Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.

Morgensonne · 21.02.2012, 08:55

Ich habe versucht, alles so zu befolgen wie es in den Anleitungen steht. Anbei also die Logfiles....Ich habe gerade gemerkt, dass ich keine gmer.txt habe. Muss ich dafür nochmal scannen?
DANKE für eure Hilfe!!!

Anhang 30083

Anhang 30084[ATTACH]Anhang 30086[/ATTACH][/ATTACH]

Morgensonne · 21.02.2012, 10:08

Nachdem ich in anderen Beiträgen gelesen habe, habe ich Malwarebytes runtergeladen und einen Quickscan gemacht. Es gab 2 Funde, die ich entfernt habe. Hier der Report: (user-name wurde durch xy ersetzt)

alwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.02.21.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
neu :: xy [Administrator]

21.02.2012 09:27:08
mbam-log-2012-02-21 (09-27-08).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238745
Laufzeit: 12 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\xy\AppData\Local\Temp\0.9763775628601785.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\xy\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Messa) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Morgensonne · 21.02.2012, 12:08

So, und da ich ja nicht untätig rumsitzen kann, habe ich weiter in anderen Beiträgen gelesen. Da wurde auch ein kompletter Scan mit Malwarebytes vorgeschlagen, deshalb hab ich das auch noch gemacht. Und wieder gab es 2 Funde. Ich habe sie wieder entfernt. Hier der Report:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.21.02

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
xy :: NB-y[administrator]

21.02.2012 10:19:40
mbam-log-2012-02-21 (10-19-40).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 452740
Time elapsed: 1 hour(s), 30 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: @biocpl.dll,-1 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{328C6518-2901-11DF-A9DB-806E6F6E6963} (Trojan.ZbotR.Gen) -> Data: C:\Users\xy\AppData\Roaming\Microsoft\torrent.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Morgensonne · 21.02.2012, 15:16

Liebes Tojaner-Board-Team,
ich weiß, ich darf nicht ungeduldig sein. Ich möchte nur wissen, ob mir jemand Bescheid gibt, wenn mir nicht geholfen werden kann oder wenn ich etwas falsch gemacht habe. Ich sitze hier wie auf Kohlen und muss unbedingt eine Lösung finden.

Ich danke euch bereits jetzt vielmals für eure Mühen!

Sandra

cosinus · 21.02.2012, 19:25

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Morgensonne · 22.02.2012, 12:50

Hallo cosinus, danke schon mal!
Hier das ESET Ergebnis:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=91894d9a1d91c2489624ba958811c6ed
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-22 11:41:33
# local_time=2012-02-22 12:41:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 23538303 23538303 0 0
# compatibility_mode=5893 16776573 100 94 31089 81494148 0 0
# compatibility_mode=8192 67108863 100 0 3834 3834 0 0
# scanned=374992
# found=1
# cleaned=0
# scan_time=47936
C:\Users\sandra.langenberg\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

cosinus · 22.02.2012, 14:56

Zitat:

C:\Users\sandra.langenberg\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Morgensonne · 23.02.2012, 09:24

Code:

ATTFilter

 

OTL logfile created on: 22.02.2012 15:41:11 - Run 2
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\sandra.langenberg\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,90 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 36,45% Memory free
3,80 Gb Paging File | 1,99 Gb Available in Paging File | 52,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221,95 Gb Total Space | 100,22 Gb Free Space | 45,15% Space Free | Partition Type: NTFS
Drive E: | 3,79 Gb Total Space | 3,48 Gb Free Space | 91,81% Space Free | Partition Type: FAT32
Drive Q: | 9,77 Gb Total Space | 2,91 Gb Free Space | 29,82% Space Free | Partition Type: NTFS
 
Computer Name: NB-LANGENBERG | User Name: sandra.langenberg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\sandra.langenberg\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\sandra.langenberg\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
PRC - C:\Programme\Memeo\AutoBackup\InstantBackup.exe ()
PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Users\sandra.langenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\DTS.exe ()
PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Agent\agent.exe (Acronis)
PRC - C:\Programme\Acronis\BackupAndRecovery\mms.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Lenovo\Lenovo Mouse Suite\PelService.exe ()
PRC - C:\Programme\Lenovo\Lenovo Mouse Suite\PelElvDm.exe ()
PRC - C:\Programme\Lenovo\Lenovo Mouse Suite\ICO.exe (Primax Electronics Ltd.)
PRC - C:\Programme\Join Air\AssistantServices.exe ()
PRC - C:\Programme\Join Air\UIExec.exe ()
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Programme\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE ()
PRC - C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\79f80214eded08cc047324ffc7486bb8\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll ()
MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.UI.dll ()
MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()
MOD - C:\Programme\Memeo\AutoBackup\InstantBackup.exe ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Memeo\AutoBackup\sqlite3.dll ()
MOD - C:\Programme\Memeo\AutoBackup\Mono.Nat.dll ()
MOD - C:\Programme\Common Files\Memeo\ProfMan.dll ()
MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Programme\Join Air\UIExec.exe ()
MOD - C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe ()
MOD - C:\Programme\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ApRunSvc) --  File not found
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (MemeoBackgroundService) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TGCM_ImportWiFiSvc) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (dtsvc) -- C:\Windows\System32\DTS.exe ()
SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe ()
SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AcronisAgent) -- C:\Program Files\Common Files\Acronis\Agent\agent.exe (Acronis)
SRV - (MMS) -- C:\Program Files\Acronis\BackupAndRecovery\mms.exe (Acronis)
SRV - (PelService) -- C:\Programme\Lenovo\Lenovo Mouse Suite\PelService.exe ()
SRV - (UI Assistant Service) -- C:\Programme\Join Air\AssistantServices.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (Lexware_Professional_Datenbank) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (DozeHDD) -- C:\Windows\System32\DRIVERS\DozeHDD.sys (Lenovo.)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV - (NETwNs32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (PCDSRVC{C4B36920-79E24793-06000000}_0) -- c:\Programme\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (pelmoubt) -- C:\Windows\System32\drivers\PELMOUBT.SYS (Primax Electronics Ltd.)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (pelbtm) -- C:\Windows\System32\drivers\PELBTM.SYS (Primax Electronics Ltd.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f47c9e9a000000000000506313cb584d&tlver=1.4.19.19&ss=1&affID=17395
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local,127.0.0.1:9421,"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files\Canon\APU\npCCBPLFirefox.dll (Canon Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.02 20:26:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 14:21:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.02 20:26:52 | 000,000,000 | ---D | M]
 
