Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TrojanDownloader:Win32/Adload.DA-Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.01.2013, 11:58   #1
Juliia
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Hallo,

das Win7 Wartungscenter meldete den Virus "TrojanDownloader:Win32/Adload.DA-Virus". Wie empfohlen habe ich den "Microsoft Safety Scanner" ausgeführt. Dieser hat aber nichts gefunden. In der Meldung vom Wartungscenter stand, dass der Virus meinen PC 2 Mal beeinträchtigt hat. Das letzte Mal Ende Oktober. Ich habe die Meldung anscheinend ziehmlich lange übersehen.

Wie soll ich jetzt vorgehen? Gestern hatte ich außerdem eine externe Festplatte angeschlossen. Kann es sein, dass sich der Virus jetzt auch darauf befindet?

Auf meinen Laptop ist außerdem auch Ubuntu als Betriebssystem. Kann der Virus etwas ausrichten, wenn ich unter Ubuntu arbeite?

Ich habe OML und GMER laufen lassen. Die log-Files hänge ich an.

Vielen Dank schon mal für jede Hilfe!

Alt 13.01.2013, 21:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Hallo und

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 13.01.2013, 21:32   #3
Juliia
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Hallo,

ich habe das aus dem 2. Post von http://www.trojaner-board.de/69886-a...-beachten.html so herausgelesen. Das "Bitte nur machen wenn vom Helfer gefordert" habe ich so verstanden, dass man die Logs nur posten soll, wenn von einem Helfer gefordert, gemeint war wohl, dass man es nur dann als Anhang machen soll.

Also hier nochmal die Logs:

von otl.txt:
Code:
ATTFilter
OTL logfile created on: 13.01.2013 10:32:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 48,20% Memory free
3,74 Gb Paging File | 2,16 Gb Available in Paging File | 57,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101,06 Gb Total Space | 16,40 Gb Free Space | 16,22% Space Free | Partition Type: NTFS
Drive D: | 70,14 Gb Total Space | 47,55 Gb Free Space | 67,79% Space Free | Partition Type: NTFS
 
Computer Name: JULIANETBOOK | User Name: Julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.13 10:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
PRC - [2013.01.04 23:29:06 | 028,539,232 | ---- | M] (Dropbox, Inc.) -- C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.20 21:56:46 | 001,574,176 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.12.20 18:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.12.20 18:44:26 | 001,476,104 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.12.04 15:36:48 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.12.07 11:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.06 08:18:24 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.09.17 17:52:56 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2010.09.17 17:51:10 | 000,357,736 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010.09.17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2010.09.17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010.07.30 16:07:48 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2010.07.27 17:05:00 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.07.27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010.07.27 13:51:54 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2010.07.27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.07 06:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.04.07 04:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010.03.27 18:39:06 | 000,362,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.03.27 18:38:26 | 005,141,512 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010.03.15 12:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2009.11.24 05:51:20 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.10.02 17:39:46 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.08.28 13:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009.08.07 04:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.08.07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008.01.22 10:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.22 10:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.12 17:38:46 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll
MOD - [2013.01.12 17:35:04 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.12 11:13:36 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.01.12 11:13:06 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.01.12 11:12:43 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.01.12 11:12:25 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.01.12 11:12:24 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.01.12 11:12:20 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.12 11:12:08 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.12 11:11:57 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.27 18:39:06 | 000,362,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
MOD - [2010.03.27 18:38:26 | 005,141,512 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
MOD - [2010.03.27 16:30:50 | 000,279,904 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll
MOD - [2010.03.27 15:14:56 | 000,028,512 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll
MOD - [2010.03.27 15:13:36 | 000,019,808 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll
MOD - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.11.18 06:04:24 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.10.09 11:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV - [2013.01.10 20:53:06 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.10 16:29:39 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.04 15:38:05 | 000,565,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.12.04 12:13:51 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.04 12:04:24 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.12.07 11:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.06 08:18:24 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.09.17 17:50:54 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010.09.17 17:50:48 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010.08.25 03:30:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010.07.27 13:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010.07.27 13:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.07.19 18:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010.07.19 17:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.04.07 06:37:24 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.04.07 04:02:18 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.03.27 18:39:22 | 001,055,288 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.15 12:54:56 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.10.02 17:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.08.28 13:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.07 04:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.09 16:29:44 | 002,232,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.03 15:36:36 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.03 15:36:35 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.11.16 20:17:15 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.06 08:18:25 | 000,252,512 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2010.11.06 08:18:23 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm258.sys -- (tdrpman258)
DRV:64bit: - [2010.11.06 08:18:20 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.11.06 08:18:15 | 000,271,456 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.08.25 03:30:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2010.07.14 04:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010.06.23 09:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.06.17 17:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.06.03 19:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.02.19 04:08:18 | 000,720,952 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.12.15 00:03:50 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.23 12:06:32 | 000,205,952 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)
DRV:64bit: - [2009.11.18 06:04:04 | 000,032,880 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2009.10.09 11:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2009.10.09 11:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2009.10.06 11:11:38 | 000,199,168 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GenHC.sys -- (EST_Server)
DRV:64bit: - [2009.10.02 00:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.09.15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.28 11:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.08.28 11:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.08.13 05:53:50 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.20 07:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.09 21:45:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009.07.02 03:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 07:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.05.12 10:04:26 | 000,015,400 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV - [2010.09.08 22:15:34 | 000,024,560 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020000}_0)
DRV - [2009.09.30 01:58:18 | 000,225,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {208575C7-3F3D-401D-BC12-FBC971B02F97}
IE:64bit: - HKLM\..\SearchScopes\{208575C7-3F3D-401D-BC12-FBC971B02F97}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D341DBFB-124B-47EC-BFA7-3D0857DFADF7}
IE - HKLM\..\SearchScopes\{D341DBFB-124B-47EC-BFA7-3D0857DFADF7}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {9A61A335-4B23-467C-8418-957A93BEB2A7}
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{9A61A335-4B23-467C-8418-957A93BEB2A7}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{E91806AC-2FC7-425C-B406-BFE8AE1E8187}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=acf12f82-9d5b-4f40-87df-f09d0980e871&apn_sauid=4BFFC168-5438-43FE-AEAA-784BAA7F039C
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.13.100015
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=acf12f82-9d5b-4f40-87df-f09d0980e871&apn_ptnrs=^AGS&apn_sauid=4BFFC168-5438-43FE-AEAA-784BAA7F039C&apn_dtid=^YYYYYY^YY^DE&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.01.07 17:19:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.10 20:53:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 23:23:26 | 000,000,000 | ---D | M]
 
[2010.11.05 20:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\Extensions
[2013.01.12 19:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\Firefox\Profiles\kxny5dmm.default\extensions
[2012.12.03 19:29:04 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Julia\AppData\Roaming\mozilla\Firefox\Profiles\kxny5dmm.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013.01.10 20:24:47 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Julia\AppData\Roaming\mozilla\Firefox\Profiles\kxny5dmm.default\extensions\toolbar@ask.com
[2012.11.23 19:33:24 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\firefox\profiles\kxny5dmm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.07 00:53:50 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\Julia\AppData\Roaming\mozilla\firefox\profiles\kxny5dmm.default\extensions\toolbar@ask.com\chrome\content\Abine\chrome\content\ff\view_expiry.js
[2013.01.12 22:48:19 | 000,002,413 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\mozilla\firefox\profiles\kxny5dmm.default\searchplugins\askcom.xml
[2012.08.14 18:56:27 | 000,002,792 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\mozilla\firefox\profiles\kxny5dmm.default\searchplugins\Plusnetwork.xml
[2013.01.10 20:52:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.10 20:53:06 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.23 11:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.10.11 03:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 03:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 03:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 03:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 03:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 03:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe ()
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [USBServer] "C:\Program Files (x86)\Generic\USB Server\USBServer.exe" /h File not found
O4 - Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Julia\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C834BF3-4639-4841-B68A-3972780AD0E1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{69035466-e907-11df-b236-70f39533c70d}\Shell - "" = AutoRun
O33 - MountPoints2\{69035466-e907-11df-b236-70f39533c70d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.13 10:30:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
[2013.01.12 16:58:17 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013.01.12 16:47:23 | 000,000,000 | ---D | C] -- C:\TEMP
[2013.01.12 16:36:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.01.12 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.01.12 11:28:52 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\Samsung
[2013.01.12 11:28:44 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Samsung
[2013.01.12 11:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
[2013.01.12 11:24:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec
[2013.01.12 11:19:43 | 000,000,000 | ---D | C] -- C:\Users\Julia\Documents\samsung
[2013.01.12 11:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.01.12 11:17:33 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2013.01.12 11:16:59 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013.01.12 11:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013.01.12 11:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2013.01.12 10:14:11 | 000,000,000 | ---D | C] -- C:\Users\Julia\Documents\Outlook-Dateien
[2013.01.12 09:58:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.12 09:54:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.12 09:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.01.12 09:53:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.01.12 09:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.12 09:49:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.01.12 09:46:53 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.01.10 20:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.10 20:21:24 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Roaming\Avira
[2013.01.10 20:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.01.10 20:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013.01.10 20:14:52 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.01.10 20:14:52 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.01.10 20:14:52 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.01.10 20:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.01.10 20:14:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013.01.04 12:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.04 12:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.04 12:56:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.04 12:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.01.04 12:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.31 08:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW 2011 Home Edition
[2012.12.31 08:44:00 | 000,000,000 | ---D | C] -- C:\Users\Julia\AppData\Local\Programs
[2012.12.18 10:06:10 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012.12.18 10:06:10 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2012.12.18 10:06:06 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax
[2012.12.18 10:06:06 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll
[2012.12.18 10:06:06 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll
[2012.12.18 10:06:06 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax
[2012.12.18 10:06:06 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll
[2012.12.18 10:06:06 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll
[2012.12.18 10:06:06 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe
[2012.12.18 10:06:06 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll
[2012.12.18 10:06:06 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll
[2012.12.18 10:06:06 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax
[2012.12.18 10:06:06 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax
[2012.12.18 10:06:06 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll
[2012.12.18 10:06:06 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax
[2012.12.18 10:06:06 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll
[2012.12.18 10:06:06 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll
[2012.12.18 10:06:06 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll
[2012.12.18 10:06:06 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll
[2012.12.18 10:06:06 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll
[2012.12.18 10:06:06 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll
[2012.12.18 10:06:06 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll
[2012.12.18 10:06:06 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.13 10:30:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julia\Desktop\OTL.exe
[2013.01.13 10:28:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.13 10:02:45 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 10:02:45 | 000,018,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 09:44:16 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.13 09:34:45 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.13 09:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.13 09:33:21 | 000,477,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.13 09:33:05 | 1504,337,920 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.12 17:03:47 | 000,001,065 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.12 17:03:31 | 000,001,033 | ---- | M] () -- C:\Users\Julia\Desktop\Dropbox.lnk
[2013.01.12 14:21:00 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.12 14:21:00 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.12 14:21:00 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.12 14:21:00 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.12 14:20:59 | 001,507,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.12 14:12:45 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.01.12 11:28:24 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.01.12 10:26:40 | 000,352,256 | ---- | M] () -- C:\Users\Julia\Documents\Database1.accdb
[2013.01.12 10:11:19 | 001,527,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.12 10:10:56 | 000,001,351 | ---- | M] () -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.01.12 10:10:06 | 000,003,231 | ---- | M] () -- C:\Users\Julia\Desktop\Microsoft Outlook 2010.lnk
[2013.01.12 10:09:31 | 000,003,095 | ---- | M] () -- C:\Users\Julia\Desktop\Microsoft PowerPoint 2010.lnk
[2013.01.12 10:08:51 | 000,003,047 | ---- | M] () -- C:\Users\Julia\Desktop\Microsoft Excel 2010.lnk
[2013.01.12 10:08:17 | 000,003,029 | ---- | M] () -- C:\Users\Julia\Desktop\Microsoft Word 2010.lnk
[2013.01.10 20:15:57 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.01.10 20:13:24 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.01.07 17:19:55 | 000,001,625 | ---- | M] () -- C:\Users\Julia\Desktop\DivX Movies.lnk
[2013.01.07 17:19:22 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.01.07 17:18:49 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.01.04 12:57:08 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.21 10:02:35 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.12.18 10:06:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012.12.18 10:06:10 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2012.12.18 10:06:10 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2012.12.18 10:06:10 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 10:06:06 | 000,974,848 | ---- | M] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 10:06:06 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax
[2012.12.18 10:06:06 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll
[2012.12.18 10:06:06 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll
[2012.12.18 10:06:06 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax
[2012.12.18 10:06:06 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll
[2012.12.18 10:06:06 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll
[2012.12.18 10:06:06 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe
[2012.12.18 10:06:06 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll
[2012.12.18 10:06:06 | 000,143,360 | ---- | M] () -- C:\Windows\SysWow64\3DAudio.ax
[2012.12.18 10:06:06 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll
[2012.12.18 10:06:06 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax
[2012.12.18 10:06:06 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax
[2012.12.18 10:06:06 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll
[2012.12.18 10:06:06 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax
[2012.12.18 10:06:06 | 000,081,920 | ---- | M] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 10:06:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 10:06:06 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll
[2012.12.18 10:06:06 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll
[2012.12.18 10:06:06 | 000,057,344 | ---- | M] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.12.18 10:06:06 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll
[2012.12.18 10:06:06 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\SysWow64\MAMACExtract.dll
[2012.12.18 10:06:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll
[2012.12.18 10:06:06 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll
[2012.12.18 10:06:06 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll
[2012.12.18 10:06:06 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe
[2012.12.18 10:06:00 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2012.12.16 20:07:53 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
 
