Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Live Security Platinum - vollständig entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.08.2012, 17:45   #1
laney18
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Hi!

Leider habe ich diesen Live Security Platinum Virus auf meinem Rechner.
Es wäre sehr nett, wenn Ihr mir helfen und sagen könntet, was ich tun soll, damit der Virus komplett von meinem Rechner entfernt wird.

Bisher habe ich Folgendes gemacht:

Ich habe mit dem Programm Sardu einen bootfähigen USB-Stick mit Antivir erstellt, den Rechner über den USB-Stick gebootet und die infizierten Daten löschen lassen.
Dann habe ich mit Malwarebytes Anti-Malware einen Scan gemacht, mit der Einstellung, dass die infizierten Dateien in Quarantäne sollen.
Hier ist das Log von Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Laney :: TORNADO [Administrator]

14.08.2012 16:35:34
mbam-log-2012-08-14 (16-35-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 373229
Laufzeit: 53 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U\800000cb.@.vir (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.14.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Laney :: TORNADO [Administrator]

14.08.2012 21:41:21
mbam-log-2012-08-14 (21-41-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 361113
Laufzeit: 1 Stunde(n), 40 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 3
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Laney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Danach habe ich die Schlüssel in der Registry in deren Namen Live Security Platinum vorkam per Hand gelöscht.

Dann habe ich den ESET Online Scanner verwendet, wie es hier im Forum beschrieben wird,
hier das Log:
Code:
ATTFilter
 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=56dc201eb7f8b2429164b3f3141dabb4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-15 10:20:49
# local_time=2012-08-15 12:20:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 9642451 9642451 0 0
# compatibility_mode=5893 16776574 66 94 409491 96646556 0 0
# compatibility_mode=8192 67108863 100 0 91 91 0 0
# compatibility_mode=9217 16777214 75 4 4478678 4478678 0 0
# scanned=150080
# found=0
# cleaned=0
# scan_time=10684
         
Danach bahe ich den defogger von jpshortstuff wie beschrieben ausgeführt und den OTL von Oldtimer,
das "Extra"-Log ist angehangen, hier dasOTL-Log,:
Code:
ATTFilter
 
TL logfile created on: 15.08.2012 12:37:24 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Laney\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 51,34% Memory free
3,92 Gb Paging File | 2,73 Gb Available in Paging File | 69,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,25 Gb Total Space | 1,92 Gb Free Space | 1,33% Space Free | Partition Type: NTFS
 