[2012.01.26 15:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sandra.langenberg\AppData\Roaming\mozilla\Extensions
[2012.02.03 15:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.17 14:21:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.28 10:43:32 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found.
O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Programme\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Daemon for Mouse Suite] C:\Programme\Lenovo\Lenovo Mouse Suite\ICO.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] ICO.EXE File not found
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [TrayMonitor.exe] C:\Programme\Acronis\TrayMonitor\TrayMonitor.exe (Acronis)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1003..\Run: [Akamai NetSession Interface] C:\Users\sandra.langenberg\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1003..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1003..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1007..\RunOnce: []  File not found
O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1007..\RunOnce: [Lenovoautoqdrive] C:\Programme\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe ()
O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sandra.langenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sandra.langenberg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.de/s/v/66.31/uploader2.cab (UploadListView Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx (Launch Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CA03AFC-267D-415E-8CD1-D7C081329D45}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF51C740-5744-4219-B228-06167F4C9AEA}: DhcpNameServer = 10.1.10.10
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\Shell - "" = AutoRun
O33 - MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\Shell - "" = AutoRun
O33 - MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.22 15:33:27 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\sandra.langenberg\Desktop\OTL.exe
[2012.02.21 23:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.21 14:29:32 | 002,322,184 | ---- | C] (ESET) -- C:\Users\sandra.langenberg\Desktop\esetsmartinstaller_enu.exe
[2012.02.21 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\AppData\Roaming\Malwarebytes
[2012.02.21 09:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.21 09:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.21 09:25:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.21 09:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.07 11:35:08 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\Documents\Torte
[2012.02.03 19:31:24 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\Documents\HP Photosmart Projects
[2012.01.31 20:49:27 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\Documents\Outlook-Dateien
[2012.01.31 09:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.31 09:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.31 09:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.27 13:41:19 | 000,000,000 | -H-D | C] -- C:\Users\sandra.langenberg\Desktop\.picasaoriginals
[2012.01.26 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\AppData\Roaming\OpenOffice.org
[2012.01.26 19:47:02 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.01.26 19:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2012.01.26 19:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\licenses
[2012.01.26 19:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2012.01.26 19:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2012.01.26 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\AppData\Roaming\Mozilla
[2012.01.26 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\AppData\Local\Mozilla
[2 C:\Users\sandra.langenberg\Documents\*.tmp files -> C:\Users\sandra.langenberg\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\sandra.langenberg\Desktop\*.tmp files -> C:\Users\sandra.langenberg\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.22 15:41:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.22 15:33:42 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\sandra.langenberg\Desktop\OTL.exe
[2012.02.22 15:32:06 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.22 15:32:06 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.22 15:32:06 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.22 15:32:06 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.22 15:30:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.22 09:41:06 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.22 08:46:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.02.21 23:21:07 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.21 23:21:07 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.21 23:11:43 | 1528,848,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.21 14:29:37 | 002,322,184 | ---- | M] (ESET) -- C:\Users\sandra.langenberg\Desktop\esetsmartinstaller_enu.exe
[2012.02.21 09:25:21 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.21 07:04:10 | 543,761,876 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.21 01:16:25 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.02.20 22:40:55 | 000,001,317 | ---- | M] () -- C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.02.17 16:48:53 | 001,585,268 | ---- | M] () -- C:\Users\sandra.langenberg\Desktop\maria0001.pdf
[2012.02.17 16:24:44 | 008,866,678 | ---- | M] () -- C:\Users\sandra.langenberg\Documents\MariaStuart0001.pdf
[2012.02.17 16:24:44 | 008,866,678 | ---- | M] () -- C:\Users\sandra.langenberg\Desktop\MariaStuart0001.pdf
[2012.02.17 08:59:18 | 000,486,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.15 11:54:09 | 000,546,533 | ---- | M] () -- C:\Users\sandra.langenberg\Documents\Bestellformular_Fotos .pdf
[2012.01.31 09:31:56 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.26 20:10:38 | 000,002,308 | ---- | M] () -- C:\Users\sandra.langenberg\Documents\Neue Datenbank.odb
[2012.01.26 20:09:41 | 000,001,200 | ---- | M] () -- C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.01.26 19:47:11 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.01.26 15:09:55 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2 C:\Users\sandra.langenberg\Documents\*.tmp files -> C:\Users\sandra.langenberg\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\sandra.langenberg\Desktop\*.tmp files -> C:\Users\sandra.langenberg\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.21 09:25:21 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.17 18:08:50 | 008,866,678 | ---- | C] () -- C:\Users\sandra.langenberg\Documents\MariaStuart0001.pdf
[2012.02.17 16:48:53 | 001,585,268 | ---- | C] () -- C:\Users\sandra.langenberg\Desktop\maria0001.pdf
[2012.02.17 16:24:44 | 008,866,678 | ---- | C] () -- C:\Users\sandra.langenberg\Desktop\MariaStuart0001.pdf
[2012.02.15 11:54:08 | 000,546,533 | ---- | C] () -- C:\Users\sandra.langenberg\Documents\Bestellformular_Fotos .pdf
[2012.01.31 09:31:56 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.26 20:10:18 | 000,002,308 | ---- | C] () -- C:\Users\sandra.langenberg\Documents\Neue Datenbank.odb
[2012.01.26 20:09:41 | 000,001,200 | ---- | C] () -- C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.01.26 19:47:11 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.01.26 15:09:55 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.26 15:09:54 | 000,001,115 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.11.21 14:29:52 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2011.11.21 14:29:51 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011.11.21 14:29:51 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2011.07.13 17:04:39 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2011.07.13 17:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2011.07.13 17:04:38 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011.07.13 17:04:35 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011.06.07 08:57:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.02 20:16:58 | 000,181,150 | ---- | C] () -- C:\Windows\hpoins32.dat
[2011.06.02 20:16:58 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat
[2011.05.13 09:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2011.01.29 21:31:59 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.01.21 08:37:20 | 000,000,147 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.01.19 12:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011.01.19 12:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe
[2011.01.19 12:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011.01.19 11:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010.10.21 02:07:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DTS.exe
[2010.10.21 02:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ADMonitor.exe
[2010.08.31 08:29:13 | 000,016,931 | ---- | C] () -- C:\Windows\LxFrame.ini
[2010.06.28 08:15:57 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.06.28 08:15:20 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2010.05.06 14:14:52 | 000,000,000 | ---- | C] () -- C:\Users\sandra.langenberg\AppData\Local\rx_image32.Cache
[2010.04.19 10:15:40 | 000,005,632 | ---- | C] () -- C:\Users\sandra.langenberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.11 11:12:06 | 000,022,723 | ---- | C] () -- C:\Windows\System32\CLPA1l3.DLL
[2010.04.01 09:34:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.06 19:13:34 | 000,657,676 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.03.06 19:13:34 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.03.06 19:13:34 | 000,131,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.03.06 19:13:34 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.03.06 19:08:03 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.03.06 19:08:03 | 000,232,448 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010.03.06 19:08:03 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2010.03.06 19:08:03 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.03.06 19:08:03 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.03.06 10:30:26 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.03.06 10:30:26 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.03.06 10:30:26 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010.03.06 10:30:26 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
 
