,14 Gb Total Space | 47,55 Gb Free Space | 67,79% Space Free | Partition Type: NTFS
Computer Name: JULIANETBOOK | User Name: Julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0059EB5B-17D7-45F6-92E6-931D00470493}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{06EA65CA-AD87-43A9-81CD-5669C1EB5FB0}" = lport=138 | protocol=17 | dir=in | app=system |
"{0A4ED58C-59F9-4944-9381-3EFD48354F6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C783E66-9B80-47E1-8A65-AD451DD9C3F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0FC030DC-8514-4BAF-95C8-17932591C9F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1A19877F-DC09-4290-9371-794EFB682B6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{26596FCB-BF12-4C30-91D9-618EB91CFCE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{287F8AE1-E315-4173-9351-0D77B9CBA9ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{296300B5-6437-4AA3-BD43-573BFA18ECA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E51EC02-08A8-4B54-A7E2-D1D23CB148F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F9E6713-DB78-4C6E-821E-1460A1B36D80}" = lport=137 | protocol=17 | dir=in | app=system |
"{3A2A4B01-6064-4A91-B8BF-372C1C9DAC4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{47B6207F-4459-4D23-A227-0B5CEE72EAC7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{50B84BE3-CA3D-4078-977A-06B3DC3E9B26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D96FB04-6C13-4C0A-9905-BCEC3A779193}" = rport=445 | protocol=6 | dir=out | app=system |
"{68443FD6-CF46-4146-AC87-726857BDAE70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6CF49FC7-6FDE-4704-B3CD-5BDC74C200A6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{813E0FAF-2973-4A0F-9168-E11EA80053EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{829487E7-862C-46D2-A5D8-84DB1B4E7CA1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90977249-2415-49C5-BC36-35753E1EA344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96C6933F-006A-4CED-8099-82562628D935}" = lport=139 | protocol=6 | dir=in | app=system |
"{A3E2A70A-92B7-4CB1-AE55-3A182C1DD196}" = rport=138 | protocol=17 | dir=out | app=system |
"{A8904379-602E-4C30-B1B8-09C9812C50F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB05A028-9596-49EE-AE3D-49131463F1EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCB92531-8084-4D7C-933A-1C63A1AC9EDB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C889B45D-FC4C-46AD-B75C-F99E4CF7CAB8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CFF5E921-E7BC-41E1-A84C-7709BEA87D06}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E03EAA55-F90B-4B60-813F-C0BE73D43EB1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC88A832-5B24-4214-BE83-CDB296076425}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0568A131-65E1-4470-AE71-2FA191D5F422}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0A444577-69A0-4BC5-B046-6D6B5296BA86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{161CB1BA-63B9-49F5-9DB4-2DB6B19AD0E4}" = protocol=17 | dir=in | app=c:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe |
"{1834E02E-D3AB-40B2-8BBB-FEE7205FC931}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{1E7E387E-41F6-4811-A6DF-C686D3126688}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1F6DECEE-7328-4388-BF0F-8DAEE64A49D6}" = protocol=6 | dir=out | app=system |
"{27C8EFEC-A6DF-4A49-8AF6-13F32B4E2490}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{34DCBA20-2217-4BE9-9654-E814AB2CD78B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{393F2352-F43E-4512-BCBE-A8B06FAC458F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39CB87D3-EFD4-4745-9F68-045031160DF3}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{3E3DCAA5-4597-4770-8891-49D15E4DF5A8}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3F6BD762-A8B8-41B4-904D-4FD7286823A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{57AAE9F1-FD6C-4CFF-80AC-0EE278427D96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F9A05E8-16BF-409C-91F0-D0EA6C1C89D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6359F10E-401A-4D47-8D34-F549140E4ADC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{643CCF63-EE3B-4D9F-9C51-F779BFDAE95E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6DB4A612-83F0-433E-ADE4-C3DC2D0222A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7445CF72-B359-437A-B7C8-A8D4D9350471}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{75BA789C-9666-416E-8D09-DC1B221C766A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7D8522A7-331F-4B86-AA3D-377C8336184C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{80BDADF2-2CBF-4678-B9EB-483516C6DC02}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{815CB7DA-FEEA-4A98-AD52-6572EAF80FE8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85B5AA00-EB4E-4B7A-931B-CDB16457278D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8644A506-6FE1-4DBE-B124-84BF60BCC241}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{88807097-F0F8-43F1-AC1B-AEA91800336D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{88F9790A-C90F-4EAF-A2CC-7CA8FA05D449}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{89A957AF-7150-498A-913B-2C377287C3B9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{8AC839B6-14EF-4B39-B608-8FF47F3A89D6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{94010015-7D7F-4E21-AE1D-BFE44BF87057}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{94806B7D-89AA-4674-B0FA-953168F53F3B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{98794718-C3F6-40C1-9F91-0C1720F27741}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A17CCD68-CA1D-4B18-A454-88F4C9DF6BFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A7D5D232-4DF8-4869-BE76-259852D7CD88}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C333364C-556F-4096-B278-93265B408BAB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{C4C38968-6697-403D-AE34-AEA4FC1B3C66}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{CC3B62E9-60C9-4F0C-9B51-9D5C4F859B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CCC922D8-1F98-4170-B963-55903486EE08}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{DBB4F0C1-9377-4020-9EBF-8399DA8DDF3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{E0A7C805-F010-437F-A867-8BB9BE2E3F4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E15A3DE4-335D-4226-8608-CE0F2ED4409E}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe |
"{E9F6F0C9-D321-4055-864F-5E10C50BF9AE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{F0110C09-1837-4C8D-98BB-73B33DB65C9F}" = protocol=6 | dir=in | app=c:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe |
"{F7E737E7-F8EB-4963-9122-B11F89EBC5CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB968BF0-75CB-4CFB-A90C-2FE7CB15580F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{22E9BF2D-19FD-4528-85DF-2F4208251D92}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe |
"TCP Query User{53D32F4C-E2D1-4BD4-8928-FBB674E1D244}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe |
"TCP Query User{5E3F4F1B-0DA7-41F3-9C5D-0BE8C0CB85C9}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe |
"TCP Query User{9C255F73-730C-4BCF-AB78-DA6B5C1A4574}C:\program files (x86)\generic\usb server\usbserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\generic\usb server\usbserver.exe |
"TCP Query User{C9AE5846-157E-4B04-9F6D-1F86C160FCE8}C:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{CC490E3C-AF97-4766-B696-84C044B5A7D3}C:\program files (x86)\generic\usb server\usbserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\generic\usb server\usbserver.exe |
"TCP Query User{CF65485A-A92D-4B2E-BD0A-C3DFF41A9D44}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe |
"UDP Query User{21D7F6C4-D87B-4A5D-91EA-CADC356F0314}C:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4216E82B-A440-42B7-94F3-64A70EFFF369}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe |
"UDP Query User{53C0D2C1-F162-43E7-BBA4-6B2F9D2B74D1}C:\program files (x86)\generic\usb server\usbserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\generic\usb server\usbserver.exe |
"UDP Query User{8A85F106-B7B8-4460-875F-3BA3A08FA89B}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe |
"UDP Query User{B21B4885-A0AE-4418-ACA9-A0EBC78F26E6}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe |
"UDP Query User{E735F119-51A8-4669-AC44-B4B7772ADFEB}C:\program files (x86)\generic\usb server\usbserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\generic\usb server\usbserver.exe |
"UDP Query User{EF4827C8-ECDF-4588-B975-C2E328C1D471}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi-Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows-Treiberpaket - Intel hdc (06/04/2009 7.0.0.1013)
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"CNXT_AUDIO_HDA" = Conexant CX20582 SmartAudio HD
"CutePDF Writer Installation" = CutePDF Writer 2.8
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"EPSON SX235 Series" = Druckerdeinstallation für EPSON SX235 Series
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Integrated Camera" = Integrated Camera
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4330AAE7-1893-42F9-BC38-539A1A60530B}" = Mobile Broadband
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6115A28-F277-4E82-B067-84D28BF21031}" = Nero 7 Premium
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Integrated Camera
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"EasyBCD" = EasyBCD 2.0
"ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular-Update
"EPSON Scanner" = EPSON Scan
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Lenovo Welcome_is1" = Lenovo Welcome