Computer Name: TORNADO | User Name: Laney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.15 12:35:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe
PRC - [2012.08.08 18:24:18 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.07.09 16:53:15 | 000,935,008 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.07.09 16:53:12 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 17:51:45 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.10.04 04:04:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.03 18:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2010.12.03 18:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.07.21 19:21:00 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2010.06.16 17:19:06 | 000,269,824 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.11.24 08:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe
PRC - [2009.10.25 13:25:18 | 000,338,432 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMProcess.exe
PRC - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMWDSrv.exe
PRC - [2009.08.07 05:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe
PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2008.06.14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMCONFIG.exe
PRC - [2008.05.30 01:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\StartAutorun.exe
PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.09 16:53:16 | 000,132,704 | ---- | M] () -- C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012.07.09 16:53:12 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2012.06.13 13:58:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.13 13:58:29 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll
MOD - [2012.06.13 13:57:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 13:57:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.10 16:09:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.10 15:51:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 15:51:00 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012.05.10 15:50:58 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.10 15:49:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012.05.10 15:49:01 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012.05.10 15:48:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 15:48:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 15:48:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 15:48:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.10.04 04:04:00 | 000,054,784 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008.06.16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Programme\Mouse Driver\MouseHook.dll
MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Mouse Driver\keydll.dll
MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.28 09:26:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.11 11:09:33 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.07.09 16:53:15 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.06.21 15:58:50 | 002,445,880 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.30 21:05:22 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.10.04 04:04:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011.10.04 04:04:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011.10.04 04:04:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.11 18:17:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.06.06 15:54:40 | 000,017,328 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\easytthr.sys -- (easytether)
DRV - [2012.05.08 17:51:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 17:51:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.30 21:05:40 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.10.04 04:04:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011.10.04 04:04:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.24 11:49:30 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.05.07 18:51:28 | 000,455,256 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2011.01.13 14:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011.01.13 14:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.14 12:37:56 | 000,194,048 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV - [2010.06.14 12:37:56 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.09 15:55:34 | 000,022,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.10 15:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.08.21 13:59:22 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009.03.13 14:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 67 B5 6F 84 4F CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B9833f522-ae17-4a9a-adca-f183bccc3f5a%7D&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&ds=od011&v=11.1.0.7&lang=de&pr=sa&d=2012-06-21%2018%3A55%3A33&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.09 16:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012.06.24 14:07:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 09:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions
[2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.09 17:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions
[2012.08.09 17:52:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.08.29 16:40:17 | 000,004,140 | ---- | M] () -- C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\searchplugins\youtube.xml
[2012.06.07 22:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.25 14:30:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.28 09:26:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.07 15:45:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 16:53:10 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.05.07 15:45:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.07 15:45:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.07 15:45:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.07 15:45:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.07 15:45:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [ISW]  File not found
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://79.218.13.129:1080/RtspVaPgDec.cab (RtspVaPgCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.102.158 80.69.100.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24FB3177-40D2-4833-8FD7-D160FDECAE8E}: DhcpNameServer = 80.69.102.158 80.69.100.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC974E05-87DD-47CC-B0F2-7BA917689391}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C96CAC45-EEC0-4585-A1EB-2DCC65662880}: NameServer = 10.11.230.3 10.11.230.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFF33C90-831A-4D4F-97B0-BE113A118823}: DhcpNameServer = 80.69.102.158 80.69.100.102
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun
O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun
O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.15 12:35:34 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe
[2012.08.15 09:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.15 09:18:29 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.14 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\Laney\AppData\Roaming\Malwarebytes
[2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.14 16:33:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.14 16:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.13 19:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E
[2012.08.07 20:26:48 | 000,000,000 | ---D | C] -- C:\Users\Laney\temp
[2012.07.24 18:17:22 | 000,000,000 | ---D | C] -- C:\Snag_India_2
[2012.07.22 12:53:35 | 000,000,000 | ---D | C] -- C:\Snag_India_Tables
[2012.07.21 15:08:05 | 000,000,000 | ---D | C] -- C:\Snag_India
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.15 12:35:34 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe
[2012.08.15 12:34:57 | 000,000,000 | ---- | M] () -- C:\Users\Laney\defogger_reenable
[2012.08.15 09:15:28 | 006,110,278 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.15 09:15:28 | 002,260,430 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.15 09:15:28 | 001,875,518 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.15 09:15:28 | 001,679,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.15 09:15:21 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 09:15:21 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.15 09:07:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.15 09:07:44 | 1577,803,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.14 07:19:36 | 000,414,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.11 15:42:35 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.07.31 20:54:22 | 025,784,346 | ---- | M] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf
 
========== Files Created - No Company Name ==========
 
[2012.08.15 12:34:57 | 000,000,000 | ---- | C] () -- C:\Users\Laney\defogger_reenable
[2012.07.31 20:54:18 | 025,784,346 | ---- | C] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf
[2012.04.06 16:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.11 23:20:57 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012.02.11 23:20:57 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@
[2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@
[2011.11.16 12:57:56 | 000,001,458 | ---- | C] () -- C:\Users\Laney\.recently-used.xbel
[2011.06.24 14:27:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.06.24 14:25:07 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7030.dat
[2011.06.24 14:23:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011.06.24 14:23:34 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011.06.24 13:14:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.24 12:24:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.06.24 12:24:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.06.24 10:13:31 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.09.27 13:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.06.15 13:20:14 | 000,157,470 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== LOP Check ==========
 