========== Files Created - No Company Name ==========
 
[2013.01.12 16:59:46 | 000,001,033 | ---- | C] () -- C:\Users\Julia\Desktop\Dropbox.lnk
[2013.01.12 16:58:23 | 000,001,065 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.01.12 11:19:04 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.01.12 10:26:18 | 000,352,256 | ---- | C] () -- C:\Users\Julia\Documents\Database1.accdb
[2013.01.12 10:10:56 | 000,001,351 | ---- | C] () -- C:\Users\Julia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2013.01.12 10:10:06 | 000,003,231 | ---- | C] () -- C:\Users\Julia\Desktop\Microsoft Outlook 2010.lnk
[2013.01.12 10:09:31 | 000,003,095 | ---- | C] () -- C:\Users\Julia\Desktop\Microsoft PowerPoint 2010.lnk
[2013.01.12 10:08:51 | 000,003,047 | ---- | C] () -- C:\Users\Julia\Desktop\Microsoft Excel 2010.lnk
[2013.01.12 10:08:17 | 000,003,029 | ---- | C] () -- C:\Users\Julia\Desktop\Microsoft Word 2010.lnk
[2013.01.10 20:15:57 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.01.07 17:18:49 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.01.04 12:57:08 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.12.18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 10:06:06 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\3DAudio.ax
[2012.12.18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.03.06 20:20:49 | 000,000,155 | ---- | C] () -- C:\Users\Julia\.Xauthority
[2011.08.12 22:31:47 | 000,135,128 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.05.11 15:43:26 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Acronis
[2012.01.21 11:55:47 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Ape
[2013.01.12 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\BrowserCompanion
[2012.03.13 12:11:21 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2013.01.10 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Dev-Cpp
[2013.01.13 10:44:10 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Dropbox
[2012.04.03 08:43:32 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\elsterformular
[2012.05.04 13:01:10 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\EPSON
[2012.04.22 15:33:51 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Garmin
[2010.11.05 11:46:18 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Lenovo
[2010.11.05 20:34:09 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\OpenOffice.org
[2013.01.12 11:28:44 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Samsung
[2012.08.07 16:47:47 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\texstudio
[2012.03.13 12:42:41 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Ulead Systems
[2011.10.13 11:02:54 | 000,000,000 | ---D | M] -- C:\Users\Julia\AppData\Roaming\Update
 
========== Purity Check ==========
 
 

< End of report >
         
von extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 13.01.2013 10:32:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 0,90 Gb Available Physical Memory | 48,20% Memory free
3,74 Gb Paging File | 2,16 Gb Available in Paging File | 57,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 101,06 Gb Total Space | 16,40 Gb Free Space | 16,22% Space Free | Partition Type: NTFS
Drive D: | 70,14 Gb Total Space | 47,55 Gb Free Space | 67,79% Space Free | Partition Type: NTFS
 
Computer Name: JULIANETBOOK | User Name: Julia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0059EB5B-17D7-45F6-92E6-931D00470493}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{06EA65CA-AD87-43A9-81CD-5669C1EB5FB0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0A4ED58C-59F9-4944-9381-3EFD48354F6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0C783E66-9B80-47E1-8A65-AD451DD9C3F4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0FC030DC-8514-4BAF-95C8-17932591C9F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1A19877F-DC09-4290-9371-794EFB682B6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{26596FCB-BF12-4C30-91D9-618EB91CFCE1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{287F8AE1-E315-4173-9351-0D77B9CBA9ED}" = rport=137 | protocol=17 | dir=out | app=system | 
"{296300B5-6437-4AA3-BD43-573BFA18ECA5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E51EC02-08A8-4B54-A7E2-D1D23CB148F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2F9E6713-DB78-4C6E-821E-1460A1B36D80}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3A2A4B01-6064-4A91-B8BF-372C1C9DAC4F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{47B6207F-4459-4D23-A227-0B5CEE72EAC7}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{50B84BE3-CA3D-4078-977A-06B3DC3E9B26}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5D96FB04-6C13-4C0A-9905-BCEC3A779193}" = rport=445 | protocol=6 | dir=out | app=system | 
"{68443FD6-CF46-4146-AC87-726857BDAE70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6CF49FC7-6FDE-4704-B3CD-5BDC74C200A6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{813E0FAF-2973-4A0F-9168-E11EA80053EE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{829487E7-862C-46D2-A5D8-84DB1B4E7CA1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{90977249-2415-49C5-BC36-35753E1EA344}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{96C6933F-006A-4CED-8099-82562628D935}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A3E2A70A-92B7-4CB1-AE55-3A182C1DD196}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A8904379-602E-4C30-B1B8-09C9812C50F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AB05A028-9596-49EE-AE3D-49131463F1EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BCB92531-8084-4D7C-933A-1C63A1AC9EDB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C889B45D-FC4C-46AD-B75C-F99E4CF7CAB8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CFF5E921-E7BC-41E1-A84C-7709BEA87D06}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E03EAA55-F90B-4B60-813F-C0BE73D43EB1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FC88A832-5B24-4214-BE83-CDB296076425}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0568A131-65E1-4470-AE71-2FA191D5F422}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0A444577-69A0-4BC5-B046-6D6B5296BA86}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{161CB1BA-63B9-49F5-9DB4-2DB6B19AD0E4}" = protocol=17 | dir=in | app=c:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1834E02E-D3AB-40B2-8BBB-FEE7205FC931}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{1E7E387E-41F6-4811-A6DF-C686D3126688}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1F6DECEE-7328-4388-BF0F-8DAEE64A49D6}" = protocol=6 | dir=out | app=system | 
"{27C8EFEC-A6DF-4A49-8AF6-13F32B4E2490}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{34DCBA20-2217-4BE9-9654-E814AB2CD78B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{393F2352-F43E-4512-BCBE-A8B06FAC458F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{39CB87D3-EFD4-4745-9F68-045031160DF3}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{3E3DCAA5-4597-4770-8891-49D15E4DF5A8}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3F6BD762-A8B8-41B4-904D-4FD7286823A0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{57AAE9F1-FD6C-4CFF-80AC-0EE278427D96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F9A05E8-16BF-409C-91F0-D0EA6C1C89D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6359F10E-401A-4D47-8D34-F549140E4ADC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{643CCF63-EE3B-4D9F-9C51-F779BFDAE95E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{6DB4A612-83F0-433E-ADE4-C3DC2D0222A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7445CF72-B359-437A-B7C8-A8D4D9350471}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{75BA789C-9666-416E-8D09-DC1B221C766A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D8522A7-331F-4B86-AA3D-377C8336184C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{80BDADF2-2CBF-4678-B9EB-483516C6DC02}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{815CB7DA-FEEA-4A98-AD52-6572EAF80FE8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{85B5AA00-EB4E-4B7A-931B-CDB16457278D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8644A506-6FE1-4DBE-B124-84BF60BCC241}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{88807097-F0F8-43F1-AC1B-AEA91800336D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{88F9790A-C90F-4EAF-A2CC-7CA8FA05D449}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{89A957AF-7150-498A-913B-2C377287C3B9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{8AC839B6-14EF-4B39-B608-8FF47F3A89D6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{94010015-7D7F-4E21-AE1D-BFE44BF87057}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{94806B7D-89AA-4674-B0FA-953168F53F3B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{98794718-C3F6-40C1-9F91-0C1720F27741}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A17CCD68-CA1D-4B18-A454-88F4C9DF6BFF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A7D5D232-4DF8-4869-BE76-259852D7CD88}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C333364C-556F-4096-B278-93265B408BAB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C4C38968-6697-403D-AE34-AEA4FC1B3C66}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{CC3B62E9-60C9-4F0C-9B51-9D5C4F859B7F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CCC922D8-1F98-4170-B963-55903486EE08}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{DBB4F0C1-9377-4020-9EBF-8399DA8DDF3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{E0A7C805-F010-437F-A867-8BB9BE2E3F4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E15A3DE4-335D-4226-8608-CE0F2ED4409E}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{E9F6F0C9-D321-4055-864F-5E10C50BF9AE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{F0110C09-1837-4C8D-98BB-73B33DB65C9F}" = protocol=6 | dir=in | app=c:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F7E737E7-F8EB-4963-9122-B11F89EBC5CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB968BF0-75CB-4CFB-A90C-2FE7CB15580F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{22E9BF2D-19FD-4528-85DF-2F4208251D92}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe | 
"TCP Query User{53D32F4C-E2D1-4BD4-8928-FBB674E1D244}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe | 
"TCP Query User{5E3F4F1B-0DA7-41F3-9C5D-0BE8C0CB85C9}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe | 
"TCP Query User{9C255F73-730C-4BCF-AB78-DA6B5C1A4574}C:\program files (x86)\generic\usb server\usbserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\generic\usb server\usbserver.exe | 
"TCP Query User{C9AE5846-157E-4B04-9F6D-1F86C160FCE8}C:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{CC490E3C-AF97-4766-B696-84C044B5A7D3}C:\program files (x86)\generic\usb server\usbserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\generic\usb server\usbserver.exe | 
"TCP Query User{CF65485A-A92D-4B2E-BD0A-C3DFF41A9D44}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe | 
"UDP Query User{21D7F6C4-D87B-4A5D-91EA-CADC356F0314}C:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\julia\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{4216E82B-A440-42B7-94F3-64A70EFFF369}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe | 
"UDP Query User{53C0D2C1-F162-43E7-BBA4-6B2F9D2B74D1}C:\program files (x86)\generic\usb server\usbserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\generic\usb server\usbserver.exe | 
"UDP Query User{8A85F106-B7B8-4460-875F-3BA3A08FA89B}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe | 
"UDP Query User{B21B4885-A0AE-4418-ACA9-A0EBC78F26E6}C:\program files (x86)\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\nxclient.exe | 
"UDP Query User{E735F119-51A8-4669-AC44-B4B7772ADFEB}C:\program files (x86)\generic\usb server\usbserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\generic\usb server\usbserver.exe | 
"UDP Query User{EF4827C8-ECDF-4588-B975-C2E328C1D471}C:\program files (x86)\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nx client for windows\bin\nxssh.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi-Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013)
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"CNXT_AUDIO_HDA" = Conexant CX20582 SmartAudio HD
"CutePDF Writer Installation" = CutePDF Writer 2.8
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"EPSON SX235 Series" = Druckerdeinstallation für EPSON SX235 Series
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Integrated Camera" = Integrated Camera
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"W7DevOR" =  Registry Patch to arrange icons in Device and Printers folder of Windows 7
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4330AAE7-1893-42F9-BC38-539A1A60530B}" = Mobile Broadband
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6115A28-F277-4E82-B067-84D28BF21031}" = Nero 7 Premium
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Integrated Camera
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"EasyBCD" = EasyBCD 2.0
"ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular-Update
"EPSON Scanner" = EPSON Scan
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Lenovo Welcome_is1" = Lenovo Welcome
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Pontifex Demo" = Pontifex Demo
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.4
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wubi" = Ubuntu
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Dropbox" = Dropbox
"MiKTeX 2.9" = MiKTeX 2.9
"MyFreeCodec" = MyFreeCodec
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.08.2012 11:02:30 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.08.2012 11:02:30 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5168890
 