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Pontifex Demo" = Pontifex Demo
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wubi" = Ubuntu
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.08.2012 11:02:30 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.08.2012 11:02:30 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5168890
Error - 01.08.2012 11:02:30 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5168890
Error - 01.08.2012 11:02:31 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.08.2012 11:02:31 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5169904
Error - 01.08.2012 11:02:31 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5169904
Error - 01.08.2012 11:02:32 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 01.08.2012 11:02:32 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5170902
Error - 01.08.2012 11:02:32 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5170902
Error - 01.08.2012 11:02:33 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ System Events ]
Error - 12.01.2013 09:37:00 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12.01.2013 09:47:18 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12.01.2013 10:23:28 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error - 12.01.2013 11:40:09 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 12.01.2013 12:09:56 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error - 12.01.2013 19:21:49 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
Error - 13.01.2013 04:35:08 | Computer Name = Julianetbook | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
Error - 13.01.2013 04:35:08 | Computer Name = Julianetbook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 13.01.2013 04:35:32 | Computer Name = Julianetbook | Source = DCOM | ID = 10016
Description =
Error - 13.01.2013 04:35:47 | Computer Name = Julianetbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
13.01.2013, 21:34
| #4 |
| | TrojanDownloader:Win32/Adload.DA-Virus und von gmer.log Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-13 11:46:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0020 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Julia\AppData\Local\Temp\kxloipow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000077b51401 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000077b51419 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000077b51431 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000077b5144a 2 bytes [B5, 77]
.text ... * 9
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000077b514dd 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000077b514f5 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000077b5150d 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000077b51525 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000077b5153d 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000077b51555 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000077b5156d 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000077b51585 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000077b5159d 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000077b515b5 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000077b515cd 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000077b516b2 2 bytes [B5, 77]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000077b516bd 2 bytes [B5, 77]
---- Threads - GMER 2.0 ----
Thread C:\Windows\System32\spoolsv.exe [1548:1416] 000007fef9a510c8
Thread C:\Windows\System32\spoolsv.exe [1548:1944] 000007fef9836144
Thread C:\Windows\System32\spoolsv.exe [1548:2004] 000007fef93c5fd0
Thread C:\Windows\System32\spoolsv.exe [1548:1940] 000007fef9813438
Thread C:\Windows\System32\spoolsv.exe [1548:1304] 000007fef93c63ec
Thread C:\Windows\System32\spoolsv.exe [1548:1652] 000007fef9813438
Thread C:\Windows\System32\spoolsv.exe [1548:1920] 000007fef93c63ec
Thread C:\Windows\System32\spoolsv.exe [1548:2156] 000007fef9a35e5c
Thread C:\Windows\System32\spoolsv.exe [1548:2176] 000007fef9df5074
Thread C:\Windows\System32\spoolsv.exe [1548:2256] 00000000002de0bc
Thread C:\Windows\System32\spoolsv.exe [1548:2264] 000007fef9657b4c
Thread C:\Windows\System32\spoolsv.exe [1548:2268] 000007fef9657b4c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1616:1880] 0000000073c832fb
Thread C:\Windows\system32\taskhost.exe [1992:1660] 000007fef97e2740
Thread C:\Windows\system32\taskhost.exe [1992:1656] 000007fef9791f38
Thread C:\Windows\system32\taskhost.exe [1992:2184] 000007fefbb01010
Thread C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2160:2384] 0000000072f329e1
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320:3916] 0000000073ade2db
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320:3116] 000000006e8b4e00
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320:5276] 000000006e8b8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320:15500] 000000006e8b8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320:11228] 000000006e8b8de0
Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2356:2496] 000000007293184f
Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2356:2500] 000000007293184f
Thread C:\Windows\system32\svchost.exe [2620:4904] 000007fef8318470
Thread C:\Windows\system32\svchost.exe [2620:4968] 000007fef8322418
Thread C:\Windows\system32\svchost.exe [2620:5908] 000007fef540f130
Thread C:\Windows\system32\svchost.exe [2620:5208] 000007fef5404734
Thread C:\Windows\system32\svchost.exe [2620:6024] 000007fef2735f1c
Thread C:\Windows\system32\svchost.exe [2620:4168] 000007fef5404734
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3424:1960] 0000000071478d07
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3424:1560] 0000000071478fdc
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3424:1712] 00000000714788f0
Thread C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [3480:3568] 00000000738827e1
Thread C:\Program Files\Intel\WiFi\bin\EvtEng.exe [3992:4312] 000007fefa3b2f9c
Thread C:\Program Files\Intel\WiFi\bin\EvtEng.exe [3992:4624] 000007fefa3b2f9c
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [12308:12332] 000007fef0b8cc10
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [12308:12336] 000007fef0a4b564
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [12308:12732] 000007fef0a4b564
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Windows\system32\WLANExt.exe [1480] 000007fefd300000
Library ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1548] 000007fefaea0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1616] 0000000073c30000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe [1900] 0000000073ca0000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1992] 000007fefe320000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2160] 0000000075b70000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320] 0000000073bd0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2484] 0000000077390000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2620] 000007fefbf50000
Library ? (*** suspicious ***) @ C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [2816] 000007fefc1e0000
Library ? (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2980] 000007fefc2e0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2116] 00000000737c0000
Library ? (*** suspicious ***) @ C:\Windows\system32\rundll32.exe [3164] 000007fefd890000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3424] 0000000072d30000
Library ? (*** suspicious ***) @ C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [3444] 0000000076020000
Library ? (*** suspicious ***) @ C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [3480] 00000000760b0000
Library ? (*** suspicious ***) @ C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe [3572] 0000000077390000
Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [3688] 000007fefd7e0000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3836] 000007fefdcc0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [3896] 0000000073c10000
Library ? (*** suspicious ***) @ C:\Program Files\Intel\WiFi\bin\EvtEng.exe [3992] 000007feff950000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2036] 0000000077390000
Library ? (*** suspicious ***) @ C:\Windows\system32\wbem\unsecapp.exe [4392] 000007fef80b0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [4832] 00000000757f0000
Library ? (*** suspicious ***) @ C:\Program Files\iPod\bin\iPodService.exe [2700] 000007fef5aa0000
Library ? (*** suspicious ***) @ C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe [5708] 0000000003300000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6120] 000007fefd350000
Library ? (*** suspicious ***) @ c:\Program Files (x86)\Lenovo\System Update\SUService.exe [4948] 0000000072f30000
Library ? (*** suspicious ***) @ C:\Windows\system32\wuauclt.exe [10004] 000007fefba40000
Library ? (*** suspicious ***) @ C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [12308] 000007fef4c00000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39533c70d
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39533c70d@7ced8d07ac9c 0x54 0x97 0x1B 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39533c70d@0021abd644da 0xFE 0x12 0xF6 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39533c70d@ccfe3c1975b3 0x78 0x3D 0xAE 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39533c70d (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39533c70d@7ced8d07ac9c 0x54 0x97 0x1B 0xEC ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39533c70d@0021abd644da 0xFE 0x12 0xF6 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39533c70d@ccfe3c1975b3 0x78 0x3D 0xAE 0x36 ...