========== LOP Check ==========
 
[2012.02.21 07:51:11 | 000,000,000 | ---D | M] -- C:\Users\neu\AppData\Roaming\Lexware
[2012.02.21 01:12:03 | 000,000,000 | ---D | M] -- C:\Users\neu\AppData\Roaming\Memeo
[2012.02.21 08:12:39 | 000,000,000 | ---D | M] -- C:\Users\neu\AppData\Roaming\PwrMgr
[2010.04.13 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Acronis
[2011.07.13 17:18:56 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\CachedFiles
[2010.05.10 09:33:16 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Canon
[2010.05.11 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\DataDesign
[2012.02.22 15:50:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Dropbox
[2011.01.30 20:40:21 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.26 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\elsterformular
[2010.09.10 19:07:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\FileZilla
[2011.01.24 15:48:19 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\GetRightToGo
[2011.01.29 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\GMX
[2010.10.14 17:16:06 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\InterVideo
[2010.04.12 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\julitec
[2010.08.31 09:17:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Lexware
[2011.12.02 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Memeo
[2010.06.30 21:01:03 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Nokia
[2010.04.16 07:46:33 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Nokia Ovi Suite
[2012.01.26 20:09:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\OpenOffice.org
[2011.11.08 11:22:56 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Opera
[2010.03.30 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\OPHM
[2010.04.16 07:46:17 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\PC Suite
[2011.07.14 16:58:14 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\PwrMgr
[2011.02.25 13:14:06 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\TeamViewer
[2011.12.28 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Telefónica
[2011.12.28 16:37:40 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\TGCMLog
[2010.11.11 14:45:18 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
[2012.01.16 11:05:34 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.11.02 09:54:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.02.22 08:46:08 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.13 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Acronis
[2011.06.16 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Adobe
[2012.01.19 13:44:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Apple Computer
[2011.05.25 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Avira
[2011.07.13 17:18:56 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\CachedFiles
[2010.05.10 09:33:16 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Canon
[2010.05.11 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\DataDesign
[2012.02.22 15:50:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Dropbox
[2011.01.30 20:40:21 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.26 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\elsterformular
[2010.09.10 19:07:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\FileZilla
[2011.01.24 15:48:19 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\GetRightToGo
[2011.01.29 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\GMX
[2010.04.01 11:21:46 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Google
[2011.06.02 20:29:22 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\HP
[2012.01.11 12:23:23 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\HpUpdate
[2010.03.30 11:50:32 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Identities
[2010.03.30 12:44:12 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\InstallShield
[2010.03.30 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Intel
[2010.10.14 17:16:06 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\InterVideo
[2010.04.12 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\julitec
[2010.08.31 09:17:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Lexware
[2010.03.30 11:58:28 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Macromedia
[2012.02.21 10:17:47 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Malwarebytes
[2009.07.21 12:47:43 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Media Center Programs
[2011.12.02 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Memeo
[2012.02.21 09:40:58 | 000,000,000 | --SD | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Microsoft
[2012.01.26 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Mozilla
[2010.06.30 21:01:03 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Nokia
[2010.04.16 07:46:33 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Nokia Ovi Suite
[2012.01.26 20:09:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\OpenOffice.org
[2011.11.08 11:22:56 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Opera
[2010.03.30 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\OPHM
[2010.04.16 07:46:17 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\PC Suite
[2011.07.14 16:58:14 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\PwrMgr
[2010.05.06 14:14:31 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Roxio
[2012.02.22 15:31:49 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Skype
[2011.07.20 09:06:08 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\skypePM
[2011.02.25 13:14:06 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\TeamViewer
[2011.12.28 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Telefónica
[2011.12.28 16:37:40 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\TGCMLog
[2011.06.02 20:27:18 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Yahoo!
[2010.11.11 14:45:18 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
 
< %APPDATA%\*.exe /s >
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\sandra.langenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\sandra.langenberg\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.11.16 11:20:32 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\sandra.langenberg\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.08.06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys
[2009.08.06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009.08.06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1e7c6170b79c26b\iaStor.sys
[2009.08.06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_b3c2248a17d99099\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2010.03.06 19:16:05 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe
[2010.03.06 19:16:05 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2011.05.19 10:28:56 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< End of report>

cosinus · 23.02.2012, 12:22

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local,127.0.0.1:9421,"
[2011.03.28 10:43:32 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found.
O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1007..\RunOnce: []  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\Shell - "" = AutoRun
O33 - MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\Shell - "" = AutoRun
O33 - MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Install.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Morgensonne · 23.02.2012, 13:02

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "*.local,127.0.0.1:9421," removed from network.proxy.no_proxies_on
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Programme\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7}\ not found.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowCpl deleted successfully.
C:\autoexec.bat moved successfully.
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b119e6-313f-11e1-9b44-506313cb584d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b119e6-313f-11e1-9b44-506313cb584d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328c6519-2901-11df-a9db-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328c6519-2901-11df-a9db-806e6f6e6963}\ not found.
Q:\LenovoQDrive.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7872727d-316d-11e1-9a8f-506313cb584d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7872727d-316d-11e1-9a8f-506313cb584d}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\Install.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Acronis Agent User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: neu
->Temp folder emptied: 1338073 bytes
->Temporary Internet Files folder emptied: 223237 bytes
->FireFox cache emptied: 54071124 bytes
->Apple Safari cache emptied: 3315712 bytes
->Flash cache emptied: 56931 bytes
 
User: Public
 
User: sandra.langenberg
->Temp folder emptied: 232139722 bytes
->Temporary Internet Files folder emptied: 1667782149 bytes
->Java cache emptied: 27044644 bytes
->FireFox cache emptied: 76347840 bytes
->Apple Safari cache emptied: 85085184 bytes
->Flash cache emptied: 60582 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 425407053 bytes
RecycleBin emptied: 3265506953 bytes
 