[2011.10.28 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\.ProjectViewer
[2012.07.07 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Amazon
[2012.06.24 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\CheckPoint
[2011.09.29 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.08.14 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Dropbox
[2012.01.23 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FileZilla
[2011.10.27 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\GetRightToGo
[2011.11.16 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\gtk-2.0
[2012.07.01 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Jumping Bytes
[2012.06.21 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\MyPhoneExplorer
[2012.06.21 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\OpenCandy
[2011.10.28 08:55:36 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PDF Writer
[2011.11.11 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PwrMgr
[2012.06.21 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Sony
[2011.06.25 15:37:00 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\TeamViewer
[2011.06.24 10:43:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Thunderbird
[2011.12.18 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Tracker Software
[2011.07.12 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Vodafone
[2012.04.28 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\{7AA05F48-9B52-4244-B296-F505ACBC5FD9}
[2012.08.09 20:44:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Zum Schluss habe ich noch GMER scannen lassen.
Das Log ist angehangen.

Vielen Dank schon mal für Eure Hilfe!
Laney

Geändert von laney18 (15.08.2012 um 18:01 Uhr)

Alt 18.08.2012, 10:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________

__________________

Alt 18.08.2012, 11:04   #3
laney18
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Hallo Cosinus,
vielen Dank für Deine Hilfe!

Hier die Logdatei:

Code:
ATTFilter
 
# AdwCleaner v1.801 - Logfile created 08/18/2012 at 12:00:57
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Laney - TORNADO
# Boot Mode : Normal
# Running from : C:\Users\Laney\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Found : C:\Users\Laney\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Laney\AppData\Local\Temp\avg@toolbar
Folder Found : C:\Users\Laney\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Laney\AppData\Roaming\OpenCandy
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
File Found : C:\Users\Laney\AppData\Local\Temp\Uninstall.exe
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\SweetIm
Key Found : HKLM\SOFTWARE\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\SweetIM
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=hp
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.12&sap=nt

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B9833f522-ae17-4a9a-adca-f183bccc3f5a%[...]

Profile name : default 
File : C:\Users\Sicherheit\AppData\Roaming\Mozilla\Firefox\Profiles\ukejlaf9.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6591 octets] - [18/08/2012 12:00:57]

########## EOF - C:\AdwCleaner[R1].txt - [6719 octets] ##########
         
__________________

Alt 18.08.2012, 13:50   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.08.2012, 14:31   #5
laney18
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Hier das Log:
Code:
ATTFilter
 
# AdwCleaner v1.801 - Logfile created 08/18/2012 at 15:07:56
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : Laney - TORNADO
# Boot Mode : Normal
# Running from : C:\Users\Laney\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : vToolbarUpdater11.2.0

***** [Files / Folders] *****

Folder Deleted : C:\Users\Laney\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Laney\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Laney\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Laney\AppData\Roaming\OpenCandy
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Users\Laney\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\SweetIM
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.7&sap=hp --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={552ABF67-5ED3-4110-9747-FF621266BE46}&mid=35e88efeedc047d0bf85d1543460a9bc-cfae756ec0022d36e506221a078aa25d05991efb&lang=de&ds=od011&pr=sa&d=2012-06-21 18:55:33&v=11.1.0.12&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.1.0.7");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B9833f522-ae17-4a9a-adca-f183bccc3f5a%[...]