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
|
|
13.01.2013, 21:36
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanDownloader:Win32/Adload.DA-Virus Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.01.2013, 21:56
| #6 |
| | TrojanDownloader:Win32/Adload.DA-Virus Ich habe Avira und Microsoft Safety Scanner laufen lassen. Beide haben keine Funde gemeldet. Log-Files habe ich sonst leider keine. Unter "C:\Program Files (x86)\Avira\AntiVir Desktop" habe ich keine log-Files gefunden. Oder suche ich an der falschen Stelle? |
|
13.01.2013, 22:04
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanDownloader:Win32/Adload.DA-VirusZitat:
Zwei solcher Virenscanner beeinträchtigen das System! Hast du einen neuen Scan gemacht was da eigentlich nicht tun solltest?! Die Frage war, ob es in der Vergangenheit Funde gab!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.01.2013, 22:15
| #8 |
| | TrojanDownloader:Win32/Adload.DA-Virus Auf der Seite von Microsoft steht, dass der "Microsoft Safety Scanner" mit der bestehenden Antivirensoftware kompatibel ist. Deswegen habe ich Avira bei dem Scan nicht abgeschaltet. Beim Avira-Scan war der Microsoft Safety Scanner aber nicht aktiv. Ich meine nicht die "Microsoft Security Essentials". Die Windows Wartungscenter hat die Empfehlung gegeben in diesem Fall den Microsoft Safety Scanner zu verwenden, deshalb habe ich den verwendet. Ich habe keine neuen Scans gemacht. Die beiden Scans habe ich gemacht, als ich die Warnung erhalten habe. Jetzt habe ich nur danach gesucht, ob noch alte Log-Files vorhanden sind. Wusste nicht, ob die automatisch irgendwo abgelegt werden oder nicht. Geändert von Juliia (13.01.2013 um 22:21 Uhr) |
|
13.01.2013, 22:31
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanDownloader:Win32/Adload.DA-Virus Ok, also nicht mse, pardon, dann hab ich mich verlesen  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.01.2013, 22:44
| #10 |
| | TrojanDownloader:Win32/Adload.DA-Virus Noch eine kleine Frage dazu. Muss ich während des Scans Avira jetzt deaktivieren oder kann ich es laufen lassen? |
|
13.01.2013, 23:02
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanDownloader:Win32/Adload.DA-Virus Ja, Avira bitte deaktivieren
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 00:29
| #12 |
| | TrojanDownloader:Win32/Adload.DA-Virus Habs jetzt 2 mal laufen lassen. Beim ersten Mal gabs immerhin 5 Funde. Hier die Logs: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.13.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Julia :: JULIANETBOOK [administrator]
13.01.2013 23:50:43
mbar-log-2013-01-13 (23-50-43).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31930
Time elapsed: 25 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Users\Julia\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.13.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Julia :: JULIANETBOOK [administrator]
14.01.2013 00:24:16
mbar-log-2013-01-14 (00-24-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31932
Time elapsed: 24 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
14.01.2013, 08:43
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanDownloader:Win32/Adload.DA-Virus 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 20:09
| #14 |
| | TrojanDownloader:Win32/Adload.DA-Virus So, hab die beiden Programme jetzt laufen lassen. aswMBR ist abgestürzt, so dass ich es mit (none) ausgeführt habe. Hier das Log: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 19:57:45
-----------------------------
19:57:45.879 OS Version: Windows x64 6.1.7601 Service Pack 1
19:57:45.879 Number of processors: 2 586 0x170A
19:57:45.879 ComputerName: JULIANETBOOK UserName: Julia
19:57:46.861 Initialize success
19:57:58.390 AVAST engine defs: 13011401
19:58:31.119 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:58:31.134 Disk 0 Vendor: ST925031 0020 Size: 238475MB BusType: 3
19:58:31.150 Disk 0 MBR read successfully
19:58:31.150 Disk 0 MBR scan
19:58:31.165 Disk 0 unknown MBR code
19:58:31.181 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
19:58:31.197 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 103488 MB offset 2459712
19:58:31.212 Disk 0 Partition - 00 05 Extended 133785 MB offset 214403551
19:58:31.259 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71818 MB offset 214403553
19:58:31.275 Disk 0 Partition - 00 05 Extended 59394 MB offset 361488038
19:58:31.337 Disk 0 scanning C:\Windows\system32\drivers
19:58:53.645 Service scanning
19:59:30.946 Modules scanning
19:59:31.476 Disk 0 trace - called modules:
19:59:31.539 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
19:59:31.554 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80022bf060]
19:59:31.554 3 CLASSPNP.SYS[fffff8800163b43f] -> nt!IofCallDriver -> [0xfffffa80020cc890]
19:59:31.570 5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80020eb050]
19:59:31.585 Scan finished successfully
19:59:49.541 Disk 0 MBR has been saved successfully to "C:\Users\Julia\Desktop\MBR.dat"
19:59:49.557 The log file has been saved successfully to "C:\Users\Julia\Desktop\aswMBR.txt"
Code:
ATTFilter 20:01:23.0047 6276 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:01:23.0125 6276 ============================================================
20:01:23.0125 6276 Current date / time: 2013/01/14 20:01:23.0125
20:01:23.0125 6276 SystemInfo:
20:01:23.0125 6276
20:01:23.0125 6276 OS Version: 6.1.7601 ServicePack: 1.0
20:01:23.0125 6276 Product type: Workstation
20:01:23.0125 6276 ComputerName: JULIANETBOOK
20:01:23.0125 6276 UserName: Julia
20:01:23.0125 6276 Windows directory: C:\Windows
20:01:23.0141 6276 System windows directory: C:\Windows
20:01:23.0141 6276 Running under WOW64
20:01:23.0141 6276 Processor architecture: Intel x64
20:01:23.0141 6276 Number of processors: 2
20:01:23.0141 6276 Page size: 0x1000
20:01:23.0141 6276 Boot type: Normal boot
20:01:23.0141 6276 ============================================================
20:01:23.0999 6276 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:01:24.0014 6276 ============================================================
20:01:24.0014 6276 \Device\Harddisk0\DR0:
20:01:24.0014 6276 MBR partitions:
20:01:24.0014 6276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
20:01:24.0014 6276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258840, BlocksNum 0xCA20162
20:01:24.0046 6276 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xCC789E1, BlocksNum 0x8C454C5
20:01:24.0077 6276 ============================================================
20:01:24.0108 6276 C: <-> \Device\Harddisk0\DR0\Partition2
20:01:24.0124 6276 D: <-> \Device\Harddisk0\DR0\Partition3
20:01:24.0139 6276 ============================================================
20:01:24.0139 6276 Initialize success
20:01:24.0139 6276 ============================================================
20:02:00.0799 2232 ============================================================
20:02:00.0799 2232 Scan started
20:02:00.0799 2232 Mode: Manual; SigCheck; TDLFS;
20:02:00.0799 2232 ============================================================
20:02:01.0080 2232 ================ Scan system memory ========================
20:02:01.0080 2232 System memory - ok
20:02:01.0080 2232 ================ Scan services =============================
20:02:01.0330 2232 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:02:01.0532 2232 1394ohci - ok
20:02:01.0595 2232 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:02:01.0642 2232 ACPI - ok
20:02:01.0844 2232 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:02:02.0000 2232 AcpiPmi - ok
20:02:02.0094 2232 [ 40C186D35C0E307240D6BCA399332B24 ] AcPrfMgrSvc C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
20:02:02.0125 2232 AcPrfMgrSvc - ok
20:02:02.0250 2232 [ 7E0275A22A0CE8C448767ADB9A287F25 ] AcronisOSSReinstallSvc C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
20:02:02.0375 2232 AcronisOSSReinstallSvc ( UnsignedFile.Multi.Generic ) - warning
20:02:02.0375 2232 AcronisOSSReinstallSvc - detected UnsignedFile.Multi.Generic (1)
20:02:02.0500 2232 [ B8659553B6AB4BF34A3CC113A144DEE3 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
20:02:02.0562 2232 AcrSch2Svc - ok
20:02:02.0609 2232 [ 51E12E36BDEB10C0D9DBDB1FA4914800 ] AcSvc C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
20:02:02.0640 2232 AcSvc - ok
20:02:07.0928 2232 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:02:07.0960 2232 AdobeFlashPlayerUpdateSvc - ok
20:02:08.0038 2232 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:02:08.0100 2232 adp94xx - ok
20:02:08.0131 2232 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:02:08.0162 2232 adpahci - ok
20:02:08.0194 2232 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:02:08.0240 2232 adpu320 - ok
20:02:08.0256 2232 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:02:08.0459 2232 AeLookupSvc - ok
20:02:08.0521 2232 [ D9A76E6E541E2E61C78140B65DB63E6A ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
20:02:08.0615 2232 afcdp - ok
20:02:08.0708 2232 [ 8B333E7FF3147A63B15975B512364466 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
20:02:08.0880 2232 afcdpsrv - ok
20:02:08.0942 2232 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:02:09.0067 2232 AFD - ok
20:02:09.0114 2232 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:02:09.0161 2232 agp440 - ok
20:02:09.0192 2232 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:02:09.0286 2232 ALG - ok
20:02:09.0317 2232 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:02:09.0332 2232 aliide - ok
20:02:09.0364 2232 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:02:09.0379 2232 amdide - ok
20:02:09.0426 2232 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:02:09.0488 2232 AmdK8 - ok