Total Files Cleaned = 5.568,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02232012_124508

Files\Folders moved on Reboot...
File\Folder C:\Users\sandra.langenberg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\22ASCS48\Angebot 27 5. not found!
File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 23.02.2012, 13:26

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Morgensonne · 23.02.2012, 15:12

Code:

ATTFilter

13:33:18.0116 5016	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:33:18.0595 5016	============================================================
13:33:18.0595 5016	Current date / time: 2012/02/23 13:33:18.0595
13:33:18.0595 5016	SystemInfo:
13:33:18.0595 5016	
13:33:18.0595 5016	OS Version: 6.1.7601 ServicePack: 1.0
13:33:18.0595 5016	Product type: Workstation
13:33:18.0595 5016	ComputerName: NB-LANGENBERG
13:33:18.0595 5016	UserName: sandra.langenberg
13:33:18.0595 5016	Windows directory: C:\Windows
13:33:18.0595 5016	System windows directory: C:\Windows
13:33:18.0595 5016	Processor architecture: Intel x86
13:33:18.0595 5016	Number of processors: 2
13:33:18.0595 5016	Page size: 0x1000
13:33:18.0595 5016	Boot type: Normal boot
13:33:18.0595 5016	============================================================
13:33:19.0346 5016	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
13:33:19.0349 5016	\Device\Harddisk0\DR0:
13:33:19.0349 5016	MBR used
13:33:19.0349 5016	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
13:33:19.0349 5016	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x1BBE47F8
13:33:19.0349 5016	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
13:33:19.0500 5016	Initialize success
13:33:19.0500 5016	============================================================
13:35:54.0457 6324	============================================================
13:35:54.0457 6324	Scan started
13:35:54.0457 6324	Mode: Manual; 
13:35:54.0457 6324	============================================================
13:35:56.0938 6324	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:35:56.0938 6324	1394ohci - ok
13:35:56.0985 6324	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:35:57.0000 6324	ACPI - ok
13:35:57.0047 6324	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:35:57.0047 6324	AcpiPmi - ok
13:35:57.0281 6324	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:35:57.0281 6324	adp94xx - ok
13:35:57.0312 6324	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:35:57.0328 6324	adpahci - ok
13:35:57.0359 6324	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:35:57.0359 6324	adpu320 - ok
13:35:57.0453 6324	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:35:57.0453 6324	AFD - ok
13:35:57.0515 6324	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:35:57.0515 6324	agp440 - ok
13:35:57.0562 6324	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:35:57.0562 6324	aic78xx - ok
13:35:57.0733 6324	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:35:57.0749 6324	aliide - ok
13:35:57.0796 6324	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:35:57.0796 6324	amdagp - ok
13:35:57.0843 6324	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:35:57.0843 6324	amdide - ok
13:35:57.0874 6324	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:35:57.0874 6324	AmdK8 - ok
13:35:57.0905 6324	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:35:57.0905 6324	AmdPPM - ok
13:35:57.0967 6324	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:35:57.0967 6324	amdsata - ok
13:35:58.0014 6324	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:35:58.0014 6324	amdsbs - ok
13:35:58.0030 6324	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:35:58.0030 6324	amdxata - ok
13:35:58.0233 6324	ApfiltrService  (4526b5c48f44aa1a2ad9abb0a4635f70) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:35:58.0248 6324	ApfiltrService - ok
13:35:58.0311 6324	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:35:58.0311 6324	AppID - ok
13:35:58.0451 6324	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:35:58.0451 6324	arc - ok
13:35:58.0467 6324	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:35:58.0482 6324	arcsas - ok
13:35:58.0513 6324	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:35:58.0513 6324	AsyncMac - ok
13:35:58.0576 6324	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:35:58.0591 6324	atapi - ok
13:35:58.0669 6324	ATSwpWDF        (51d379db1c53c2a55fdf9372e748e5c7) C:\Windows\system32\Drivers\ATSwpWDF.sys
13:35:58.0685 6324	ATSwpWDF - ok
13:35:58.0825 6324	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
13:35:58.0825 6324	avgntflt - ok
13:35:58.0903 6324	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
13:35:58.0903 6324	avipbb - ok
13:35:59.0028 6324	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:35:59.0044 6324	b06bdrv - ok
13:35:59.0091 6324	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:35:59.0091 6324	b57nd60x - ok
13:35:59.0247 6324	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:35:59.0247 6324	Beep - ok
13:35:59.0434 6324	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:35:59.0449 6324	blbdrive - ok
13:36:00.0058 6324	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:36:00.0058 6324	bowser - ok
13:36:00.0261 6324	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:36:00.0261 6324	BrFiltLo - ok
13:36:00.0354 6324	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:36:00.0354 6324	BrFiltUp - ok
13:36:00.0417 6324	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:36:00.0417 6324	Brserid - ok
13:36:00.0463 6324	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:36:00.0463 6324	BrSerWdm - ok
13:36:00.0495 6324	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:36:00.0495 6324	BrUsbMdm - ok
13:36:00.0541 6324	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:36:00.0541 6324	BrUsbSer - ok
13:36:00.0604 6324	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:36:00.0604 6324	BthEnum - ok
13:36:00.0635 6324	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:36:00.0651 6324	BTHMODEM - ok
13:36:00.0666 6324	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:36:00.0682 6324	BthPan - ok
13:36:00.0729 6324	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
13:36:00.0744 6324	BTHPORT - ok
13:36:00.0963 6324	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
13:36:00.0963 6324	BTHUSB - ok
13:36:01.0041 6324	btusbflt        (dd5361cf05025bd61a5d0115ecc2566f) C:\Windows\system32\drivers\btusbflt.sys
13:36:01.0056 6324	btusbflt - ok
13:36:01.0134 6324	btwaudio        (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys
13:36:01.0150 6324	btwaudio - ok
13:36:01.0197 6324	btwavdt         (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\DRIVERS\btwavdt.sys
13:36:01.0197 6324	btwavdt - ok
13:36:01.0290 6324	btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:36:01.0290 6324	btwl2cap - ok
13:36:01.0337 6324	btwrchid        (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys
13:36:01.0337 6324	btwrchid - ok
13:36:01.0399 6324	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:36:01.0415 6324	cdfs - ok
13:36:01.0493 6324	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:36:01.0509 6324	cdrom - ok
13:36:01.0602 6324	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:36:01.0602 6324	circlass - ok