Error - 01.08.2012 11:02:30 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5168890
 
Error - 01.08.2012 11:02:31 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.08.2012 11:02:31 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5169904
 
Error - 01.08.2012 11:02:31 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5169904
 
Error - 01.08.2012 11:02:32 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 01.08.2012 11:02:32 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5170902
 
Error - 01.08.2012 11:02:32 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5170902
 
Error - 01.08.2012 11:02:33 | Computer Name = Julianetbook | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ System Events ]
Error - 12.01.2013 09:37:00 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.01.2013 09:47:18 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.01.2013 10:23:28 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 12.01.2013 11:40:09 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 12.01.2013 12:09:56 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 12.01.2013 19:21:49 | Computer Name = Julianetbook | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 13.01.2013 04:35:08 | Computer Name = Julianetbook | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht.
 
Error - 13.01.2013 04:35:08 | Computer Name = Julianetbook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
 wurde aufgrund folgenden Fehlers nicht gestartet:   %%1053
 
Error - 13.01.2013 04:35:32 | Computer Name = Julianetbook | Source = DCOM | ID = 10016
Description = 
 
Error - 13.01.2013 04:35:47 | Computer Name = Julianetbook | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
 
< End of report >
         
__________________

Alt 13.01.2013, 21:34   #4
Juliia
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



und von gmer.log
Code:
ATTFilter
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-13 11:46:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0020 232,89GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Julia\AppData\Local\Temp\kxloipow.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000077b51401 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000077b51419 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000077b51431 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000077b5144a 2 bytes [B5, 77]
.text    ...                                                                                                                            * 9
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         0000000077b514dd 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000077b514f5 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         0000000077b5150d 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000077b51525 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000077b5153d 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000077b51555 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000077b5156d 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000077b51585 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           0000000077b5159d 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000077b515b5 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000077b515cd 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000077b516b2 2 bytes [B5, 77]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000077b516bd 2 bytes [B5, 77]

---- Threads - GMER 2.0 ----

Thread   C:\Windows\System32\spoolsv.exe [1548:1416]                                                                                    000007fef9a510c8
Thread   C:\Windows\System32\spoolsv.exe [1548:1944]                                                                                    000007fef9836144
Thread   C:\Windows\System32\spoolsv.exe [1548:2004]                                                                                    000007fef93c5fd0
Thread   C:\Windows\System32\spoolsv.exe [1548:1940]                                                                                    000007fef9813438
Thread   C:\Windows\System32\spoolsv.exe [1548:1304]                                                                                    000007fef93c63ec
Thread   C:\Windows\System32\spoolsv.exe [1548:1652]                                                                                    000007fef9813438
Thread   C:\Windows\System32\spoolsv.exe [1548:1920]                                                                                    000007fef93c63ec
Thread   C:\Windows\System32\spoolsv.exe [1548:2156]                                                                                    000007fef9a35e5c
Thread   C:\Windows\System32\spoolsv.exe [1548:2176]                                                                                    000007fef9df5074
Thread   C:\Windows\System32\spoolsv.exe [1548:2256]                                                                                    00000000002de0bc
Thread   C:\Windows\System32\spoolsv.exe [1548:2264]                                                                                    000007fef9657b4c
Thread   C:\Windows\System32\spoolsv.exe [1548:2268]                                                                                    000007fef9657b4c
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1616:1880]                                                             0000000073c832fb
Thread   C:\Windows\system32\taskhost.exe [1992:1660]                                                                                   000007fef97e2740
Thread   C:\Windows\system32\taskhost.exe [1992:1656]                                                                                   000007fef9791f38
Thread   C:\Windows\system32\taskhost.exe [1992:2184]                                                                                   000007fefbb01010
Thread   C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2160:2384]                                                       0000000072f329e1
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320:3916]                                                           0000000073ade2db
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320:3116]                                                           000000006e8b4e00
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320:5276]                                                           000000006e8b8de0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320:15500]                                                          000000006e8b8de0
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320:11228]                                                          000000006e8b8de0
Thread   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2356:2496]                       000000007293184f
Thread   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2356:2500]                       000000007293184f
Thread   C:\Windows\system32\svchost.exe [2620:4904]                                                                                    000007fef8318470
Thread   C:\Windows\system32\svchost.exe [2620:4968]                                                                                    000007fef8322418
Thread   C:\Windows\system32\svchost.exe [2620:5908]                                                                                    000007fef540f130
Thread   C:\Windows\system32\svchost.exe [2620:5208]                                                                                    000007fef5404734
Thread   C:\Windows\system32\svchost.exe [2620:6024]                                                                                    000007fef2735f1c
Thread   C:\Windows\system32\svchost.exe [2620:4168]                                                                                    000007fef5404734
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3424:1960]                                                             0000000071478d07
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3424:1560]                                                             0000000071478fdc
Thread   C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3424:1712]                                                             00000000714788f0
Thread   C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [3480:3568]                                                                         00000000738827e1
Thread   C:\Program Files\Intel\WiFi\bin\EvtEng.exe [3992:4312]                                                                         000007fefa3b2f9c
Thread   C:\Program Files\Intel\WiFi\bin\EvtEng.exe [3992:4624]                                                                         000007fefa3b2f9c
Thread   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [12308:12332]                                          000007fef0b8cc10
Thread   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [12308:12336]                                          000007fef0a4b564
Thread   C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [12308:12732]                                          000007fef0a4b564
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\Windows\system32\WLANExt.exe [1480]                                                                000007fefd300000
Library  ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1548]                                                                000007fefaea0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1616]                                         0000000073c30000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe [1900]                               0000000073ca0000
Library  ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1992]                                                               000007fefe320000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2160]                                   0000000075b70000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2320]                                       0000000073bd0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2484]                                           0000000077390000
Library  ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2620]                                                                000007fefbf50000
Library  ? (*** suspicious ***) @ C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe [2816]                            000007fefc1e0000
Library  ? (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2980]                                                  000007fefc2e0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2116]                                  00000000737c0000
Library  ? (*** suspicious ***) @ C:\Windows\system32\rundll32.exe [3164]                                                               000007fefd890000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3424]                                         0000000072d30000
Library  ? (*** suspicious ***) @ C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe [3444]                                     0000000076020000
Library  ? (*** suspicious ***) @ C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [3480]                                                     00000000760b0000
Library  ? (*** suspicious ***) @ C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe [3572]                                                       0000000077390000
Library  ? (*** suspicious ***) @ C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [3688]                                 000007fefd7e0000
Library  ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3836]                                                                000007fefdcc0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [3896]                              0000000073c10000
Library  ? (*** suspicious ***) @ C:\Program Files\Intel\WiFi\bin\EvtEng.exe [3992]                                                     000007feff950000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2036]                         0000000077390000
Library  ? (*** suspicious ***) @ C:\Windows\system32\wbem\unsecapp.exe [4392]                                                          000007fef80b0000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [4832]                            00000000757f0000
Library  ? (*** suspicious ***) @ C:\Program Files\iPod\bin\iPodService.exe [2700]                                                      000007fef5aa0000
Library  ? (*** suspicious ***) @ C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe [5708]                                 0000000003300000
Library  ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [6120]                                             000007fefd350000
Library  ? (*** suspicious ***) @ c:\Program Files (x86)\Lenovo\System Update\SUService.exe [4948]                                      0000000072f30000
Library  ? (*** suspicious ***) @ C:\Windows\system32\wuauclt.exe [10004]                                                               000007fefba40000
Library  ? (*** suspicious ***) @ C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [12308]                       000007fef4c00000

---- Registry - GMER 2.0 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39533c70d                                                    
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39533c70d@7ced8d07ac9c                                       0x54 0x97 0x1B 0xEC ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39533c70d@0021abd644da                                       0xFE 0x12 0xF6 0x92 ...
Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f39533c70d@ccfe3c1975b3                                       0x78 0x3D 0xAE 0x36 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)                                
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39533c70d (not active ControlSet)                                
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39533c70d@7ced8d07ac9c                                           0x54 0x97 0x1B 0xEC ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39533c70d@0021abd644da                                           0xFE 0x12 0xF6 0x92 ...
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f39533c70d@ccfe3c1975b3                                           0x78 0x3D 0xAE 0x36 ...