20:02:09.0520 2232 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:02:09.0551 2232 AmdPPM - ok
20:02:09.0629 2232 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:02:09.0676 2232 amdsata - ok
20:02:09.0707 2232 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:02:09.0738 2232 amdsbs - ok
20:02:09.0769 2232 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:02:09.0800 2232 amdxata - ok
20:02:09.0925 2232 [ D89562A6AE8E07A457452E5B5560EB43 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:02:09.0956 2232 AntiVirSchedulerService - ok
20:02:09.0988 2232 [ E953EB70B3C4F0BA108C35D45420B86B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:02:10.0019 2232 AntiVirService - ok
20:02:10.0081 2232 [ D7D4884904F224ED2902CA2DDEBE577E ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:02:10.0128 2232 AntiVirWebService - ok
20:02:10.0190 2232 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:02:10.0424 2232 AppID - ok
20:02:10.0471 2232 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:02:10.0580 2232 AppIDSvc - ok
20:02:10.0627 2232 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:02:10.0736 2232 Appinfo - ok
20:02:10.0783 2232 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:02:10.0799 2232 Apple Mobile Device - ok
20:02:10.0846 2232 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:02:10.0861 2232 arc - ok
20:02:10.0908 2232 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:02:10.0939 2232 arcsas - ok
20:02:10.0970 2232 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:02:11.0064 2232 AsyncMac - ok
20:02:11.0111 2232 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:02:11.0126 2232 atapi - ok
20:02:11.0204 2232 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:02:11.0329 2232 AudioEndpointBuilder - ok
20:02:11.0360 2232 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:02:11.0438 2232 AudioSrv - ok
20:02:11.0501 2232 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:02:11.0548 2232 avgntflt - ok
20:02:11.0594 2232 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:02:11.0641 2232 avipbb - ok
20:02:11.0672 2232 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:02:11.0704 2232 avkmgr - ok
20:02:11.0797 2232 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:02:11.0906 2232 AxInstSV - ok
20:02:11.0969 2232 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:02:12.0047 2232 b06bdrv - ok
20:02:12.0078 2232 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:02:12.0140 2232 b57nd60a - ok
20:02:12.0250 2232 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:02:12.0296 2232 BBSvc - ok
20:02:12.0359 2232 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:02:12.0406 2232 BBUpdate - ok
20:02:12.0437 2232 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:02:12.0515 2232 BDESVC - ok
20:02:12.0546 2232 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:02:12.0640 2232 Beep - ok
20:02:12.0718 2232 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:02:12.0858 2232 BFE - ok
20:02:12.0936 2232 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:02:13.0092 2232 BITS - ok
20:02:13.0139 2232 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:02:13.0186 2232 blbdrive - ok
20:02:13.0264 2232 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:02:13.0326 2232 Bonjour Service - ok
20:02:13.0357 2232 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:02:13.0466 2232 bowser - ok
20:02:13.0513 2232 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:02:13.0622 2232 BrFiltLo - ok
20:02:13.0638 2232 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:02:13.0654 2232 BrFiltUp - ok
20:02:13.0716 2232 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:02:13.0794 2232 Browser - ok
20:02:13.0841 2232 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:02:13.0903 2232 Brserid - ok
20:02:13.0934 2232 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:02:13.0997 2232 BrSerWdm - ok
20:02:14.0012 2232 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:02:14.0106 2232 BrUsbMdm - ok
20:02:14.0122 2232 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:02:14.0168 2232 BrUsbSer - ok
20:02:14.0246 2232 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:02:14.0402 2232 BthEnum - ok
20:02:14.0434 2232 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:02:14.0496 2232 BTHMODEM - ok
20:02:14.0527 2232 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:02:14.0558 2232 BthPan - ok
20:02:14.0636 2232 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:02:14.0746 2232 BTHPORT - ok
20:02:14.0792 2232 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:02:14.0886 2232 bthserv - ok
20:02:14.0917 2232 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:02:14.0948 2232 BTHUSB - ok
20:02:14.0995 2232 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
20:02:15.0011 2232 btusbflt - ok
20:02:15.0058 2232 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
20:02:15.0089 2232 btwaudio - ok
20:02:15.0136 2232 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
20:02:15.0168 2232 btwavdt - ok
20:02:15.0277 2232 [ DCF8D8F1F87743509D9C0207CB28637D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
20:02:15.0355 2232 btwdins - ok
20:02:15.0371 2232 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
20:02:15.0386 2232 btwl2cap - ok
20:02:15.0402 2232 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
20:02:15.0417 2232 btwrchid - ok
20:02:15.0449 2232 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:02:15.0558 2232 cdfs - ok
20:02:15.0620 2232 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:02:15.0667 2232 cdrom - ok
20:02:15.0729 2232 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:02:15.0823 2232 CertPropSvc - ok
20:02:15.0870 2232 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:02:15.0917 2232 circlass - ok
20:02:15.0963 2232 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:02:15.0995 2232 CLFS - ok
20:02:16.0073 2232 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:02:16.0119 2232 clr_optimization_v2.0.50727_32 - ok
20:02:16.0166 2232 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:02:16.0197 2232 clr_optimization_v2.0.50727_64 - ok
20:02:16.0291 2232 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:02:16.0369 2232 clr_optimization_v4.0.30319_32 - ok
20:02:16.0400 2232 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:02:16.0431 2232 clr_optimization_v4.0.30319_64 - ok
20:02:16.0478 2232 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:02:16.0525 2232 CmBatt - ok
20:02:16.0541 2232 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:02:16.0572 2232 cmdide - ok
20:02:16.0634 2232 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:02:16.0790 2232 CNG - ok
20:02:16.0868 2232 [ 572ADA4AF43CADD41B16399411C3F09C ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
20:02:16.0946 2232 CnxtHdAudService - ok
20:02:16.0977 2232 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:02:17.0024 2232 Compbatt - ok
20:02:17.0071 2232 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:02:17.0133 2232 CompositeBus - ok
20:02:17.0165 2232 COMSysApp - ok
20:02:17.0196 2232 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:02:17.0227 2232 crcdisk - ok
20:02:17.0305 2232 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:02:17.0414 2232 CryptSvc - ok
20:02:17.0492 2232 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:02:17.0617 2232 DcomLaunch - ok
20:02:17.0648 2232 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:02:17.0773 2232 defragsvc - ok
20:02:17.0804 2232 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:02:17.0898 2232 DfsC - ok
20:02:17.0991 2232 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:02:18.0101 2232 Dhcp - ok
20:02:18.0132 2232 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:02:18.0225 2232 discache - ok
20:02:18.0257 2232 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:02:18.0272 2232 Disk - ok
20:02:18.0303 2232 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:02:18.0381 2232 Dnscache - ok
20:02:18.0444 2232 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:02:18.0569 2232 dot3svc - ok
20:02:18.0615 2232 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:02:18.0709 2232 DPS - ok
20:02:18.0725 2232 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:02:18.0771 2232 drmkaud - ok
20:02:18.0865 2232 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:02:18.0959 2232 DXGKrnl - ok
20:02:18.0990 2232 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:02:19.0068 2232 EapHost - ok
20:02:19.0193 2232 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:02:19.0364 2232 ebdrv - ok
20:02:19.0411 2232 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:02:19.0520 2232 EFS - ok
20:02:19.0614 2232 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:02:19.0739 2232 ehRecvr - ok
20:02:19.0785 2232 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:02:19.0832 2232 ehSched - ok
20:02:19.0895 2232 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:02:19.0941 2232 elxstor - ok
20:02:19.0988 2232 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:02:20.0082 2232 ErrDev - ok
20:02:20.0097 2232 EST_BusEnum - ok
20:02:20.0144 2232 [ B63CB796F3FC7DF6DB5C0DD7E4A6F16D ] EST_Server C:\Windows\system32\DRIVERS\GenHC.sys
20:02:20.0175 2232 EST_Server ( UnsignedFile.Multi.Generic ) - warning
20:02:20.0175 2232 EST_Server - detected UnsignedFile.Multi.Generic (1)
20:02:20.0222 2232 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:02:20.0347 2232 EventSystem - ok
20:02:20.0487 2232 [ BDFCB7E8C108D042B213957D2B044E7E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:02:20.0597 2232 EvtEng - ok
20:02:20.0628 2232 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:02:20.0721 2232 exfat - ok