Profile name : default 
File : C:\Users\Sicherheit\AppData\Roaming\Mozilla\Firefox\Profiles\ukejlaf9.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6720 octets] - [18/08/2012 12:00:57]
AdwCleaner[S1].txt - [6865 octets] - [18/08/2012 15:07:56]

########## EOF - C:\AdwCleaner[S1].txt - [6993 octets] ##########
         


Alt 18.08.2012, 14:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> Live Security Platinum - vollständig entfernen

Alt 18.08.2012, 14:49   #7
laney18
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Der normale Modus von Windows funktioniert.
Allerdings kann ich nicht ins Internet, wenn ich bei ZoneAlarm die Einstellungen für die öffentliche Zone auf hoch stelle. Wenn es auf mittel eingestellt ist, kann ich ganz normal ins Internet.
Im Startmenü fehlt nichts. Unter allen Programmen ist der Ordner "Afinion Project Viewer" leer. Das könnte allerdings auch schon so gewesen sein bevor ich die Probleme mit diesem Live Security Platinum hatte.
Vielen Dank und beste Grüße
Laney

Alt 19.08.2012, 17:37   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Zitat:
wenn ich bei ZoneAlarm die Einstellungen für die öffentliche Zone auf hoch stelle.
ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2012, 18:05   #9
laney18
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Ich habe ZoneAlarm jetzt deinstalliert.
Wenn ich die Windows-Firewall aktivieren will, kommt aber folgende Fehlermeldung:
"Einige der Einstellungen können von der Windows-Firewall nicht geändert werden.
Fehlercode 0x80070424".
Ich kann dann nichts anderes als OK drücken und die Firewall wird nicht aktiviert.

Vielen Dank und schöne Grüße
Laney

Alt 20.08.2012, 21:01   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.08.2012, 21:26   #11
laney18
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Hallo!

Hier die Logdatei:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.08.2012 22:08:13 - Run 2
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\Laney\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 67,73% Memory free
3,92 Gb Paging File | 2,88 Gb Available in Paging File | 73,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,25 Gb Total Space | 2,78 Gb Free Space | 1,93% Space Free | Partition Type: NTFS
 