---- Disk sectors - GMER 2.0 ----

Disk     \Device\Harddisk0\DR0                                                                                                          unknown MBR code

---- EOF - GMER 2.0 ----
         

Alt 13.01.2013, 21:36   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.01.2013, 21:56   #6
Juliia
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Ich habe Avira und Microsoft Safety Scanner laufen lassen. Beide haben keine Funde gemeldet.

Log-Files habe ich sonst leider keine. Unter "C:\Program Files (x86)\Avira\AntiVir Desktop" habe ich keine log-Files gefunden. Oder suche ich an der falschen Stelle?

Alt 13.01.2013, 22:04   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Zitat:
Ich habe Avira und Microsoft Safety Scanner laufen lassen. Beide haben keine Funde gemeldet.
Bitte NIEMALS sowas wie Avira und MSE gleichzeitig nutzen!
Zwei solcher Virenscanner beeinträchtigen das System!

Hast du einen neuen Scan gemacht was da eigentlich nicht tun solltest?! Die Frage war, ob es in der Vergangenheit Funde gab!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.01.2013, 22:15   #8
Juliia
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Auf der Seite von Microsoft steht, dass der "Microsoft Safety Scanner" mit der bestehenden Antivirensoftware kompatibel ist. Deswegen habe ich Avira bei dem Scan nicht abgeschaltet. Beim Avira-Scan war der Microsoft Safety Scanner aber nicht aktiv.
Ich meine nicht die "Microsoft Security Essentials". Die Windows Wartungscenter hat die Empfehlung gegeben in diesem Fall den Microsoft Safety Scanner zu verwenden, deshalb habe ich den verwendet.

Ich habe keine neuen Scans gemacht. Die beiden Scans habe ich gemacht, als ich die Warnung erhalten habe. Jetzt habe ich nur danach gesucht, ob noch alte Log-Files vorhanden sind. Wusste nicht, ob die automatisch irgendwo abgelegt werden oder nicht.

Geändert von Juliia (13.01.2013 um 22:21 Uhr)

Alt 13.01.2013, 22:31   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Ok, also nicht mse, pardon, dann hab ich mich verlesen

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.01.2013, 22:44   #10
Juliia
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Noch eine kleine Frage dazu. Muss ich während des Scans Avira jetzt deaktivieren oder kann ich es laufen lassen?

Alt 13.01.2013, 23:02   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Ja, Avira bitte deaktivieren
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2013, 00:29   #12
Juliia
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Habs jetzt 2 mal laufen lassen. Beim ersten Mal gabs immerhin 5 Funde.

Hier die Logs:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Julia :: JULIANETBOOK [administrator]

13.01.2013 23:50:43
mbar-log-2013-01-13 (23-50-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31930
Time elapsed: 25 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Julia\AppData\Local\Temp\blabbers-ff-le.xpi (PUP.Blabbers) -> Delete on reboot.

(end)
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Julia :: JULIANETBOOK [administrator]

14.01.2013 00:24:16
mbar-log-2013-01-14 (00-24-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31932
Time elapsed: 24 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

Alt 14.01.2013, 08:43   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2013, 20:09   #14
Juliia
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



So, hab die beiden Programme jetzt laufen lassen.

aswMBR ist abgestürzt, so dass ich es mit (none) ausgeführt habe. Hier das Log:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 19:57:45
-----------------------------
19:57:45.879    OS Version: Windows x64 6.1.7601 Service Pack 1
19:57:45.879    Number of processors: 2 586 0x170A
19:57:45.879    ComputerName: JULIANETBOOK  UserName: Julia
19:57:46.861    Initialize success
19:57:58.390    AVAST engine defs: 13011401
19:58:31.119    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:58:31.134    Disk 0 Vendor: ST925031 0020 Size: 238475MB BusType: 3
19:58:31.150    Disk 0 MBR read successfully
19:58:31.150    Disk 0 MBR scan
19:58:31.165    Disk 0 unknown MBR code
19:58:31.181    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1200 MB offset 2048
19:58:31.197    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       103488 MB offset 2459712
19:58:31.212    Disk 0 Partition - 00     05     Extended            133785 MB offset 214403551
19:58:31.259    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        71818 MB offset 214403553
19:58:31.275    Disk 0 Partition - 00     05     Extended             59394 MB offset 361488038
19:58:31.337    Disk 0 scanning C:\Windows\system32\drivers
19:58:53.645    Service scanning
19:59:30.946    Modules scanning
19:59:31.476    Disk 0 trace - called modules:
19:59:31.539    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
19:59:31.554    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80022bf060]
19:59:31.554    3 CLASSPNP.SYS[fffff8800163b43f] -> nt!IofCallDriver -> [0xfffffa80020cc890]
19:59:31.570    5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80020eb050]
19:59:31.585    Scan finished successfully
19:59:49.541    Disk 0 MBR has been saved successfully to "C:\Users\Julia\Desktop\MBR.dat"
19:59:49.557    The log file has been saved successfully to "C:\Users\Julia\Desktop\aswMBR.txt"
         