20:02:20.0753 2232 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:02:20.0831 2232 fastfat - ok
20:02:20.0909 2232 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:02:21.0049 2232 Fax - ok
20:02:21.0065 2232 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:02:21.0111 2232 fdc - ok
20:02:21.0143 2232 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:02:21.0236 2232 fdPHost - ok
20:02:21.0236 2232 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:02:21.0314 2232 FDResPub - ok
20:02:21.0361 2232 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:02:21.0377 2232 FileInfo - ok
20:02:21.0392 2232 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:02:21.0486 2232 Filetrace - ok
20:02:21.0501 2232 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:02:21.0533 2232 flpydisk - ok
20:02:21.0579 2232 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:02:21.0626 2232 FltMgr - ok
20:02:21.0689 2232 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:02:21.0829 2232 FontCache - ok
20:02:21.0891 2232 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:02:21.0923 2232 FontCache3.0.0.0 - ok
20:02:21.0954 2232 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:02:22.0001 2232 FsDepends - ok
20:02:22.0047 2232 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:02:22.0079 2232 Fs_Rec - ok
20:02:22.0157 2232 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:02:22.0203 2232 fvevol - ok
20:02:22.0219 2232 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:02:22.0250 2232 gagp30kx - ok
20:02:22.0313 2232 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:02:22.0344 2232 GEARAspiWDM - ok
20:02:22.0406 2232 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:02:22.0547 2232 gpsvc - ok
20:02:22.0656 2232 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:02:22.0687 2232 gupdate - ok
20:02:22.0718 2232 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:02:22.0734 2232 gupdatem - ok
20:02:22.0765 2232 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:02:22.0827 2232 hcw85cir - ok
20:02:22.0874 2232 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:02:22.0937 2232 HdAudAddService - ok
20:02:22.0968 2232 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:02:23.0030 2232 HDAudBus - ok
20:02:23.0046 2232 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:02:23.0093 2232 HidBatt - ok
20:02:23.0108 2232 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:02:23.0139 2232 HidBth - ok
20:02:23.0171 2232 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:02:23.0217 2232 HidIr - ok
20:02:23.0264 2232 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:02:23.0358 2232 hidserv - ok
20:02:23.0436 2232 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:02:23.0467 2232 HidUsb - ok
20:02:23.0514 2232 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:02:23.0623 2232 hkmsvc - ok
20:02:23.0654 2232 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:02:23.0748 2232 HomeGroupListener - ok
20:02:23.0810 2232 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:02:23.0857 2232 HomeGroupProvider - ok
20:02:23.0919 2232 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:02:23.0951 2232 HpSAMD - ok
20:02:24.0044 2232 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:02:24.0153 2232 HTTP - ok
20:02:24.0200 2232 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:02:24.0231 2232 hwpolicy - ok
20:02:24.0278 2232 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:02:24.0325 2232 i8042prt - ok
20:02:24.0387 2232 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:02:24.0434 2232 IAANTMON - ok
20:02:24.0481 2232 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:02:24.0528 2232 iaStor - ok
20:02:24.0575 2232 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:02:24.0621 2232 iaStorV - ok
20:02:24.0668 2232 [ 3761FAB385F1C2F51B2FAD48CFABBE9D ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:02:24.0684 2232 IBMPMDRV - ok
20:02:24.0699 2232 [ FC22310F3862E2C7C8722EF4778D5CC3 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
20:02:24.0731 2232 IBMPMSVC - ok
20:02:24.0793 2232 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:02:24.0871 2232 idsvc - ok
20:02:25.0105 2232 [ 37A65E3D89F6BBF5719FF9585F99EB7D ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:02:25.0401 2232 igfx - ok
20:02:25.0433 2232 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:02:25.0464 2232 iirsp - ok
20:02:25.0542 2232 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:02:25.0667 2232 IKEEXT - ok
20:02:25.0729 2232 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
20:02:25.0776 2232 IntcHdmiAddService - ok
20:02:25.0823 2232 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:02:25.0854 2232 intelide - ok
20:02:25.0901 2232 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:02:25.0963 2232 intelppm - ok
20:02:26.0010 2232 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:02:26.0088 2232 IPBusEnum - ok
20:02:26.0135 2232 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:02:26.0228 2232 IpFilterDriver - ok
20:02:26.0291 2232 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:02:26.0400 2232 iphlpsvc - ok
20:02:26.0431 2232 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:02:26.0493 2232 IPMIDRV - ok
20:02:26.0525 2232 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:02:26.0603 2232 IPNAT - ok
20:02:26.0696 2232 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:02:26.0759 2232 iPod Service - ok
20:02:26.0790 2232 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:02:26.0899 2232 IRENUM - ok
20:02:26.0946 2232 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:02:26.0961 2232 isapnp - ok
20:02:27.0008 2232 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:02:27.0039 2232 iScsiPrt - ok
20:02:27.0086 2232 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:02:27.0117 2232 kbdclass - ok
20:02:27.0133 2232 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:02:27.0180 2232 kbdhid - ok
20:02:27.0195 2232 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:02:27.0227 2232 KeyIso - ok
20:02:27.0258 2232 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:02:27.0289 2232 KSecDD - ok
20:02:27.0351 2232 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:02:27.0383 2232 KSecPkg - ok
20:02:27.0445 2232 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:02:27.0523 2232 ksthunk - ok
20:02:27.0554 2232 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:02:27.0648 2232 KtmRm - ok
20:02:27.0695 2232 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:02:27.0788 2232 LanmanServer - ok
20:02:27.0851 2232 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:02:27.0944 2232 LanmanWorkstation - ok
20:02:28.0038 2232 [ CAB9C6C37FD0F9612B269349116504B6 ] LENOVO.CAMMUTE C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
20:02:28.0069 2232 LENOVO.CAMMUTE - ok
20:02:28.0100 2232 [ C88EB33793420A79F601FB5E33E2EDD9 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
20:02:28.0131 2232 LENOVO.MICMUTE - ok
20:02:28.0147 2232 [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi C:\Windows\system32\DRIVERS\smiifx64.sys
20:02:28.0178 2232 lenovo.smi - ok
20:02:28.0209 2232 [ 04B5F7F44CCB2FAB615C67ED0E6C8323 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
20:02:28.0225 2232 LENOVO.TPKNRSVC - ok
20:02:28.0241 2232 [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
20:02:28.0256 2232 Lenovo.VIRTSCRLSVC - ok
20:02:28.0287 2232 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:02:28.0365 2232 lltdio - ok
20:02:28.0397 2232 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:02:28.0475 2232 lltdsvc - ok
20:02:28.0490 2232 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:02:28.0553 2232 lmhosts - ok
20:02:28.0584 2232 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:02:28.0615 2232 LSI_FC - ok
20:02:28.0631 2232 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:02:28.0662 2232 LSI_SAS - ok
20:02:28.0677 2232 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:02:28.0709 2232 LSI_SAS2 - ok
20:02:28.0724 2232 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:02:28.0740 2232 LSI_SCSI - ok
20:02:28.0771 2232 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:02:28.0849 2232 luafv - ok
20:02:28.0880 2232 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:02:28.0927 2232 Mcx2Svc - ok
20:02:28.0943 2232 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:02:28.0974 2232 megasas - ok
20:02:28.0989 2232 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:02:29.0021 2232 MegaSR - ok
20:02:29.0052 2232 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:02:29.0130 2232 MMCSS - ok
20:02:29.0145 2232 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:02:29.0223 2232 Modem - ok
20:02:29.0270 2232 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:02:29.0317 2232 monitor - ok
20:02:29.0348 2232 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:02:29.0395 2232 mouclass - ok
20:02:29.0411 2232 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:02:29.0442 2232 mouhid - ok
20:02:29.0504 2232 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:02:29.0535 2232 mountmgr - ok
20:02:29.0613 2232 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:02:29.0660 2232 MozillaMaintenance - ok
20:02:29.0707 2232 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:02:29.0754 2232 mpio - ok
20:02:29.0785 2232 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:02:29.0863 2232 mpsdrv - ok
20:02:29.0941 2232 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:02:30.0050 2232 MpsSvc - ok
20:02:30.0113 2232 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:02:30.0144 2232 MRxDAV - ok
20:02:30.0175 2232 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:02:30.0253 2232 mrxsmb - ok