13:36:01.0649 6324	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:36:01.0649 6324	CLFS - ok
13:36:01.0727 6324	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:36:01.0727 6324	CmBatt - ok
13:36:01.0805 6324	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:36:01.0805 6324	cmdide - ok
13:36:01.0867 6324	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:36:01.0867 6324	CNG - ok
13:36:01.0977 6324	CnxtHdAudService (726803d911045d283509d3cdd91d8e52) C:\Windows\system32\drivers\CHDRT32.sys
13:36:01.0992 6324	CnxtHdAudService - ok
13:36:02.0039 6324	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:36:02.0039 6324	Compbatt - ok
13:36:02.0133 6324	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:36:02.0133 6324	CompositeBus - ok
13:36:02.0195 6324	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:36:02.0195 6324	crcdisk - ok
13:36:02.0335 6324	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:36:02.0460 6324	CSC - ok
13:36:02.0569 6324	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:36:02.0585 6324	DfsC - ok
13:36:02.0632 6324	DgiVecp         (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
13:36:02.0632 6324	DgiVecp - ok
13:36:02.0694 6324	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:36:02.0694 6324	discache - ok
13:36:02.0772 6324	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:36:02.0772 6324	Disk - ok
13:36:02.0866 6324	Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
13:36:02.0866 6324	Dot4 - ok
13:36:02.0944 6324	Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:36:02.0944 6324	Dot4Print - ok
13:36:03.0022 6324	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
13:36:03.0022 6324	dot4usb - ok
13:36:03.0084 6324	DozeHDD         (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
13:36:03.0084 6324	DozeHDD - ok
13:36:03.0115 6324	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:36:03.0115 6324	drmkaud - ok
13:36:03.0209 6324	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:36:03.0225 6324	DXGKrnl - ok
13:36:03.0381 6324	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:36:03.0630 6324	ebdrv - ok
13:36:03.0771 6324	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:36:03.0786 6324	elxstor - ok
13:36:03.0833 6324	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:36:03.0833 6324	ErrDev - ok
13:36:04.0005 6324	ewusbnet        (5b250a1be34d4fde35287eec297104a7) C:\Windows\system32\DRIVERS\ewusbnet.sys
13:36:04.0005 6324	ewusbnet - ok
13:36:04.0036 6324	ew_hwusbdev     (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
13:36:04.0036 6324	ew_hwusbdev - ok
13:36:04.0083 6324	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:36:04.0083 6324	exfat - ok
13:36:04.0114 6324	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:36:04.0114 6324	fastfat - ok
13:36:04.0161 6324	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:36:04.0161 6324	fdc - ok
13:36:04.0192 6324	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:36:04.0192 6324	FileInfo - ok
13:36:04.0223 6324	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:36:04.0223 6324	Filetrace - ok
13:36:04.0254 6324	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:04.0254 6324	flpydisk - ok
13:36:04.0301 6324	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:36:04.0301 6324	FltMgr - ok
13:36:04.0332 6324	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:36:04.0332 6324	FsDepends - ok
13:36:04.0348 6324	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:36:04.0348 6324	Fs_Rec - ok
13:36:04.0426 6324	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:36:04.0426 6324	fvevol - ok
13:36:04.0504 6324	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:36:04.0504 6324	gagp30kx - ok
13:36:04.0566 6324	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:36:04.0566 6324	GEARAspiWDM - ok
13:36:04.0660 6324	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:36:04.0660 6324	hcw85cir - ok
13:36:04.0738 6324	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:36:04.0738 6324	HdAudAddService - ok
13:36:04.0800 6324	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:36:04.0816 6324	HDAudBus - ok
13:36:04.0909 6324	HECI            (30d57ee84e1e169d41a6e873b549a096) C:\Windows\system32\DRIVERS\HECI.sys
13:36:04.0909 6324	HECI - ok
13:36:04.0941 6324	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:36:04.0941 6324	HidBatt - ok
13:36:04.0972 6324	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:36:04.0972 6324	HidBth - ok
13:36:05.0003 6324	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:36:05.0019 6324	HidIr - ok
13:36:05.0159 6324	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
13:36:05.0159 6324	HidUsb - ok
13:36:05.0268 6324	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:36:05.0268 6324	HpSAMD - ok
13:36:05.0346 6324	HSF_DPV         (c761b4a8391f5e47f7c51a691ce773f4) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:36:05.0377 6324	HSF_DPV - ok
13:36:05.0424 6324	HSXHWAZL        (50b42ef358a2e5363be6b77138a22391) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:36:05.0424 6324	HSXHWAZL - ok
13:36:05.0518 6324	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:36:05.0533 6324	HTTP - ok
13:36:05.0596 6324	huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
13:36:05.0596 6324	huawei_enumerator - ok
13:36:05.0658 6324	hwdatacard      (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:36:05.0658 6324	hwdatacard - ok
13:36:05.0721 6324	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:36:05.0721 6324	hwpolicy - ok
13:36:05.0861 6324	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:36:05.0861 6324	i8042prt - ok
13:36:05.0939 6324	iaStor          (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
13:36:05.0955 6324	iaStor - ok
13:36:06.0017 6324	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:36:06.0017 6324	iaStorV - ok
13:36:06.0079 6324	IBMPMDRV        (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:36:06.0079 6324	IBMPMDRV - ok
13:36:06.0282 6324	igfx            (a70c995199a47f326eef4f9f5e6267a1) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:36:06.0454 6324	igfx - ok
13:36:06.0532 6324	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:36:06.0532 6324	iirsp - ok
13:36:06.0594 6324	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:36:06.0594 6324	intelide - ok
13:36:06.0625 6324	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:36:06.0641 6324	intelppm - ok
13:36:06.0672 6324	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:06.0688 6324	IpFilterDriver - ok
13:36:06.0750 6324	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:36:06.0750 6324	IPMIDRV - ok
13:36:06.0813 6324	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:36:06.0813 6324	IPNAT - ok
13:36:06.0875 6324	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:36:06.0875 6324	IRENUM - ok
13:36:06.0922 6324	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:36:06.0922 6324	isapnp - ok
13:36:06.0953 6324	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:36:06.0984 6324	iScsiPrt - ok
13:36:07.0109 6324	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:36:07.0109 6324	kbdclass - ok
13:36:07.0156 6324	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:36:07.0171 6324	kbdhid - ok