Hier das Log für den TDSSKiller:
Code:
ATTFilter
20:01:23.0047 6276  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:01:23.0125 6276  ============================================================
20:01:23.0125 6276  Current date / time: 2013/01/14 20:01:23.0125
20:01:23.0125 6276  SystemInfo:
20:01:23.0125 6276  
20:01:23.0125 6276  OS Version: 6.1.7601 ServicePack: 1.0
20:01:23.0125 6276  Product type: Workstation
20:01:23.0125 6276  ComputerName: JULIANETBOOK
20:01:23.0125 6276  UserName: Julia
20:01:23.0125 6276  Windows directory: C:\Windows
20:01:23.0141 6276  System windows directory: C:\Windows
20:01:23.0141 6276  Running under WOW64
20:01:23.0141 6276  Processor architecture: Intel x64
20:01:23.0141 6276  Number of processors: 2
20:01:23.0141 6276  Page size: 0x1000
20:01:23.0141 6276  Boot type: Normal boot
20:01:23.0141 6276  ============================================================
20:01:23.0999 6276  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:01:24.0014 6276  ============================================================
20:01:24.0014 6276  \Device\Harddisk0\DR0:
20:01:24.0014 6276  MBR partitions:
20:01:24.0014 6276  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
20:01:24.0014 6276  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258840, BlocksNum 0xCA20162
20:01:24.0046 6276  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xCC789E1, BlocksNum 0x8C454C5
20:01:24.0077 6276  ============================================================
20:01:24.0108 6276  C: <-> \Device\Harddisk0\DR0\Partition2
20:01:24.0124 6276  D: <-> \Device\Harddisk0\DR0\Partition3
20:01:24.0139 6276  ============================================================
20:01:24.0139 6276  Initialize success
20:01:24.0139 6276  ============================================================
20:02:00.0799 2232  ============================================================
20:02:00.0799 2232  Scan started
20:02:00.0799 2232  Mode: Manual; SigCheck; TDLFS; 
20:02:00.0799 2232  ============================================================
20:02:01.0080 2232  ================ Scan system memory ========================
20:02:01.0080 2232  System memory - ok
20:02:01.0080 2232  ================ Scan services =============================
20:02:01.0330 2232  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:02:01.0532 2232  1394ohci - ok
20:02:01.0595 2232  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:02:01.0642 2232  ACPI - ok
20:02:01.0844 2232  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:02:02.0000 2232  AcpiPmi - ok
20:02:02.0094 2232  [ 40C186D35C0E307240D6BCA399332B24 ] AcPrfMgrSvc     C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
20:02:02.0125 2232  AcPrfMgrSvc - ok
20:02:02.0250 2232  [ 7E0275A22A0CE8C448767ADB9A287F25 ] AcronisOSSReinstallSvc C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
20:02:02.0375 2232  AcronisOSSReinstallSvc ( UnsignedFile.Multi.Generic ) - warning
20:02:02.0375 2232  AcronisOSSReinstallSvc - detected UnsignedFile.Multi.Generic (1)
20:02:02.0500 2232  [ B8659553B6AB4BF34A3CC113A144DEE3 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
20:02:02.0562 2232  AcrSch2Svc - ok
20:02:02.0609 2232  [ 51E12E36BDEB10C0D9DBDB1FA4914800 ] AcSvc           C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
20:02:02.0640 2232  AcSvc - ok
20:02:07.0928 2232  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:02:07.0960 2232  AdobeFlashPlayerUpdateSvc - ok
20:02:08.0038 2232  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:02:08.0100 2232  adp94xx - ok
20:02:08.0131 2232  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:02:08.0162 2232  adpahci - ok
20:02:08.0194 2232  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:02:08.0240 2232  adpu320 - ok
20:02:08.0256 2232  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:02:08.0459 2232  AeLookupSvc - ok
20:02:08.0521 2232  [ D9A76E6E541E2E61C78140B65DB63E6A ] afcdp           C:\Windows\system32\DRIVERS\afcdp.sys
20:02:08.0615 2232  afcdp - ok
20:02:08.0708 2232  [ 8B333E7FF3147A63B15975B512364466 ] afcdpsrv        C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
20:02:08.0880 2232  afcdpsrv - ok
20:02:08.0942 2232  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:02:09.0067 2232  AFD - ok
20:02:09.0114 2232  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:02:09.0161 2232  agp440 - ok
20:02:09.0192 2232  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:02:09.0286 2232  ALG - ok
20:02:09.0317 2232  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:02:09.0332 2232  aliide - ok
20:02:09.0364 2232  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:02:09.0379 2232  amdide - ok
20:02:09.0426 2232  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:02:09.0488 2232  AmdK8 - ok
20:02:09.0520 2232  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:02:09.0551 2232  AmdPPM - ok
20:02:09.0629 2232  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:02:09.0676 2232  amdsata - ok
20:02:09.0707 2232  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:02:09.0738 2232  amdsbs - ok
20:02:09.0769 2232  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:02:09.0800 2232  amdxata - ok
20:02:09.0925 2232  [ D89562A6AE8E07A457452E5B5560EB43 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:02:09.0956 2232  AntiVirSchedulerService - ok
20:02:09.0988 2232  [ E953EB70B3C4F0BA108C35D45420B86B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:02:10.0019 2232  AntiVirService - ok
20:02:10.0081 2232  [ D7D4884904F224ED2902CA2DDEBE577E ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:02:10.0128 2232  AntiVirWebService - ok
20:02:10.0190 2232  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:02:10.0424 2232  AppID - ok
20:02:10.0471 2232  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:02:10.0580 2232  AppIDSvc - ok
20:02:10.0627 2232  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:02:10.0736 2232  Appinfo - ok
20:02:10.0783 2232  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:02:10.0799 2232  Apple Mobile Device - ok
20:02:10.0846 2232  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:02:10.0861 2232  arc - ok
20:02:10.0908 2232  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:02:10.0939 2232  arcsas - ok
20:02:10.0970 2232  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:02:11.0064 2232  AsyncMac - ok
20:02:11.0111 2232  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:02:11.0126 2232  atapi - ok
20:02:11.0204 2232  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:02:11.0329 2232  AudioEndpointBuilder - ok
20:02:11.0360 2232  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:02:11.0438 2232  AudioSrv - ok
20:02:11.0501 2232  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:02:11.0548 2232  avgntflt - ok
20:02:11.0594 2232  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:02:11.0641 2232  avipbb - ok
20:02:11.0672 2232  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:02:11.0704 2232  avkmgr - ok
20:02:11.0797 2232  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:02:11.0906 2232  AxInstSV - ok
20:02:11.0969 2232  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:02:12.0047 2232  b06bdrv - ok
20:02:12.0078 2232  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:02:12.0140 2232  b57nd60a - ok
20:02:12.0250 2232  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:02:12.0296 2232  BBSvc - ok
20:02:12.0359 2232  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:02:12.0406 2232  BBUpdate - ok
20:02:12.0437 2232  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:02:12.0515 2232  BDESVC - ok
20:02:12.0546 2232  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:02:12.0640 2232  Beep - ok
20:02:12.0718 2232  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:02:12.0858 2232  BFE - ok
20:02:12.0936 2232  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:02:13.0092 2232  BITS - ok
20:02:13.0139 2232  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:02:13.0186 2232  blbdrive - ok
20:02:13.0264 2232  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:02:13.0326 2232  Bonjour Service - ok
20:02:13.0357 2232  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:02:13.0466 2232  bowser - ok
20:02:13.0513 2232  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:02:13.0622 2232  BrFiltLo - ok
20:02:13.0638 2232  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:02:13.0654 2232  BrFiltUp - ok
20:02:13.0716 2232  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:02:13.0794 2232  Browser - ok
20:02:13.0841 2232  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:02:13.0903 2232  Brserid - ok
20:02:13.0934 2232  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:02:13.0997 2232  BrSerWdm - ok
20:02:14.0012 2232  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:02:14.0106 2232  BrUsbMdm - ok
20:02:14.0122 2232  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:02:14.0168 2232  BrUsbSer - ok
20:02:14.0246 2232  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
20:02:14.0402 2232  BthEnum - ok
20:02:14.0434 2232  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:02:14.0496 2232  BTHMODEM - ok
20:02:14.0527 2232  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
20:02:14.0558 2232  BthPan - ok
20:02:14.0636 2232  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
20:02:14.0746 2232  BTHPORT - ok
20:02:14.0792 2232  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:02:14.0886 2232  bthserv - ok
20:02:14.0917 2232  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
20:02:14.0948 2232  BTHUSB - ok
20:02:14.0995 2232  [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
20:02:15.0011 2232  btusbflt - ok
20:02:15.0058 2232  [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
20:02:15.0089 2232  btwaudio - ok
20:02:15.0136 2232  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
20:02:15.0168 2232  btwavdt - ok
20:02:15.0277 2232  [ DCF8D8F1F87743509D9C0207CB28637D ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
20:02:15.0355 2232  btwdins - ok
20:02:15.0371 2232  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
20:02:15.0386 2232  btwl2cap - ok
20:02:15.0402 2232  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
20:02:15.0417 2232  btwrchid - ok
20:02:15.0449 2232  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:02:15.0558 2232  cdfs - ok
20:02:15.0620 2232  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:02:15.0667 2232  cdrom - ok
20:02:15.0729 2232  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:02:15.0823 2232  CertPropSvc - ok
20:02:15.0870 2232  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:02:15.0917 2232  circlass - ok
20:02:15.0963 2232  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:02:15.0995 2232  CLFS - ok
20:02:16.0073 2232  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:02:16.0119 2232  clr_optimization_v2.0.50727_32 - ok
20:02:16.0166 2232  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:02:16.0197 2232  clr_optimization_v2.0.50727_64 - ok
20:02:16.0291 2232  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:02:16.0369 2232  clr_optimization_v4.0.30319_32 - ok
20:02:16.0400 2232  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:02:16.0431 2232  clr_optimization_v4.0.30319_64 - ok
20:02:16.0478 2232  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:02:16.0525 2232  CmBatt - ok
20:02:16.0541 2232  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:02:16.0572 2232  cmdide - ok
20:02:16.0634 2232  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:02:16.0790 2232  CNG - ok
20:02:16.0868 2232  [ 572ADA4AF43CADD41B16399411C3F09C ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
20:02:16.0946 2232  CnxtHdAudService - ok
20:02:16.0977 2232  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:02:17.0024 2232  Compbatt - ok
20:02:17.0071 2232  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:02:17.0133 2232  CompositeBus - ok
20:02:17.0165 2232  COMSysApp - ok
20:02:17.0196 2232  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:02:17.0227 2232  crcdisk - ok
20:02:17.0305 2232  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:02:17.0414 2232  CryptSvc - ok
20:02:17.0492 2232  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:02:17.0617 2232  DcomLaunch - ok
20:02:17.0648 2232  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:02:17.0773 2232  defragsvc - ok
20:02:17.0804 2232  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:02:17.0898 2232  DfsC - ok
20:02:17.0991 2232  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:02:18.0101 2232  Dhcp - ok
20:02:18.0132 2232  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:02:18.0225 2232  discache - ok
20:02:18.0257 2232  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:02:18.0272 2232  Disk - ok
20:02:18.0303 2232  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:02:18.0381 2232  Dnscache - ok
20:02:18.0444 2232  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:02:18.0569 2232  dot3svc - ok
20:02:18.0615 2232  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:02:18.0709 2232  DPS - ok
20:02:18.0725 2232  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:02:18.0771 2232  drmkaud - ok
20:02:18.0865 2232  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:02:18.0959 2232  DXGKrnl - ok
20:02:18.0990 2232  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:02:19.0068 2232  EapHost - ok
20:02:19.0193 2232  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:02:19.0364 2232  ebdrv - ok
20:02:19.0411 2232  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:02:19.0520 2232  EFS - ok
20:02:19.0614 2232  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:02:19.0739 2232  ehRecvr - ok
20:02:19.0785 2232  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:02:19.0832 2232  ehSched - ok
20:02:19.0895 2232  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:02:19.0941 2232  elxstor - ok
20:02:19.0988 2232  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:02:20.0082 2232  ErrDev - ok
20:02:20.0097 2232  EST_BusEnum - ok
20:02:20.0144 2232  [ B63CB796F3FC7DF6DB5C0DD7E4A6F16D ] EST_Server      C:\Windows\system32\DRIVERS\GenHC.sys
20:02:20.0175 2232  EST_Server ( UnsignedFile.Multi.Generic ) - warning
20:02:20.0175 2232  EST_Server - detected UnsignedFile.Multi.Generic (1)
20:02:20.0222 2232  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:02:20.0347 2232  EventSystem - ok
20:02:20.0487 2232  [ BDFCB7E8C108D042B213957D2B044E7E ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:02:20.0597 2232  EvtEng - ok
20:02:20.0628 2232  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:02:20.0721 2232  exfat - ok
20:02:20.0753 2232  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:02:20.0831 2232  fastfat - ok
20:02:20.0909 2232  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:02:21.0049 2232  Fax - ok
20:02:21.0065 2232  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:02:21.0111 2232  fdc - ok
20:02:21.0143 2232  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:02:21.0236 2232  fdPHost - ok
20:02:21.0236 2232  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:02:21.0314 2232  FDResPub - ok
20:02:21.0361 2232  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:02:21.0377 2232  FileInfo - ok
20:02:21.0392 2232  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:02:21.0486 2232  Filetrace - ok
20:02:21.0501 2232  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:02:21.0533 2232  flpydisk - ok
20:02:21.0579 2232  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:02:21.0626 2232  FltMgr - ok
20:02:21.0689 2232  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:02:21.0829 2232  FontCache - ok
20:02:21.0891 2232  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:02:21.0923 2232  FontCache3.0.0.0 - ok
20:02:21.0954 2232  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:02:22.0001 2232  FsDepends - ok
20:02:22.0047 2232  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:02:22.0079 2232  Fs_Rec - ok
20:02:22.0157 2232  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:02:22.0203 2232  fvevol - ok
20:02:22.0219 2232  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:02:22.0250 2232  gagp30kx - ok
20:02:22.0313 2232  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:02:22.0344 2232  GEARAspiWDM - ok
20:02:22.0406 2232  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:02:22.0547 2232  gpsvc - ok
20:02:22.0656 2232  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:02:22.0687 2232  gupdate - ok
20:02:22.0718 2232  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:02:22.0734 2232  gupdatem - ok
20:02:22.0765 2232  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:02:22.0827 2232  hcw85cir - ok
20:02:22.0874 2232  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:02:22.0937 2232  HdAudAddService - ok
20:02:22.0968 2232  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:02:23.0030 2232  HDAudBus - ok
20:02:23.0046 2232  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:02:23.0093 2232  HidBatt - ok
20:02:23.0108 2232  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:02:23.0139 2232  HidBth - ok
20:02:23.0171 2232  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:02:23.0217 2232  HidIr - ok
20:02:23.0264 2232  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:02:23.0358 2232  hidserv - ok
20:02:23.0436 2232  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:02:23.0467 2232  HidUsb - ok
20:02:23.0514 2232  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:02:23.0623 2232  hkmsvc - ok
20:02:23.0654 2232  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:02:23.0748 2232  HomeGroupListener - ok
20:02:23.0810 2232  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:02:23.0857 2232  HomeGroupProvider - ok
20:02:23.0919 2232  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:02:23.0951 2232  HpSAMD - ok
20:02:24.0044 2232  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:02:24.0153 2232  HTTP - ok