20:02:30.0284 2232 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:02:30.0347 2232 mrxsmb10 - ok
20:02:30.0362 2232 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:02:30.0409 2232 mrxsmb20 - ok
20:02:30.0425 2232 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:02:30.0456 2232 msahci - ok
20:02:30.0487 2232 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:02:30.0518 2232 msdsm - ok
20:02:30.0534 2232 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:02:30.0581 2232 MSDTC - ok
20:02:30.0627 2232 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:02:30.0690 2232 Msfs - ok
20:02:30.0705 2232 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:02:30.0783 2232 mshidkmdf - ok
20:02:30.0815 2232 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:02:30.0861 2232 msisadrv - ok
20:02:30.0893 2232 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:02:31.0002 2232 MSiSCSI - ok
20:02:31.0002 2232 msiserver - ok
20:02:31.0049 2232 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:02:31.0111 2232 MSKSSRV - ok
20:02:31.0127 2232 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:02:31.0236 2232 MSPCLOCK - ok
20:02:31.0251 2232 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:02:31.0314 2232 MSPQM - ok
20:02:31.0376 2232 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:02:31.0407 2232 MsRPC - ok
20:02:31.0470 2232 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:02:31.0501 2232 mssmbios - ok
20:02:31.0517 2232 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:02:31.0579 2232 MSTEE - ok
20:02:31.0595 2232 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:02:31.0641 2232 MTConfig - ok
20:02:31.0657 2232 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:02:31.0688 2232 Mup - ok
20:02:31.0735 2232 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:02:31.0860 2232 napagent - ok
20:02:31.0907 2232 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:02:31.0938 2232 NativeWifiP - ok
20:02:32.0016 2232 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:02:32.0094 2232 NDIS - ok
20:02:32.0125 2232 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:02:32.0203 2232 NdisCap - ok
20:02:32.0219 2232 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:02:32.0297 2232 NdisTapi - ok
20:02:32.0343 2232 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:02:32.0421 2232 Ndisuio - ok
20:02:32.0453 2232 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:02:32.0531 2232 NdisWan - ok
20:02:32.0577 2232 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:02:32.0671 2232 NDProxy - ok
20:02:32.0718 2232 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:02:32.0796 2232 NetBIOS - ok
20:02:32.0858 2232 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:02:32.0936 2232 NetBT - ok
20:02:32.0952 2232 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:02:32.0967 2232 Netlogon - ok
20:02:33.0014 2232 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:02:33.0123 2232 Netman - ok
20:02:33.0155 2232 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:02:33.0248 2232 netprofm - ok
20:02:33.0279 2232 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:02:33.0295 2232 NetTcpPortSharing - ok
20:02:33.0498 2232 [ E72F4522801FFB8F0456924FB0017BFF ] NETw1v64 C:\Windows\system32\DRIVERS\NETw1v64.sys
20:02:33.0888 2232 NETw1v64 - ok
20:02:34.0122 2232 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
20:02:34.0449 2232 NETw5s64 - ok
20:02:34.0637 2232 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:02:34.0886 2232 netw5v64 - ok
20:02:35.0151 2232 [ EB43840BABF5589E33186D094DE7381D ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
20:02:35.0463 2232 NETwNs64 - ok
20:02:35.0510 2232 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:02:35.0541 2232 nfrd960 - ok
20:02:35.0604 2232 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:02:35.0682 2232 NlaSvc - ok
20:02:35.0775 2232 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
20:02:35.0822 2232 NMIndexingService - ok
20:02:35.0838 2232 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:02:35.0916 2232 Npfs - ok
20:02:35.0947 2232 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:02:36.0009 2232 nsi - ok
20:02:36.0041 2232 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:02:36.0119 2232 nsiproxy - ok
20:02:36.0212 2232 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:02:36.0321 2232 Ntfs - ok
20:02:36.0353 2232 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:02:36.0431 2232 Null - ok
20:02:36.0446 2232 NUS_Bus - ok
20:02:36.0493 2232 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:02:36.0524 2232 nvraid - ok
20:02:36.0555 2232 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:02:36.0571 2232 nvstor - ok
20:02:36.0602 2232 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:02:36.0618 2232 nv_agp - ok
20:02:36.0649 2232 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:02:36.0680 2232 ohci1394 - ok
20:02:36.0758 2232 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:02:36.0789 2232 ose - ok
20:02:37.0008 2232 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:02:37.0273 2232 osppsvc - ok
20:02:37.0320 2232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:02:37.0413 2232 p2pimsvc - ok
20:02:37.0460 2232 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:02:37.0538 2232 p2psvc - ok
20:02:37.0554 2232 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:02:37.0601 2232 Parport - ok
20:02:37.0632 2232 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:02:37.0679 2232 partmgr - ok
20:02:37.0710 2232 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:02:37.0788 2232 PcaSvc - ok
20:02:37.0881 2232 [ ACD84D961942E2204A4475F9AF356F2E ] PCDSRVC{127174DC-C366ED8B-06020000}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms
20:02:37.0991 2232 PCDSRVC{127174DC-C366ED8B-06020000}_0 - ok
20:02:38.0037 2232 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:02:38.0084 2232 pci - ok
20:02:38.0115 2232 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:02:38.0147 2232 pciide - ok
20:02:38.0178 2232 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:02:38.0225 2232 pcmcia - ok
20:02:38.0240 2232 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:02:38.0271 2232 pcw - ok
20:02:38.0303 2232 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:02:38.0428 2232 PEAUTH - ok
20:02:38.0506 2232 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:02:38.0552 2232 PerfHost - ok
20:02:38.0662 2232 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:02:38.0786 2232 pla - ok
20:02:38.0833 2232 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:02:38.0927 2232 PlugPlay - ok
20:02:38.0958 2232 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:02:39.0020 2232 PNRPAutoReg - ok
20:02:39.0052 2232 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:02:39.0083 2232 PNRPsvc - ok
20:02:39.0130 2232 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:02:39.0254 2232 PolicyAgent - ok
20:02:39.0286 2232 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:02:39.0364 2232 Power - ok
20:02:39.0426 2232 [ BAC02775CF629E5FE80BEA952F4448EF ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
20:02:39.0457 2232 Power Manager DBC Service - ok
20:02:39.0504 2232 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:02:39.0598 2232 PptpMiniport - ok
20:02:39.0644 2232 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:02:39.0676 2232 Processor - ok
20:02:39.0738 2232 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:02:39.0832 2232 ProfSvc - ok
20:02:39.0863 2232 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:02:39.0894 2232 ProtectedStorage - ok
20:02:39.0925 2232 [ 515A7C5A0886FCC60901916785EFD549 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
20:02:39.0956 2232 psadd - ok
20:02:40.0003 2232 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:02:40.0097 2232 Psched - ok
20:02:40.0159 2232 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:02:40.0253 2232 ql2300 - ok
20:02:40.0268 2232 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:02:40.0300 2232 ql40xx - ok
20:02:40.0331 2232 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:02:40.0378 2232 QWAVE - ok
20:02:40.0393 2232 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:02:40.0440 2232 QWAVEdrv - ok
20:02:40.0471 2232 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:02:40.0534 2232 RasAcd - ok
20:02:40.0580 2232 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:02:40.0658 2232 RasAgileVpn - ok
20:02:40.0690 2232 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:02:40.0783 2232 RasAuto - ok
20:02:40.0830 2232 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:02:40.0924 2232 Rasl2tp - ok
20:02:40.0970 2232 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:02:41.0111 2232 RasMan - ok
20:02:41.0142 2232 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:02:41.0236 2232 RasPppoe - ok
20:02:41.0267 2232 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:02:41.0360 2232 RasSstp - ok
20:02:41.0423 2232 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:02:41.0501 2232 rdbss - ok
20:02:41.0532 2232 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:02:41.0579 2232 rdpbus - ok
20:02:41.0610 2232 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:02:41.0688 2232 RDPCDD - ok
20:02:41.0735 2232 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:02:41.0813 2232 RDPENCDD - ok
20:02:41.0828 2232 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:02:41.0891 2232 RDPREFMP - ok
20:02:41.0938 2232 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:02:42.0016 2232 RDPWD - ok
20:02:42.0094 2232 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:02:42.0140 2232 rdyboost - ok