13:36:07.0234 6324	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:36:07.0234 6324	KSecDD - ok
13:36:07.0296 6324	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:36:07.0296 6324	KSecPkg - ok
13:36:07.0374 6324	lenovo.smi      (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
13:36:07.0374 6324	lenovo.smi - ok
13:36:07.0546 6324	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:36:07.0546 6324	lltdio - ok
13:36:07.0577 6324	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:36:07.0593 6324	LSI_FC - ok
13:36:07.0608 6324	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:36:07.0608 6324	LSI_SAS - ok
13:36:07.0639 6324	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:36:07.0639 6324	LSI_SAS2 - ok
13:36:07.0671 6324	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:36:07.0671 6324	LSI_SCSI - ok
13:36:07.0702 6324	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:36:07.0717 6324	luafv - ok
13:36:07.0764 6324	massfilter      (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys
13:36:07.0780 6324	massfilter - ok
13:36:07.0827 6324	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:36:07.0827 6324	mdmxsdk - ok
13:36:07.0873 6324	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:36:07.0873 6324	megasas - ok
13:36:07.0905 6324	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:36:07.0905 6324	MegaSR - ok
13:36:08.0029 6324	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:36:08.0029 6324	Modem - ok
13:36:08.0076 6324	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:36:08.0076 6324	monitor - ok
13:36:08.0123 6324	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:36:08.0139 6324	mouclass - ok
13:36:08.0154 6324	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:36:08.0170 6324	mouhid - ok
13:36:08.0217 6324	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:36:08.0217 6324	mountmgr - ok
13:36:08.0248 6324	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:36:08.0263 6324	mpio - ok
13:36:08.0279 6324	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:36:08.0279 6324	mpsdrv - ok
13:36:08.0326 6324	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:36:08.0341 6324	MRxDAV - ok
13:36:08.0388 6324	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:08.0404 6324	mrxsmb - ok
13:36:08.0451 6324	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:08.0451 6324	mrxsmb10 - ok
13:36:08.0466 6324	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:08.0482 6324	mrxsmb20 - ok
13:36:08.0513 6324	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:36:08.0513 6324	msahci - ok
13:36:08.0575 6324	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:36:08.0575 6324	msdsm - ok
13:36:08.0622 6324	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:36:08.0638 6324	Msfs - ok
13:36:08.0653 6324	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:36:08.0653 6324	mshidkmdf - ok
13:36:08.0700 6324	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:36:08.0700 6324	msisadrv - ok
13:36:08.0731 6324	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:36:08.0731 6324	MSKSSRV - ok
13:36:08.0763 6324	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:08.0763 6324	MSPCLOCK - ok
13:36:08.0778 6324	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:36:08.0778 6324	MSPQM - ok
13:36:08.0825 6324	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:36:08.0825 6324	MsRPC - ok
13:36:08.0856 6324	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:36:08.0856 6324	mssmbios - ok
13:36:08.0872 6324	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:36:08.0872 6324	MSTEE - ok
13:36:08.0903 6324	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:36:08.0903 6324	MTConfig - ok
13:36:08.0934 6324	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:36:08.0934 6324	Mup - ok
13:36:08.0981 6324	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:36:08.0997 6324	NativeWifiP - ok
13:36:09.0059 6324	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:36:09.0090 6324	NDIS - ok
13:36:09.0121 6324	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:36:09.0121 6324	NdisCap - ok
13:36:09.0168 6324	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:09.0168 6324	NdisTapi - ok
13:36:09.0231 6324	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:09.0231 6324	Ndisuio - ok
13:36:09.0277 6324	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:09.0277 6324	NdisWan - ok
13:36:09.0340 6324	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:36:09.0340 6324	NDProxy - ok
13:36:09.0402 6324	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:36:09.0418 6324	NetBIOS - ok
13:36:09.0465 6324	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:36:09.0465 6324	NetBT - ok
13:36:09.0667 6324	NETw5s32        (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
13:36:09.0808 6324	NETw5s32 - ok
13:36:09.0933 6324	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
13:36:10.0042 6324	netw5v32 - ok
13:36:10.0307 6324	NETwNs32        (83553135ad346d247c482f1b8aca921f) C:\Windows\system32\DRIVERS\NETwNs32.sys
13:36:10.0463 6324	NETwNs32 - ok
13:36:10.0510 6324	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:36:10.0525 6324	nfrd960 - ok
13:36:10.0557 6324	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:36:10.0557 6324	Npfs - ok
13:36:10.0588 6324	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:36:10.0588 6324	nsiproxy - ok
13:36:10.0666 6324	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:36:10.0713 6324	Ntfs - ok
13:36:10.0728 6324	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:36:10.0728 6324	Null - ok
13:36:10.0806 6324	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:36:10.0822 6324	nvraid - ok
13:36:10.0869 6324	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:36:10.0869 6324	nvstor - ok
13:36:10.0931 6324	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:36:10.0931 6324	nv_agp - ok
13:36:10.0962 6324	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:36:10.0962 6324	ohci1394 - ok
13:36:11.0103 6324	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:36:11.0118 6324	Parport - ok
13:36:11.0165 6324	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:36:11.0165 6324	partmgr - ok
13:36:11.0196 6324	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:36:11.0196 6324	Parvdm - ok
13:36:11.0259 6324	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:36:11.0259 6324	pccsmcfd - ok
13:36:11.0368 6324	PCDSRVC{C4B36920-79E24793-06000000}_0 (a88f42ad20418620d08a13ad1a70c083) c:\progra~1\pc-doc~1\pcdsrvc.pkms
13:36:11.0820 6324	PCDSRVC{C4B36920-79E24793-06000000}_0 - ok
13:36:11.0914 6324	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:36:11.0914 6324	pci - ok
13:36:11.0961 6324	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:36:11.0976 6324	pciide - ok
13:36:12.0007 6324	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:36:12.0023 6324	pcmcia - ok
13:36:12.0039 6324	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:36:12.0054 6324	pcw - ok
13:36:12.0085 6324	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:36:12.0101 6324	PEAUTH - ok
13:36:12.0148 6324	pelbtm          (9246f6089b874d7499e8a3352283da13) C:\Windows\system32\DRIVERS\pelbtm.sys
13:36:12.0148 6324	pelbtm - ok
13:36:12.0179 6324	pelmoubt        (6c5d87fdbf7f8bebac5901ce629ad73d) C:\Windows\system32\DRIVERS\pelmoubt.sys