20:02:24.0200 2232  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:02:24.0231 2232  hwpolicy - ok
20:02:24.0278 2232  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:02:24.0325 2232  i8042prt - ok
20:02:24.0387 2232  [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
20:02:24.0434 2232  IAANTMON - ok
20:02:24.0481 2232  [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:02:24.0528 2232  iaStor - ok
20:02:24.0575 2232  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:02:24.0621 2232  iaStorV - ok
20:02:24.0668 2232  [ 3761FAB385F1C2F51B2FAD48CFABBE9D ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
20:02:24.0684 2232  IBMPMDRV - ok
20:02:24.0699 2232  [ FC22310F3862E2C7C8722EF4778D5CC3 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
20:02:24.0731 2232  IBMPMSVC - ok
20:02:24.0793 2232  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:02:24.0871 2232  idsvc - ok
20:02:25.0105 2232  [ 37A65E3D89F6BBF5719FF9585F99EB7D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:02:25.0401 2232  igfx - ok
20:02:25.0433 2232  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:02:25.0464 2232  iirsp - ok
20:02:25.0542 2232  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:02:25.0667 2232  IKEEXT - ok
20:02:25.0729 2232  [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
20:02:25.0776 2232  IntcHdmiAddService - ok
20:02:25.0823 2232  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:02:25.0854 2232  intelide - ok
20:02:25.0901 2232  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:02:25.0963 2232  intelppm - ok
20:02:26.0010 2232  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:02:26.0088 2232  IPBusEnum - ok
20:02:26.0135 2232  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:02:26.0228 2232  IpFilterDriver - ok
20:02:26.0291 2232  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:02:26.0400 2232  iphlpsvc - ok
20:02:26.0431 2232  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:02:26.0493 2232  IPMIDRV - ok
20:02:26.0525 2232  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:02:26.0603 2232  IPNAT - ok
20:02:26.0696 2232  [ 0F261EC4F514926177C70C1832374231 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:02:26.0759 2232  iPod Service - ok
20:02:26.0790 2232  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:02:26.0899 2232  IRENUM - ok
20:02:26.0946 2232  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:02:26.0961 2232  isapnp - ok
20:02:27.0008 2232  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:02:27.0039 2232  iScsiPrt - ok
20:02:27.0086 2232  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:02:27.0117 2232  kbdclass - ok
20:02:27.0133 2232  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:02:27.0180 2232  kbdhid - ok
20:02:27.0195 2232  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:02:27.0227 2232  KeyIso - ok
20:02:27.0258 2232  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:02:27.0289 2232  KSecDD - ok
20:02:27.0351 2232  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:02:27.0383 2232  KSecPkg - ok
20:02:27.0445 2232  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:02:27.0523 2232  ksthunk - ok
20:02:27.0554 2232  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:02:27.0648 2232  KtmRm - ok
20:02:27.0695 2232  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:02:27.0788 2232  LanmanServer - ok
20:02:27.0851 2232  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:02:27.0944 2232  LanmanWorkstation - ok
20:02:28.0038 2232  [ CAB9C6C37FD0F9612B269349116504B6 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
20:02:28.0069 2232  LENOVO.CAMMUTE - ok
20:02:28.0100 2232  [ C88EB33793420A79F601FB5E33E2EDD9 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
20:02:28.0131 2232  LENOVO.MICMUTE - ok
20:02:28.0147 2232  [ 5ACFF5823634BC2C4EBF559C3B33E18E ] lenovo.smi      C:\Windows\system32\DRIVERS\smiifx64.sys
20:02:28.0178 2232  lenovo.smi - ok
20:02:28.0209 2232  [ 04B5F7F44CCB2FAB615C67ED0E6C8323 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
20:02:28.0225 2232  LENOVO.TPKNRSVC - ok
20:02:28.0241 2232  [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
20:02:28.0256 2232  Lenovo.VIRTSCRLSVC - ok
20:02:28.0287 2232  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:02:28.0365 2232  lltdio - ok
20:02:28.0397 2232  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:02:28.0475 2232  lltdsvc - ok
20:02:28.0490 2232  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:02:28.0553 2232  lmhosts - ok
20:02:28.0584 2232  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:02:28.0615 2232  LSI_FC - ok
20:02:28.0631 2232  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:02:28.0662 2232  LSI_SAS - ok
20:02:28.0677 2232  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:02:28.0709 2232  LSI_SAS2 - ok
20:02:28.0724 2232  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:02:28.0740 2232  LSI_SCSI - ok
20:02:28.0771 2232  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:02:28.0849 2232  luafv - ok
20:02:28.0880 2232  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:02:28.0927 2232  Mcx2Svc - ok
20:02:28.0943 2232  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:02:28.0974 2232  megasas - ok
20:02:28.0989 2232  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:02:29.0021 2232  MegaSR - ok
20:02:29.0052 2232  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:02:29.0130 2232  MMCSS - ok
20:02:29.0145 2232  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:02:29.0223 2232  Modem - ok
20:02:29.0270 2232  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:02:29.0317 2232  monitor - ok
20:02:29.0348 2232  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:02:29.0395 2232  mouclass - ok
20:02:29.0411 2232  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:02:29.0442 2232  mouhid - ok
20:02:29.0504 2232  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:02:29.0535 2232  mountmgr - ok
20:02:29.0613 2232  [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:02:29.0660 2232  MozillaMaintenance - ok
20:02:29.0707 2232  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:02:29.0754 2232  mpio - ok
20:02:29.0785 2232  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:02:29.0863 2232  mpsdrv - ok
20:02:29.0941 2232  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:02:30.0050 2232  MpsSvc - ok
20:02:30.0113 2232  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:02:30.0144 2232  MRxDAV - ok
20:02:30.0175 2232  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:02:30.0253 2232  mrxsmb - ok
20:02:30.0284 2232  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:02:30.0347 2232  mrxsmb10 - ok
20:02:30.0362 2232  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:02:30.0409 2232  mrxsmb20 - ok
20:02:30.0425 2232  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:02:30.0456 2232  msahci - ok
20:02:30.0487 2232  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:02:30.0518 2232  msdsm - ok
20:02:30.0534 2232  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:02:30.0581 2232  MSDTC - ok
20:02:30.0627 2232  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:02:30.0690 2232  Msfs - ok
20:02:30.0705 2232  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:02:30.0783 2232  mshidkmdf - ok
20:02:30.0815 2232  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:02:30.0861 2232  msisadrv - ok
20:02:30.0893 2232  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:02:31.0002 2232  MSiSCSI - ok
20:02:31.0002 2232  msiserver - ok
20:02:31.0049 2232  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:02:31.0111 2232  MSKSSRV - ok
20:02:31.0127 2232  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:02:31.0236 2232  MSPCLOCK - ok
20:02:31.0251 2232  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:02:31.0314 2232  MSPQM - ok
20:02:31.0376 2232  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:02:31.0407 2232  MsRPC - ok
20:02:31.0470 2232  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:02:31.0501 2232  mssmbios - ok
20:02:31.0517 2232  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:02:31.0579 2232  MSTEE - ok
20:02:31.0595 2232  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:02:31.0641 2232  MTConfig - ok
20:02:31.0657 2232  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:02:31.0688 2232  Mup - ok
20:02:31.0735 2232  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:02:31.0860 2232  napagent - ok
20:02:31.0907 2232  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:02:31.0938 2232  NativeWifiP - ok
20:02:32.0016 2232  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:02:32.0094 2232  NDIS - ok
20:02:32.0125 2232  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:02:32.0203 2232  NdisCap - ok
20:02:32.0219 2232  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:02:32.0297 2232  NdisTapi - ok
20:02:32.0343 2232  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:02:32.0421 2232  Ndisuio - ok
20:02:32.0453 2232  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:02:32.0531 2232  NdisWan - ok
20:02:32.0577 2232  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:02:32.0671 2232  NDProxy - ok
20:02:32.0718 2232  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:02:32.0796 2232  NetBIOS - ok
20:02:32.0858 2232  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:02:32.0936 2232  NetBT - ok
20:02:32.0952 2232  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:02:32.0967 2232  Netlogon - ok
20:02:33.0014 2232  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:02:33.0123 2232  Netman - ok
20:02:33.0155 2232  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:02:33.0248 2232  netprofm - ok
20:02:33.0279 2232  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:02:33.0295 2232  NetTcpPortSharing - ok
20:02:33.0498 2232  [ E72F4522801FFB8F0456924FB0017BFF ] NETw1v64        C:\Windows\system32\DRIVERS\NETw1v64.sys
20:02:33.0888 2232  NETw1v64 - ok
20:02:34.0122 2232  [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
20:02:34.0449 2232  NETw5s64 - ok
20:02:34.0637 2232  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
20:02:34.0886 2232  netw5v64 - ok
20:02:35.0151 2232  [ EB43840BABF5589E33186D094DE7381D ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
20:02:35.0463 2232  NETwNs64 - ok
20:02:35.0510 2232  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:02:35.0541 2232  nfrd960 - ok
20:02:35.0604 2232  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:02:35.0682 2232  NlaSvc - ok
20:02:35.0775 2232  [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
20:02:35.0822 2232  NMIndexingService - ok
20:02:35.0838 2232  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:02:35.0916 2232  Npfs - ok
20:02:35.0947 2232  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:02:36.0009 2232  nsi - ok
20:02:36.0041 2232  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:02:36.0119 2232  nsiproxy - ok
20:02:36.0212 2232  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:02:36.0321 2232  Ntfs - ok
20:02:36.0353 2232  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:02:36.0431 2232  Null - ok
20:02:36.0446 2232  NUS_Bus - ok
20:02:36.0493 2232  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:02:36.0524 2232  nvraid - ok
20:02:36.0555 2232  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:02:36.0571 2232  nvstor - ok
20:02:36.0602 2232  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:02:36.0618 2232  nv_agp - ok
20:02:36.0649 2232  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:02:36.0680 2232  ohci1394 - ok
20:02:36.0758 2232  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:02:36.0789 2232  ose - ok
20:02:37.0008 2232  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:02:37.0273 2232  osppsvc - ok
20:02:37.0320 2232  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:02:37.0413 2232  p2pimsvc - ok
20:02:37.0460 2232  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:02:37.0538 2232  p2psvc - ok
20:02:37.0554 2232  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:02:37.0601 2232  Parport - ok
20:02:37.0632 2232  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:02:37.0679 2232  partmgr - ok
20:02:37.0710 2232  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:02:37.0788 2232  PcaSvc - ok
20:02:37.0881 2232  [ ACD84D961942E2204A4475F9AF356F2E ] PCDSRVC{127174DC-C366ED8B-06020000}_0 c:\program files\pc-doctor\pcdsrvc_x64.pkms
20:02:37.0991 2232  PCDSRVC{127174DC-C366ED8B-06020000}_0 - ok
20:02:38.0037 2232  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:02:38.0084 2232  pci - ok
20:02:38.0115 2232  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:02:38.0147 2232  pciide - ok
20:02:38.0178 2232  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:02:38.0225 2232  pcmcia - ok
20:02:38.0240 2232  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:02:38.0271 2232  pcw - ok
20:02:38.0303 2232  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:02:38.0428 2232  PEAUTH - ok
20:02:38.0506 2232  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:02:38.0552 2232  PerfHost - ok
20:02:38.0662 2232  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:02:38.0786 2232  pla - ok
20:02:38.0833 2232  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:02:38.0927 2232  PlugPlay - ok
20:02:38.0958 2232  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:02:39.0020 2232  PNRPAutoReg - ok
20:02:39.0052 2232  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:02:39.0083 2232  PNRPsvc - ok
20:02:39.0130 2232  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:02:39.0254 2232  PolicyAgent - ok
20:02:39.0286 2232  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:02:39.0364 2232  Power - ok
20:02:39.0426 2232  [ BAC02775CF629E5FE80BEA952F4448EF ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
20:02:39.0457 2232  Power Manager DBC Service - ok
20:02:39.0504 2232  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:02:39.0598 2232  PptpMiniport - ok
20:02:39.0644 2232  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:02:39.0676 2232  Processor - ok
20:02:39.0738 2232  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:02:39.0832 2232  ProfSvc - ok
20:02:39.0863 2232  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:02:39.0894 2232  ProtectedStorage - ok
20:02:39.0925 2232  [ 515A7C5A0886FCC60901916785EFD549 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
20:02:39.0956 2232  psadd - ok
20:02:40.0003 2232  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:02:40.0097 2232  Psched - ok
20:02:40.0159 2232  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:02:40.0253 2232  ql2300 - ok
20:02:40.0268 2232  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:02:40.0300 2232  ql40xx - ok
20:02:40.0331 2232  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:02:40.0378 2232  QWAVE - ok
20:02:40.0393 2232  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:02:40.0440 2232  QWAVEdrv - ok
20:02:40.0471 2232  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:02:40.0534 2232  RasAcd - ok
20:02:40.0580 2232  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:02:40.0658 2232  RasAgileVpn - ok
20:02:40.0690 2232  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:02:40.0783 2232  RasAuto - ok
20:02:40.0830 2232  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:02:40.0924 2232  Rasl2tp - ok
20:02:40.0970 2232  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:02:41.0111 2232  RasMan - ok
20:02:41.0142 2232  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:02:41.0236 2232  RasPppoe - ok
20:02:41.0267 2232  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:02:41.0360 2232  RasSstp - ok
20:02:41.0423 2232  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:02:41.0501 2232  rdbss - ok
20:02:41.0532 2232  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:02:41.0579 2232  rdpbus - ok
20:02:41.0610 2232  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:02:41.0688 2232  RDPCDD - ok
20:02:41.0735 2232  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:02:41.0813 2232  RDPENCDD - ok
20:02:41.0828 2232  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:02:41.0891 2232  RDPREFMP - ok
20:02:41.0938 2232  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:02:42.0016 2232  RDPWD - ok
20:02:42.0094 2232  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:02:42.0140 2232  rdyboost - ok
20:02:42.0250 2232  [ A6BAEA839CC888D4961AB5FE16BB8C4A ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:02:42.0328 2232  RegSrvc - ok
20:02:42.0359 2232  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:02:42.0468 2232  RemoteAccess - ok
20:02:42.0484 2232  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:02:42.0577 2232  RemoteRegistry - ok
20:02:42.0608 2232  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
20:02:42.0640 2232  RFCOMM - ok
20:02:42.0671 2232  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:02:42.0733 2232  RpcEptMapper - ok
20:02:42.0764 2232  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:02:42.0811 2232  RpcLocator - ok
20:02:42.0874 2232  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:02:42.0952 2232  RpcSs - ok
20:02:43.0014 2232  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:02:43.0123 2232  rspndr - ok
20:02:43.0170 2232  [ 763AE0C6D9DF4C24B7E2C26036A8188A ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
20:02:43.0217 2232  RSUSBSTOR - ok
20:02:43.0264 2232  [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:02:43.0295 2232  RTL8167 - ok
20:02:43.0310 2232  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:02:43.0342 2232  SamSs - ok
20:02:43.0388 2232  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:02:43.0404 2232  sbp2port - ok
20:02:43.0435 2232  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:02:43.0576 2232  SCardSvr - ok
20:02:43.0607 2232  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:02:43.0716 2232  scfilter - ok