20:02:42.0250 2232 [ A6BAEA839CC888D4961AB5FE16BB8C4A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:02:42.0328 2232 RegSrvc - ok
20:02:42.0359 2232 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:02:42.0468 2232 RemoteAccess - ok
20:02:42.0484 2232 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:02:42.0577 2232 RemoteRegistry - ok
20:02:42.0608 2232 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:02:42.0640 2232 RFCOMM - ok
20:02:42.0671 2232 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:02:42.0733 2232 RpcEptMapper - ok
20:02:42.0764 2232 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:02:42.0811 2232 RpcLocator - ok
20:02:42.0874 2232 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:02:42.0952 2232 RpcSs - ok
20:02:43.0014 2232 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:02:43.0123 2232 rspndr - ok
20:02:43.0170 2232 [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:02:43.0217 2232 RSUSBSTOR - ok
20:02:43.0264 2232 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:02:43.0295 2232 RTL8167 - ok
20:02:43.0310 2232 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:02:43.0342 2232 SamSs - ok
20:02:43.0388 2232 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:02:43.0404 2232 sbp2port - ok
20:02:43.0435 2232 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:02:43.0576 2232 SCardSvr - ok
20:02:43.0607 2232 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:02:43.0716 2232 scfilter - ok
20:02:43.0794 2232 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:02:43.0919 2232 Schedule - ok
20:02:43.0966 2232 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:02:44.0028 2232 SCPolicySvc - ok
20:02:44.0090 2232 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:02:44.0153 2232 sdbus - ok
20:02:44.0184 2232 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:02:44.0278 2232 SDRSVC - ok
20:02:44.0324 2232 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:02:44.0418 2232 secdrv - ok
20:02:44.0465 2232 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:02:44.0543 2232 seclogon - ok
20:02:44.0590 2232 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:02:44.0668 2232 SENS - ok
20:02:44.0699 2232 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:02:44.0777 2232 SensrSvc - ok
20:02:44.0792 2232 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:02:44.0839 2232 Serenum - ok
20:02:44.0886 2232 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:02:44.0933 2232 Serial - ok
20:02:44.0980 2232 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:02:45.0011 2232 sermouse - ok
20:02:45.0089 2232 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:02:45.0198 2232 SessionEnv - ok
20:02:45.0245 2232 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:02:45.0307 2232 sffdisk - ok
20:02:45.0323 2232 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:02:45.0354 2232 sffp_mmc - ok
20:02:45.0370 2232 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:02:45.0416 2232 sffp_sd - ok
20:02:45.0448 2232 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:02:45.0479 2232 sfloppy - ok
20:02:45.0526 2232 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:02:45.0604 2232 SharedAccess - ok
20:02:45.0666 2232 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:02:45.0760 2232 ShellHWDetection - ok
20:02:45.0791 2232 [ C45942985943FC4AB8A7EA7A92F29C00 ] Shockprf C:\Windows\system32\DRIVERS\Apsx64.sys
20:02:45.0806 2232 Shockprf - ok
20:02:45.0838 2232 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:02:45.0869 2232 SiSRaid2 - ok
20:02:45.0884 2232 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:02:45.0900 2232 SiSRaid4 - ok
20:02:45.0962 2232 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:02:45.0994 2232 SkypeUpdate - ok
20:02:46.0056 2232 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:02:46.0150 2232 Smb - ok
20:02:46.0212 2232 [ 0775CB5147953CCE129BC3414740D109 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
20:02:46.0259 2232 snapman - ok
20:02:46.0290 2232 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:02:46.0352 2232 SNMPTRAP - ok
20:02:46.0368 2232 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:02:46.0399 2232 spldr - ok
20:02:46.0462 2232 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:02:46.0524 2232 Spooler - ok
20:02:46.0664 2232 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:02:46.0867 2232 sppsvc - ok
20:02:46.0898 2232 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:02:46.0976 2232 sppuinotify - ok
20:02:47.0008 2232 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:02:47.0070 2232 srv - ok
20:02:47.0101 2232 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:02:47.0132 2232 srv2 - ok
20:02:47.0179 2232 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:02:47.0226 2232 SrvHsfHDA - ok
20:02:47.0288 2232 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:02:47.0398 2232 SrvHsfV92 - ok
20:02:47.0429 2232 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:02:47.0507 2232 SrvHsfWinac - ok
20:02:47.0538 2232 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:02:47.0600 2232 srvnet - ok
20:02:47.0647 2232 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:02:47.0741 2232 SSDPSRV - ok
20:02:47.0772 2232 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:02:47.0834 2232 SstpSvc - ok
20:02:47.0881 2232 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:02:47.0912 2232 stexstor - ok
20:02:47.0959 2232 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:02:48.0068 2232 stisvc - ok
20:02:48.0162 2232 [ 7F7958C5B40F9441D1E8D704310D46FF ] SUService c:\Program Files (x86)\Lenovo\System Update\SUService.exe
20:02:48.0193 2232 SUService ( UnsignedFile.Multi.Generic ) - warning
20:02:48.0193 2232 SUService - detected UnsignedFile.Multi.Generic (1)
20:02:48.0240 2232 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:02:48.0271 2232 swenum - ok
20:02:48.0318 2232 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:02:48.0458 2232 swprv - ok
20:02:48.0536 2232 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:02:48.0646 2232 SynTP - ok
20:02:48.0770 2232 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:02:48.0895 2232 SysMain - ok
20:02:48.0942 2232 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:02:48.0989 2232 TabletInputService - ok
20:02:49.0036 2232 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:02:49.0129 2232 TapiSrv - ok
20:02:49.0160 2232 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:02:49.0223 2232 TBS - ok
20:02:49.0332 2232 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:02:49.0441 2232 Tcpip - ok
20:02:49.0519 2232 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:02:49.0597 2232 TCPIP6 - ok
20:02:49.0613 2232 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:02:49.0660 2232 tcpipreg - ok
20:02:49.0691 2232 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:02:49.0753 2232 TDPIPE - ok
20:02:49.0847 2232 [ BF7AC81DF6FBE09438D9DC7188178EA9 ] tdrpman258 C:\Windows\system32\DRIVERS\tdrpm258.sys
20:02:49.0940 2232 tdrpman258 - ok
20:02:49.0987 2232 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:02:50.0034 2232 TDTCP - ok
20:02:50.0096 2232 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:02:50.0190 2232 tdx - ok
20:02:50.0284 2232 [ 839E88DB24D2D8F05B72E12B175951CA ] TeamViewer6 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
20:02:50.0408 2232 TeamViewer6 - ok
20:02:50.0471 2232 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:02:50.0486 2232 TermDD - ok
20:02:50.0549 2232 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:02:50.0690 2232 TermService - ok
20:02:50.0737 2232 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:02:50.0799 2232 Themes - ok
20:02:50.0893 2232 [ 39AC444E07FDBD8C2E8E291A65D515D3 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
20:02:50.0971 2232 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
20:02:50.0971 2232 ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
20:02:51.0002 2232 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:02:51.0080 2232 THREADORDER - ok
20:02:51.0127 2232 [ 2C1CAF5563548A15515EAB07D2A069C6 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
20:02:51.0189 2232 timounter - ok
20:02:51.0205 2232 [ 6DB3FAE611554DC373E266ED50111B1C ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM64.sys
20:02:51.0236 2232 TPDIGIMN - ok
20:02:51.0267 2232 [ 47D2009FDC682833EE03B6DCBA23FDD2 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG64.exe
20:02:51.0283 2232 TPHDEXLGSVC - ok
20:02:51.0330 2232 [ 2CF225E19490F499528B926263FE4554 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
20:02:51.0361 2232 TPHKSVC - ok
20:02:51.0408 2232 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
20:02:51.0455 2232 TPM - ok
20:02:51.0501 2232 [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF C:\Windows\system32\drivers\Tppwr64v.sys
20:02:51.0517 2232 TPPWRIF - ok
20:02:51.0564 2232 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:02:51.0642 2232 TrkWks - ok
20:02:51.0720 2232 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:02:51.0813 2232 TrustedInstaller - ok
20:02:51.0860 2232 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:02:51.0969 2232 tssecsrv - ok
20:02:52.0047 2232 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:02:52.0125 2232 TsUsbFlt - ok
20:02:52.0188 2232 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:02:52.0297 2232 tunnel - ok
20:02:52.0406 2232 [ 4581A61AD590BC3CCDF2759D0BDD69FC ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
20:02:52.0515 2232 TVT Backup Service - ok
20:02:52.0547 2232 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:02:52.0562 2232 uagp35 - ok