13:36:12.0179 6324	pelmoubt - ok
13:36:12.0335 6324	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:36:12.0335 6324	PptpMiniport - ok
13:36:12.0366 6324	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:36:12.0366 6324	Processor - ok
13:36:12.0429 6324	psadd           (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
13:36:12.0429 6324	psadd - ok
13:36:12.0460 6324	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:36:12.0475 6324	Psched - ok
13:36:12.0522 6324	PxHelp20        (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
13:36:12.0522 6324	PxHelp20 - ok
13:36:12.0585 6324	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:36:12.0647 6324	ql2300 - ok
13:36:12.0678 6324	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:36:12.0678 6324	ql40xx - ok
13:36:12.0709 6324	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:36:12.0709 6324	QWAVEdrv - ok
13:36:12.0741 6324	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:36:12.0741 6324	RasAcd - ok
13:36:12.0772 6324	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:36:12.0787 6324	RasAgileVpn - ok
13:36:12.0803 6324	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:12.0803 6324	Rasl2tp - ok
13:36:12.0850 6324	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:12.0850 6324	RasPppoe - ok
13:36:12.0881 6324	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:36:12.0881 6324	RasSstp - ok
13:36:12.0928 6324	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:36:12.0928 6324	rdbss - ok
13:36:12.0959 6324	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:36:12.0959 6324	rdpbus - ok
13:36:13.0006 6324	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:13.0006 6324	RDPCDD - ok
13:36:13.0037 6324	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:36:13.0053 6324	RDPDR - ok
13:36:13.0084 6324	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:36:13.0084 6324	RDPENCDD - ok
13:36:13.0115 6324	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:36:13.0115 6324	RDPREFMP - ok
13:36:13.0177 6324	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:36:13.0193 6324	RDPWD - ok
13:36:13.0255 6324	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:36:13.0255 6324	rdyboost - ok
13:36:13.0302 6324	regi            (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
13:36:13.0318 6324	regi - ok
13:36:13.0365 6324	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:36:13.0380 6324	RFCOMM - ok
13:36:13.0411 6324	rimmptsk        (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:36:13.0411 6324	rimmptsk - ok
13:36:13.0443 6324	rimsptsk        (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:36:13.0443 6324	rimsptsk - ok
13:36:13.0458 6324	rismxdp         (3f400c3ccd0818858602ddb37b5de719) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:36:13.0458 6324	rismxdp - ok
13:36:13.0521 6324	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:36:13.0521 6324	rspndr - ok
13:36:13.0583 6324	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:36:13.0583 6324	s3cap - ok
13:36:13.0630 6324	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:36:13.0630 6324	sbp2port - ok
13:36:13.0692 6324	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:36:13.0692 6324	scfilter - ok
13:36:13.0723 6324	sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
13:36:13.0739 6324	sdbus - ok
13:36:13.0770 6324	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:36:13.0770 6324	secdrv - ok
13:36:13.0817 6324	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:36:13.0817 6324	Serenum - ok
13:36:13.0848 6324	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:36:13.0848 6324	Serial - ok
13:36:13.0895 6324	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:36:13.0911 6324	sermouse - ok
13:36:13.0973 6324	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
13:36:13.0973 6324	sffdisk - ok
13:36:13.0989 6324	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:36:14.0004 6324	sffp_mmc - ok
13:36:14.0020 6324	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:36:14.0035 6324	sffp_sd - ok
13:36:14.0067 6324	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:36:14.0067 6324	sfloppy - ok
13:36:14.0113 6324	Shockprf        (df6a84dd19d3c0858d707b5e64938d60) C:\Windows\system32\DRIVERS\Apsx86.sys
13:36:14.0113 6324	Shockprf - ok
13:36:14.0176 6324	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:36:14.0176 6324	sisagp - ok
13:36:14.0223 6324	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:36:14.0223 6324	SiSRaid2 - ok
13:36:14.0254 6324	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:36:14.0254 6324	SiSRaid4 - ok
13:36:14.0285 6324	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:36:14.0285 6324	Smb - ok
13:36:14.0332 6324	snapman         (6fab49fc4e09616da76f1f993a7cb4df) C:\Windows\system32\DRIVERS\snapman.sys
13:36:14.0332 6324	snapman - ok
13:36:14.0457 6324	SNP2UVC         (a10c0f1f8d394e7d392fad72b7a01c1b) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:36:14.0566 6324	SNP2UVC - ok
13:36:14.0628 6324	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:36:14.0628 6324	spldr - ok
13:36:14.0737 6324	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:36:14.0753 6324	srv - ok
13:36:14.0815 6324	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:36:14.0815 6324	srv2 - ok
13:36:14.0862 6324	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:36:14.0862 6324	SrvHsfHDA - ok
13:36:14.0909 6324	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:36:14.0940 6324	SrvHsfV92 - ok
13:36:14.0987 6324	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:36:15.0018 6324	SrvHsfWinac - ok
13:36:15.0065 6324	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:36:15.0065 6324	srvnet - ok
13:36:15.0159 6324	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:36:15.0159 6324	ssmdrv - ok
13:36:15.0190 6324	SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
13:36:15.0190 6324	SSPORT - ok
13:36:15.0237 6324	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:36:15.0237 6324	stexstor - ok
13:36:15.0299 6324	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:36:15.0299 6324	storflt - ok
13:36:15.0361 6324	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:36:15.0361 6324	storvsc - ok
13:36:15.0439 6324	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:36:15.0439 6324	swenum - ok
13:36:15.0549 6324	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:36:15.0611 6324	Tcpip - ok
13:36:15.0689 6324	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:36:15.0705 6324	TCPIP6 - ok
13:36:15.0767 6324	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:36:15.0767 6324	tcpipreg - ok
13:36:15.0829 6324	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:36:15.0829 6324	TDPIPE - ok
13:36:15.0876 6324	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:36:15.0892 6324	TDTCP - ok
13:36:15.0939 6324	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:36:15.0939 6324	tdx - ok
13:36:16.0001 6324	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:36:16.0001 6324	TermDD - ok
13:36:16.0110 6324	timounter       (1dcf2395cf531057a698c0b6af2b87c1) C:\Windows\system32\DRIVERS\timntr.sys
13:36:16.0110 6324	timounter - ok
13:36:16.0141 6324	TPDIGIMN        (50b570e4209f6d401893720fc8ddce46) C:\Windows\system32\DRIVERS\ApsHM86.sys