20:02:43.0794 2232  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:02:43.0919 2232  Schedule - ok
20:02:43.0966 2232  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:02:44.0028 2232  SCPolicySvc - ok
20:02:44.0090 2232  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
20:02:44.0153 2232  sdbus - ok
20:02:44.0184 2232  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:02:44.0278 2232  SDRSVC - ok
20:02:44.0324 2232  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:02:44.0418 2232  secdrv - ok
20:02:44.0465 2232  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:02:44.0543 2232  seclogon - ok
20:02:44.0590 2232  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:02:44.0668 2232  SENS - ok
20:02:44.0699 2232  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:02:44.0777 2232  SensrSvc - ok
20:02:44.0792 2232  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:02:44.0839 2232  Serenum - ok
20:02:44.0886 2232  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:02:44.0933 2232  Serial - ok
20:02:44.0980 2232  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:02:45.0011 2232  sermouse - ok
20:02:45.0089 2232  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:02:45.0198 2232  SessionEnv - ok
20:02:45.0245 2232  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:02:45.0307 2232  sffdisk - ok
20:02:45.0323 2232  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:02:45.0354 2232  sffp_mmc - ok
20:02:45.0370 2232  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:02:45.0416 2232  sffp_sd - ok
20:02:45.0448 2232  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:02:45.0479 2232  sfloppy - ok
20:02:45.0526 2232  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:02:45.0604 2232  SharedAccess - ok
20:02:45.0666 2232  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:02:45.0760 2232  ShellHWDetection - ok
20:02:45.0791 2232  [ C45942985943FC4AB8A7EA7A92F29C00 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
20:02:45.0806 2232  Shockprf - ok
20:02:45.0838 2232  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:02:45.0869 2232  SiSRaid2 - ok
20:02:45.0884 2232  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:02:45.0900 2232  SiSRaid4 - ok
20:02:45.0962 2232  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:02:45.0994 2232  SkypeUpdate - ok
20:02:46.0056 2232  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:02:46.0150 2232  Smb - ok
20:02:46.0212 2232  [ 0775CB5147953CCE129BC3414740D109 ] snapman         C:\Windows\system32\DRIVERS\snapman.sys
20:02:46.0259 2232  snapman - ok
20:02:46.0290 2232  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:02:46.0352 2232  SNMPTRAP - ok
20:02:46.0368 2232  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:02:46.0399 2232  spldr - ok
20:02:46.0462 2232  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:02:46.0524 2232  Spooler - ok
20:02:46.0664 2232  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:02:46.0867 2232  sppsvc - ok
20:02:46.0898 2232  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:02:46.0976 2232  sppuinotify - ok
20:02:47.0008 2232  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:02:47.0070 2232  srv - ok
20:02:47.0101 2232  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:02:47.0132 2232  srv2 - ok
20:02:47.0179 2232  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:02:47.0226 2232  SrvHsfHDA - ok
20:02:47.0288 2232  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:02:47.0398 2232  SrvHsfV92 - ok
20:02:47.0429 2232  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:02:47.0507 2232  SrvHsfWinac - ok
20:02:47.0538 2232  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:02:47.0600 2232  srvnet - ok
20:02:47.0647 2232  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:02:47.0741 2232  SSDPSRV - ok
20:02:47.0772 2232  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:02:47.0834 2232  SstpSvc - ok
20:02:47.0881 2232  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:02:47.0912 2232  stexstor - ok
20:02:47.0959 2232  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:02:48.0068 2232  stisvc - ok
20:02:48.0162 2232  [ 7F7958C5B40F9441D1E8D704310D46FF ] SUService       c:\Program Files (x86)\Lenovo\System Update\SUService.exe
20:02:48.0193 2232  SUService ( UnsignedFile.Multi.Generic ) - warning
20:02:48.0193 2232  SUService - detected UnsignedFile.Multi.Generic (1)
20:02:48.0240 2232  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:02:48.0271 2232  swenum - ok
20:02:48.0318 2232  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:02:48.0458 2232  swprv - ok
20:02:48.0536 2232  [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:02:48.0646 2232  SynTP - ok
20:02:48.0770 2232  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:02:48.0895 2232  SysMain - ok
20:02:48.0942 2232  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:02:48.0989 2232  TabletInputService - ok
20:02:49.0036 2232  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:02:49.0129 2232  TapiSrv - ok
20:02:49.0160 2232  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:02:49.0223 2232  TBS - ok
20:02:49.0332 2232  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:02:49.0441 2232  Tcpip - ok
20:02:49.0519 2232  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:02:49.0597 2232  TCPIP6 - ok
20:02:49.0613 2232  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:02:49.0660 2232  tcpipreg - ok
20:02:49.0691 2232  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:02:49.0753 2232  TDPIPE - ok
20:02:49.0847 2232  [ BF7AC81DF6FBE09438D9DC7188178EA9 ] tdrpman258      C:\Windows\system32\DRIVERS\tdrpm258.sys
20:02:49.0940 2232  tdrpman258 - ok
20:02:49.0987 2232  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:02:50.0034 2232  TDTCP - ok
20:02:50.0096 2232  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:02:50.0190 2232  tdx - ok
20:02:50.0284 2232  [ 839E88DB24D2D8F05B72E12B175951CA ] TeamViewer6     C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
20:02:50.0408 2232  TeamViewer6 - ok
20:02:50.0471 2232  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:02:50.0486 2232  TermDD - ok
20:02:50.0549 2232  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:02:50.0690 2232  TermService - ok
20:02:50.0737 2232  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:02:50.0799 2232  Themes - ok
20:02:50.0893 2232  [ 39AC444E07FDBD8C2E8E291A65D515D3 ] ThinkVantage Registry Monitor Service C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
20:02:50.0971 2232  ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
20:02:50.0971 2232  ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
20:02:51.0002 2232  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:02:51.0080 2232  THREADORDER - ok
20:02:51.0127 2232  [ 2C1CAF5563548A15515EAB07D2A069C6 ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
20:02:51.0189 2232  timounter - ok
20:02:51.0205 2232  [ 6DB3FAE611554DC373E266ED50111B1C ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
20:02:51.0236 2232  TPDIGIMN - ok
20:02:51.0267 2232  [ 47D2009FDC682833EE03B6DCBA23FDD2 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
20:02:51.0283 2232  TPHDEXLGSVC - ok
20:02:51.0330 2232  [ 2CF225E19490F499528B926263FE4554 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
20:02:51.0361 2232  TPHKSVC - ok
20:02:51.0408 2232  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
20:02:51.0455 2232  TPM - ok
20:02:51.0501 2232  [ 2C067E01D6BBCCC88B233B868E210907 ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
20:02:51.0517 2232  TPPWRIF - ok
20:02:51.0564 2232  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:02:51.0642 2232  TrkWks - ok
20:02:51.0720 2232  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:02:51.0813 2232  TrustedInstaller - ok
20:02:51.0860 2232  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:02:51.0969 2232  tssecsrv - ok
20:02:52.0047 2232  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:02:52.0125 2232  TsUsbFlt - ok
20:02:52.0188 2232  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:02:52.0297 2232  tunnel - ok
20:02:52.0406 2232  [ 4581A61AD590BC3CCDF2759D0BDD69FC ] TVT Backup Service C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
20:02:52.0515 2232  TVT Backup Service - ok
20:02:52.0547 2232  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:02:52.0562 2232  uagp35 - ok
20:02:52.0609 2232  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:02:52.0718 2232  udfs - ok
20:02:52.0765 2232  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:02:52.0827 2232  UI0Detect - ok
20:02:52.0843 2232  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:02:52.0890 2232  uliagpkx - ok
20:02:52.0921 2232  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:02:52.0983 2232  umbus - ok
20:02:53.0015 2232  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:02:53.0061 2232  UmPass - ok
20:02:53.0108 2232  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:02:53.0217 2232  upnphost - ok
20:02:53.0280 2232  [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:02:53.0327 2232  USBAAPL64 - ok
20:02:53.0389 2232  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:02:53.0436 2232  usbccgp - ok
20:02:53.0467 2232  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:02:53.0514 2232  usbcir - ok
20:02:53.0529 2232  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:02:53.0561 2232  usbehci - ok
20:02:53.0592 2232  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:02:53.0639 2232  usbhub - ok
20:02:53.0654 2232  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:02:53.0701 2232  usbohci - ok
20:02:53.0748 2232  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:02:53.0779 2232  usbprint - ok
20:02:53.0795 2232  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:02:53.0841 2232  usbscan - ok
20:02:53.0888 2232  [ 63FE600D71D72EB960FF01B0F0E5D837 ] usbsmi          C:\Windows\system32\DRIVERS\SMIksdrv.sys
20:02:53.0966 2232  usbsmi - ok
20:02:53.0997 2232  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:02:54.0060 2232  USBSTOR - ok
20:02:54.0122 2232  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:02:54.0169 2232  usbuhci - ok
20:02:54.0216 2232  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:02:54.0263 2232  usbvideo - ok
20:02:54.0309 2232  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:02:54.0419 2232  UxSms - ok
20:02:54.0434 2232  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:02:54.0465 2232  VaultSvc - ok
20:02:54.0512 2232  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:02:54.0543 2232  vdrvroot - ok
20:02:54.0606 2232  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:02:54.0715 2232  vds - ok
20:02:54.0746 2232  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:02:54.0777 2232  vga - ok
20:02:54.0793 2232  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:02:54.0871 2232  VgaSave - ok
20:02:54.0902 2232  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:02:54.0949 2232  vhdmp - ok
20:02:54.0996 2232  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:02:55.0027 2232  viaide - ok
20:02:55.0058 2232  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:02:55.0074 2232  volmgr - ok
20:02:55.0136 2232  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:02:55.0183 2232  volmgrx - ok
20:02:55.0199 2232  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:02:55.0230 2232  volsnap - ok
20:02:55.0261 2232  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:02:55.0292 2232  vsmraid - ok
20:02:55.0370 2232  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:02:55.0511 2232  VSS - ok
20:02:55.0526 2232  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:02:55.0573 2232  vwifibus - ok
20:02:55.0589 2232  [ 6A3D66263414FF0D6FA754C646612F3F ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:02:55.0620 2232  VWiFiFlt - ok
20:02:55.0635 2232  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:02:55.0682 2232  vwifimp - ok
20:02:55.0713 2232  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:02:55.0791 2232  W32Time - ok
20:02:55.0807 2232  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:02:55.0854 2232  WacomPen - ok
20:02:55.0901 2232  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:02:56.0010 2232  WANARP - ok
20:02:56.0025 2232  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:02:56.0088 2232  Wanarpv6 - ok
20:02:56.0181 2232  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:02:56.0337 2232  wbengine - ok
20:02:56.0369 2232  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:02:56.0415 2232  WbioSrvc - ok
20:02:56.0478 2232  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:02:56.0525 2232  wcncsvc - ok
20:02:56.0556 2232  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:02:56.0587 2232  WcsPlugInService - ok
20:02:56.0618 2232  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:02:56.0634 2232  Wd - ok
20:02:56.0696 2232  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:02:56.0774 2232  Wdf01000 - ok
20:02:56.0790 2232  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:02:56.0930 2232  WdiServiceHost - ok
20:02:56.0946 2232  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:02:56.0993 2232  WdiSystemHost - ok
20:02:57.0039 2232  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:02:57.0102 2232  WebClient - ok
20:02:57.0149 2232  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:02:57.0242 2232  Wecsvc - ok
20:02:57.0258 2232  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:02:57.0351 2232  wercplsupport - ok
20:02:57.0398 2232  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:02:57.0461 2232  WerSvc - ok
20:02:57.0492 2232  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:02:57.0570 2232  WfpLwf - ok
20:02:57.0601 2232  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:02:57.0617 2232  WIMMount - ok
20:02:57.0648 2232  WinDefend - ok
20:02:57.0663 2232  WinHttpAutoProxySvc - ok
20:02:57.0726 2232  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:02:57.0819 2232  Winmgmt - ok
20:02:57.0913 2232  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:02:58.0116 2232  WinRM - ok
20:02:58.0194 2232  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:02:58.0241 2232  WinUsb - ok
20:02:58.0319 2232  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:02:58.0428 2232  Wlansvc - ok
20:02:58.0490 2232  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:02:58.0521 2232  WmiAcpi - ok
20:02:58.0568 2232  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:02:58.0631 2232  wmiApSrv - ok
20:02:58.0662 2232  WMPNetworkSvc - ok
20:02:58.0693 2232  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:02:58.0755 2232  WPCSvc - ok
20:02:58.0802 2232  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:02:58.0849 2232  WPDBusEnum - ok
20:02:58.0865 2232  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:02:58.0943 2232  ws2ifsl - ok
20:02:58.0974 2232  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:02:59.0021 2232  wscsvc - ok
20:02:59.0067 2232  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:02:59.0130 2232  WSDPrintDevice - ok
20:02:59.0177 2232  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
20:02:59.0208 2232  WSDScan - ok
20:02:59.0223 2232  WSearch - ok
20:02:59.0333 2232  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:02:59.0473 2232  wuauserv - ok
20:02:59.0535 2232  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:02:59.0598 2232  WudfPf - ok
20:02:59.0645 2232  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:02:59.0660 2232  WUDFRd - ok
20:02:59.0691 2232  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:02:59.0738 2232  wudfsvc - ok
20:02:59.0769 2232  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:02:59.0847 2232  WwanSvc - ok
20:02:59.0894 2232  ================ Scan global ===============================
20:02:59.0925 2232  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:02:59.0988 2232  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:03:00.0003 2232  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:03:00.0035 2232  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:03:00.0081 2232  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:03:00.0097 2232  [Global] - ok
20:03:00.0097 2232  ================ Scan MBR ==================================
20:03:00.0113 2232  [ BDDAC1C2E1E8254940F70294052B3E08 ] \Device\Harddisk0\DR0
20:03:00.0393 2232  \Device\Harddisk0\DR0 - ok
20:03:00.0393 2232  ================ Scan VBR ==================================
20:03:00.0393 2232  [ AD73BC8586304E5C45074D43C7E44C09 ] \Device\Harddisk0\DR0\Partition1
20:03:00.0393 2232  \Device\Harddisk0\DR0\Partition1 - ok
20:03:00.0440 2232  [ 371E8DBB9895925597943D4ED24AC49F ] \Device\Harddisk0\DR0\Partition2
20:03:00.0456 2232  \Device\Harddisk0\DR0\Partition2 - ok
20:03:00.0456 2232  [ 173456371AAF7ED64C8E38D5CDDFCEC9 ] \Device\Harddisk0\DR0\Partition3
20:03:00.0471 2232  \Device\Harddisk0\DR0\Partition3 - ok
20:03:00.0471 2232  ============================================================
20:03:00.0471 2232  Scan finished
20:03:00.0471 2232  ============================================================
20:03:00.0503 2868  Detected object count: 4
20:03:00.0503 2868  Actual detected object count: 4
20:03:31.0921 2868  AcronisOSSReinstallSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:31.0921 2868  AcronisOSSReinstallSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:31.0921 2868  EST_Server ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:31.0921 2868  EST_Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:31.0921 2868  SUService ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:31.0921 2868  SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:03:31.0921 2868  ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:03:31.0921 2868  ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 14.01.2013, 22:14   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TrojanDownloader:Win32/Adload.DA-Virus - Standard