20:02:52.0609 2232 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:02:52.0718 2232 udfs - ok
20:02:52.0765 2232 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:02:52.0827 2232 UI0Detect - ok
20:02:52.0843 2232 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:02:52.0890 2232 uliagpkx - ok
20:02:52.0921 2232 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:02:52.0983 2232 umbus - ok
20:02:53.0015 2232 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:02:53.0061 2232 UmPass - ok
20:02:53.0108 2232 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:02:53.0217 2232 upnphost - ok
20:02:53.0280 2232 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:02:53.0327 2232 USBAAPL64 - ok
20:02:53.0389 2232 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:02:53.0436 2232 usbccgp - ok
20:02:53.0467 2232 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:02:53.0514 2232 usbcir - ok
20:02:53.0529 2232 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:02:53.0561 2232 usbehci - ok
20:02:53.0592 2232 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:02:53.0639 2232 usbhub - ok
20:02:53.0654 2232 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:02:53.0701 2232 usbohci - ok
20:02:53.0748 2232 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:02:53.0779 2232 usbprint - ok
20:02:53.0795 2232 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:02:53.0841 2232 usbscan - ok
20:02:53.0888 2232 [ 63FE600D71D72EB960FF01B0F0E5D837 ] usbsmi C:\Windows\system32\DRIVERS\SMIksdrv.sys
20:02:53.0966 2232 usbsmi - ok
20:02:53.0997 2232 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:02:54.0060 2232 USBSTOR - ok
20:02:54.0122 2232 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:02:54.0169 2232 usbuhci - ok
20:02:54.0216 2232 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:02:54.0263 2232 usbvideo - ok
20:02:54.0309 2232 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:02:54.0419 2232 UxSms - ok
20:02:54.0434 2232 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:02:54.0465 2232 VaultSvc - ok
20:02:54.0512 2232 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:02:54.0543 2232 vdrvroot - ok
20:02:54.0606 2232 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:02:54.0715 2232 vds - ok
20:02:54.0746 2232 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:02:54.0777 2232 vga - ok
20:02:54.0793 2232 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:02:54.0871 2232 VgaSave - ok
20:02:54.0902 2232 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:02:54.0949 2232 vhdmp - ok
20:02:54.0996 2232 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:02:55.0027 2232 viaide - ok
20:02:55.0058 2232 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:02:55.0074 2232 volmgr - ok
20:02:55.0136 2232 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:02:55.0183 2232 volmgrx - ok
20:02:55.0199 2232 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:02:55.0230 2232 volsnap - ok
20:02:55.0261 2232 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:02:55.0292 2232 vsmraid - ok
20:02:55.0370 2232 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:02:55.0511 2232 VSS - ok
20:02:55.0526 2232 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:02:55.0573 2232 vwifibus - ok
20:02:55.0589 2232 [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:02:55.0620 2232 VWiFiFlt - ok
20:02:55.0635 2232 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:02:55.0682 2232 vwifimp - ok
20:02:55.0713 2232 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:02:55.0791 2232 W32Time - ok
20:02:55.0807 2232 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:02:55.0854 2232 WacomPen - ok
20:02:55.0901 2232 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:02:56.0010 2232 WANARP - ok
20:02:56.0025 2232 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:02:56.0088 2232 Wanarpv6 - ok
20:02:56.0181 2232 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:02:56.0337 2232 wbengine - ok
20:02:56.0369 2232 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:02:56.0415 2232 WbioSrvc - ok
20:02:56.0478 2232 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:02:56.0525 2232 wcncsvc - ok
20:02:56.0556 2232 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:02:56.0587 2232 WcsPlugInService - ok
20:02:56.0618 2232 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:02:56.0634 2232 Wd - ok
20:02:56.0696 2232 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:02:56.0774 2232 Wdf01000 - ok
20:02:56.0790 2232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:02:56.0930 2232 WdiServiceHost - ok
20:02:56.0946 2232 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:02:56.0993 2232 WdiSystemHost - ok
20:02:57.0039 2232 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:02:57.0102 2232 WebClient - ok
20:02:57.0149 2232 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:02:57.0242 2232 Wecsvc - ok
20:02:57.0258 2232 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:02:57.0351 2232 wercplsupport - ok
20:02:57.0398 2232 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:02:57.0461 2232 WerSvc - ok
20:02:57.0492 2232 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:02:57.0570 2232 WfpLwf - ok
20:02:57.0601 2232 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:02:57.0617 2232 WIMMount - ok
20:02:57.0648 2232 WinDefend - ok
20:02:57.0663 2232 WinHttpAutoProxySvc - ok
20:02:57.0726 2232 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:02:57.0819 2232 Winmgmt - ok
20:02:57.0913 2232 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:02:58.0116 2232 WinRM - ok
20:02:58.0194 2232 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:02:58.0241 2232 WinUsb - ok
20:02:58.0319 2232 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:02:58.0428 2232 Wlansvc - ok
20:02:58.0490 2232 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:02:58.0521 2232 WmiAcpi - ok
20:02:58.0568 2232 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:02:58.0631 2232 wmiApSrv - ok
20:02:58.0662 2232 WMPNetworkSvc - ok
20:02:58.0693 2232 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:02:58.0755 2232 WPCSvc - ok
20:02:58.0802 2232 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:02:58.0849 2232 WPDBusEnum - ok
20:02:58.0865 2232 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:02:58.0943 2232 ws2ifsl - ok
20:02:58.0974 2232 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:02:59.0021 2232 wscsvc - ok
20:02:59.0067 2232 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:02:59.0130 2232 WSDPrintDevice - ok
20:02:59.0177 2232 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
20:02:59.0208 2232 WSDScan - ok
20:02:59.0223 2232 WSearch - ok
20:02:59.0333 2232 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:02:59.0473 2232 wuauserv - ok
20:02:59.0535 2232 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:02:59.0598 2232 WudfPf - ok
20:02:59.0645 2232 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:02:59.0660 2232 WUDFRd - ok
20:02:59.0691 2232 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:02:59.0738 2232 wudfsvc - ok
20:02:59.0769 2232 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:02:59.0847 2232 WwanSvc - ok
20:02:59.0894 2232 ================ Scan global ===============================
20:02:59.0925 2232 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:02:59.0988 2232 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:03:00.0003 2232 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:03:00.0035 2232 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:03:00.0081 2232 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:03:00.0097 2232 [Global] - ok
20:03:00.0097 2232 ================ Scan MBR ==================================
20:03:00.0113 2232 [ BDDAC1C2E1E8254940F70294052B3E08 ] \Device\Harddisk0\DR0
20:03:00.0393 2232 \Device\Harddisk0\DR0 - ok
20:03:00.0393 2232 ================ Scan VBR ==================================
20:03:00.0393 2232 [ AD73BC8586304E5C45074D43C7E44C09 ] \Device\Harddisk0\DR0\Partition1
20:03:00.0393 2232 \Device\Harddisk0\DR0\Partition1 - ok
20:03:00.0440 2232 [ 371E8DBB9895925597943D4ED24AC49F ] \Device\Harddisk0\DR0\Partition2
20:03:00.0456 2232 \Device\Harddisk0\DR0\Partition2 - ok
20:03:00.0456 2232 [ 173456371AAF7ED64C8E38D5CDDFCEC9 ] \Device\Harddisk0\DR0\Partition3
20:03:00.0471 2232 \Device\Harddisk0\DR0\Partition3 - ok
20:03:00.0471 2232 ============================================================
20:03:00.0471 2232 Scan finished
20:03:00.0471 2232 ============================================================
20:03:00.0503 2868 Detected object count: 4
20:03:00.0503 2868 Actual detected object count: 4
20:03:31.0921 2868 AcronisOSSReinstallSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:31.0921 2868 AcronisOSSReinstallSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:31.0921 2868 EST_Server ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:31.0921 2868 EST_Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:31.0921 2868 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:31.0921 2868 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:03:31.0921 2868 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:31.0921 2868 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
14.01.2013, 22:14
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TrojanDownloader:Win32/Adload.DA-Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TrojanDownloader:Win32/Adload.DA-Virus |
| befindet, downloader, externe, externe festplatte, festplatte, gestern, gmer, hilfe!, lange, laptop, laufen, melde, meldung, microsoft, nichts, platte, scan, scanner, schei, trojandownloader, trojandownloader:win32/adload.da-virus, ubuntu, virus, win, win32/adload.da-virus, win7 |