13:36:16.0157 6324	TPDIGIMN - ok
13:36:16.0204 6324	TPM             (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
13:36:16.0204 6324	TPM - ok
13:36:16.0266 6324	TPPWRIF         (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
13:36:16.0266 6324	TPPWRIF - ok
13:36:16.0329 6324	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:36:16.0329 6324	tssecsrv - ok
13:36:16.0391 6324	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:36:16.0391 6324	TsUsbFlt - ok
13:36:16.0453 6324	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:36:16.0453 6324	tunnel - ok
13:36:16.0485 6324	TVTI2C          (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys
13:36:16.0485 6324	TVTI2C - ok
13:36:16.0531 6324	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:36:16.0531 6324	uagp35 - ok
13:36:16.0594 6324	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:36:16.0594 6324	udfs - ok
13:36:16.0687 6324	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:36:16.0703 6324	uliagpkx - ok
13:36:16.0765 6324	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
13:36:16.0765 6324	umbus - ok
13:36:16.0812 6324	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:36:16.0812 6324	UmPass - ok
13:36:16.0875 6324	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:36:16.0890 6324	USBAAPL - ok
13:36:16.0953 6324	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:36:16.0968 6324	usbccgp - ok
13:36:17.0031 6324	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:36:17.0046 6324	usbcir - ok
13:36:17.0093 6324	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:36:17.0093 6324	usbehci - ok
13:36:17.0140 6324	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:36:17.0140 6324	usbhub - ok
13:36:17.0171 6324	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:36:17.0171 6324	usbohci - ok
13:36:17.0202 6324	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:36:17.0202 6324	usbprint - ok
13:36:17.0266 6324	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:36:17.0266 6324	usbscan - ok
13:36:17.0344 6324	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:36:17.0344 6324	USBSTOR - ok
13:36:17.0390 6324	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:36:17.0390 6324	usbuhci - ok
13:36:17.0437 6324	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
13:36:17.0437 6324	usbvideo - ok
13:36:17.0484 6324	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:36:17.0484 6324	vdrvroot - ok
13:36:17.0546 6324	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:36:17.0546 6324	vga - ok
13:36:17.0593 6324	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:36:17.0593 6324	VgaSave - ok
13:36:17.0624 6324	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:36:17.0640 6324	vhdmp - ok
13:36:17.0702 6324	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:36:17.0702 6324	viaagp - ok
13:36:17.0749 6324	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:36:17.0749 6324	ViaC7 - ok
13:36:17.0780 6324	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:36:17.0780 6324	viaide - ok
13:36:17.0812 6324	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:36:17.0812 6324	vmbus - ok
13:36:17.0827 6324	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:36:17.0827 6324	VMBusHID - ok
13:36:17.0858 6324	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:36:17.0858 6324	volmgr - ok
13:36:17.0890 6324	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:36:17.0890 6324	volmgrx - ok
13:36:17.0921 6324	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:36:17.0921 6324	volsnap - ok
13:36:17.0952 6324	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:36:17.0968 6324	vsmraid - ok
13:36:17.0999 6324	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:36:17.0999 6324	vwifibus - ok
13:36:18.0030 6324	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:36:18.0030 6324	vwififlt - ok
13:36:18.0077 6324	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:36:18.0077 6324	WacomPen - ok
13:36:18.0139 6324	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:36:18.0155 6324	WANARP - ok
13:36:18.0155 6324	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:36:18.0155 6324	Wanarpv6 - ok
13:36:18.0202 6324	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:36:18.0202 6324	Wd - ok
13:36:18.0233 6324	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:36:18.0248 6324	Wdf01000 - ok
13:36:18.0295 6324	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:36:18.0295 6324	WfpLwf - ok
13:36:18.0326 6324	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:36:18.0326 6324	WIMMount - ok
13:36:18.0389 6324	winachsf        (253a9c2df9a2a7b3b23146014959f2cd) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:36:18.0404 6324	winachsf - ok
13:36:18.0576 6324	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:36:18.0576 6324	WinUsb - ok
13:36:18.0654 6324	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:36:18.0654 6324	WmiAcpi - ok
13:36:18.0716 6324	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:36:18.0732 6324	ws2ifsl - ok
13:36:18.0794 6324	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:36:18.0794 6324	WudfPf - ok
13:36:18.0857 6324	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:36:18.0857 6324	WUDFRd - ok
13:36:18.0919 6324	XAudio          (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
13:36:18.0935 6324	XAudio - ok
13:36:18.0997 6324	ZTEusbmdm6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:36:18.0997 6324	ZTEusbmdm6k - ok
13:36:19.0028 6324	ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
13:36:19.0044 6324	ZTEusbnmea - ok
13:36:19.0122 6324	ZTEusbser6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
13:36:19.0122 6324	ZTEusbser6k - ok
13:36:19.0169 6324	MBR (0x1B8)     (d4bd9bf8b5bd3bd8985ec47a3843fc0d) \Device\Harddisk0\DR0
13:36:19.0216 6324	\Device\Harddisk0\DR0 - ok
13:36:19.0262 6324	Boot (0x1200)   (afb8b4724c7b622ea97fa4e2dbc4d06d) \Device\Harddisk0\DR0\Partition0
13:36:19.0262 6324	\Device\Harddisk0\DR0\Partition0 - ok
13:36:19.0278 6324	Boot (0x1200)   (a6149aaafa0862d21d379a576c5ff62f) \Device\Harddisk0\DR0\Partition1
13:36:19.0278 6324	\Device\Harddisk0\DR0\Partition1 - ok
13:36:19.0325 6324	Boot (0x1200)   (c3a32dcd44bdfce32ee892d1e3800b5a) \Device\Harddisk0\DR0\Partition2
13:36:19.0325 6324	\Device\Harddisk0\DR0\Partition2 - ok
13:36:19.0325 6324	============================================================
13:36:19.0325 6324	Scan finished
13:36:19.0325 6324	============================================================
13:36:19.0340 5744	Detected object count: 0
13:36:19.0340 5744	Actual detected object count: 0
13:36:27.0889 5668	Deinitialize success

cosinus · 23.02.2012, 17:15

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Morgensonne · 23.02.2012, 17:28

Hallo cosinus,

combifix wurde automtisch installiert, ich konnte den Speicherort nicht wählen (Firefox) und ist jetzt nicht auf dem Desktop. Ist das schlimm?

cosinus · 23.02.2012, 17:49

Zitat:

combifix wurde automtisch installiert

Das ist ja nun Quatsch. Etwas wo ablegen ist keine Installation.
Pack die combofix.exe bitte auf dem Desktop!

Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.

Log-Analyse und Auswertung: Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.