TrojanDownloader:Win32/Adload.DA-Virus



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TrojanDownloader:Win32/Adload.DA-Virus
befindet, downloader, externe, externe festplatte, festplatte, gestern, gmer, hilfe!, lange, laptop, laufen, melde, meldung, microsoft, nichts, platte, scan, scanner, schei, trojandownloader, trojandownloader:win32/adload.da-virus, ubuntu, virus, win, win32/adload.da-virus, win7



Ähnliche Themen: TrojanDownloader:Win32/Adload.DA-Virus


  1. Windows 7: Win32/Adload.DA-Virus
    Log-Analyse und Auswertung - 21.11.2015 (13)
  2. Wartungscenter meldet Fund des TrojanDownloader:Win32/Adload.DA
    Log-Analyse und Auswertung - 13.01.2015 (7)
  3. TrojanDownloader win32/adload.da-virus
    Plagegeister aller Art und deren Bekämpfung - 10.04.2014 (9)
  4. TrojanDownloader:Win32/Adload.DA richtig entfernen
    Log-Analyse und Auswertung - 18.03.2014 (21)
  5. Win 7: TrojanDownloader:Win32/Adload.DA-Virus kann mit MS-Tool nicht entfernt werden
    Log-Analyse und Auswertung - 06.01.2014 (13)
  6. trojandownloader win32/adload.da
    Log-Analyse und Auswertung - 10.11.2013 (9)
  7. Windows-Wartungscenter meldet mir: Entfernen des TrojanDownloader:Win32/Adload.DA-Virus
    Plagegeister aller Art und deren Bekämpfung - 10.09.2013 (1)
  8. TrojanDownloader:Win32/Adload.DA-Virus gefunden
    Log-Analyse und Auswertung - 30.06.2013 (8)
  9. TrojanDownloader: Win32/Adload.DA-Virus eingefangen! Wie kann ich ihn entfernen?
    Log-Analyse und Auswertung - 27.06.2013 (1)
  10. TrojanDownloader:Win32/Adload.DA
    Log-Analyse und Auswertung - 13.06.2013 (15)
  11. TrojanDownloader:Win32/Adload.DA-Virus
    Log-Analyse und Auswertung - 02.05.2013 (9)
  12. TrojanDownloader: Win32/Adload.DA-Virus
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (17)
  13. TrojanDownloader:Win32/Adload.DA
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (17)
  14. TrojanDownloader:Win32/Adload.Da-Virus
    Log-Analyse und Auswertung - 06.02.2013 (17)
  15. TrojanDownloader:Win32/Adload.DA-Virus
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (19)
  16. TrojanDownloader:Win32/Adload.DA !?
    Plagegeister aller Art und deren Bekämpfung - 11.12.2012 (41)
  17. Wartungscenter Meldung: TrojanDownloader: Win32/Adload.DA Virus
    Plagegeister aller Art und deren Bekämpfung - 06.11.2012 (3)

Zum Thema TrojanDownloader:Win32/Adload.DA-Virus - Hallo, das Win7 Wartungscenter meldete den Virus "TrojanDownloader:Win32/Adload.DA-Virus". Wie empfohlen habe ich den "Microsoft Safety Scanner" ausgeführt. Dieser hat aber nichts gefunden. In der Meldung vom Wartungscenter stand, dass der - TrojanDownloader:Win32/Adload.DA-Virus...
Archiv
Du betrachtest: TrojanDownloader:Win32/Adload.DA-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.