Computer Name: TORNADO | User Name: Laney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.20 22:06:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe
PRC - [2012.08.08 18:24:18 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 17:51:45 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.10.04 04:04:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\SCHTASK.EXE
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.03 18:19:50 | 000,137,656 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2010.12.03 18:19:32 | 000,258,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.07.21 19:21:00 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2010.06.16 17:19:06 | 000,269,824 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2009.11.24 08:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe
PRC - [2009.10.25 13:25:18 | 000,338,432 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMProcess.exe
PRC - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMWDSrv.exe
PRC - [2009.08.07 05:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2008.06.14 01:02:04 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\KMCONFIG.exe
PRC - [2008.05.30 01:22:32 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Programme\Mouse Driver\StartAutorun.exe
PRC - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 13:58:30 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MOD - [2012.06.13 13:58:29 | 010,580,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c144f89b1f8f292d6940a1b2f8ffbec\System.Design.ni.dll
MOD - [2012.06.13 13:57:54 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.13 13:57:47 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.10 16:09:18 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.10 15:51:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 15:51:00 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012.05.10 15:50:58 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.10 15:49:21 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012.05.10 15:49:01 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012.05.10 15:48:57 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 15:48:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 15:48:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 15:48:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.10.04 04:04:00 | 000,054,784 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:58:06 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.02.27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
MOD - [2008.06.16 09:06:10 | 000,053,248 | ---- | M] () -- C:\Programme\Mouse Driver\MouseHook.dll
MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Programme\Mouse Driver\keydll.dll
MOD - [2006.09.19 09:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.28 09:26:39 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.11 11:09:33 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.05.08 17:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 17:51:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.05 11:29:44 | 002,416,000 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.10.04 04:04:00 | 000,292,200 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2011.10.04 04:04:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc)
SRV - [2011.10.04 04:04:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.11 18:17:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.03 10:57:38 | 000,099,328 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2010.12.02 12:55:54 | 000,064,440 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.11.24 16:34:24 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.27 12:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.06.16 17:19:06 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2009.10.09 16:47:52 | 001,821,696 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Programme\Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
SRV - [2009.08.07 05:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.06.06 15:54:40 | 000,017,328 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\easytthr.sys -- (easytether)
DRV - [2012.05.08 17:51:52 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 17:51:52 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.04 04:04:00 | 000,025,968 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\DOZEHDD.SYS -- (DozeHDD)
DRV - [2011.10.04 04:04:00 | 000,013,424 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.24 11:49:30 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 07:47:22 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.01.13 14:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011.01.13 14:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2010.12.21 07:55:02 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.27 12:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2010.06.14 12:37:56 | 000,194,048 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV - [2010.06.14 12:37:56 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.03.16 18:30:56 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.12 15:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.10.09 15:55:34 | 000,022,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.10 15:31:48 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.08.21 13:59:22 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2009.03.13 14:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.03.27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 67 B5 6F 84 4F CD 01  [binary data]
IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.20 09:57:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 09:26:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions
[2011.06.24 10:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.09 17:52:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions
[2012.08.09 17:52:07 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Laney\AppData\Roaming\mozilla\Firefox\Profiles\8bzrqklg.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2011.08.29 16:40:17 | 000,004,140 | ---- | M] () -- C:\Users\Laney\AppData\Roaming\Mozilla\Firefox\Profiles\8bzrqklg.default\searchplugins\youtube.xml
[2012.06.07 22:19:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.25 14:30:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.28 09:26:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.05.07 15:45:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.07 15:45:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.05.07 15:45:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.07 15:45:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.07 15:45:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.07 15:45:12 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r  /c "C:\Program Files\CheckPoint\Install\Install.xml" File not found
O4 - HKU\S-1-5-21-742040360-1056019599-3321883329-1001..\Run: [Akamai NetSession Interface] C:\Users\Laney\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} hxxp://79.218.13.129:1080/RtspVaPgDec.cab (RtspVaPgCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.102.158 80.69.100.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C96CAC45-EEC0-4585-A1EB-2DCC65662880}: NameServer = 10.11.230.3 10.11.230.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFF33C90-831A-4D4F-97B0-BE113A118823}: DhcpNameServer = 80.69.102.158 80.69.100.102
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun
O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun
O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: BITS -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: EasyTether - hkey= - key= - C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.20 22:06:17 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe
[2012.08.19 18:53:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.08.15 09:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.14 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\Laney\AppData\Roaming\Malwarebytes
[2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.14 16:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.14 16:33:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.14 16:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.13 19:43:30 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E
[2012.08.07 20:26:48 | 000,000,000 | ---D | C] -- C:\Users\Laney\temp
[2012.07.24 18:17:22 | 000,000,000 | ---D | C] -- C:\Snag_India_2
[2012.07.22 12:53:35 | 000,000,000 | ---D | C] -- C:\Snag_India_Tables
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.20 22:06:20 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Laney\Desktop\OTL.exe
[2012.08.20 21:50:20 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 21:50:20 | 000,016,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.20 21:50:18 | 006,302,574 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.20 21:50:18 | 002,318,436 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.20 21:50:18 | 001,937,086 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.20 21:50:18 | 001,735,472 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.20 21:42:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.20 21:42:45 | 1577,803,776 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.19 14:48:51 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.08.18 12:00:00 | 000,618,227 | ---- | M] () -- C:\Users\Laney\Desktop\adwcleaner.exe
[2012.08.15 12:46:59 | 000,302,592 | ---- | M] () -- C:\Users\Laney\Desktop\0hn0jums.exe
[2012.08.15 12:34:57 | 000,000,000 | ---- | M] () -- C:\Users\Laney\defogger_reenable
[2012.08.14 07:19:36 | 000,414,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.31 20:54:22 | 025,784,346 | ---- | M] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf
 
========== Files Created - No Company Name ==========
 
[2012.08.18 11:59:55 | 000,618,227 | ---- | C] () -- C:\Users\Laney\Desktop\adwcleaner.exe
[2012.08.15 12:46:58 | 000,302,592 | ---- | C] () -- C:\Users\Laney\Desktop\0hn0jums.exe
[2012.08.15 12:34:57 | 000,000,000 | ---- | C] () -- C:\Users\Laney\defogger_reenable
[2012.07.31 20:54:18 | 025,784,346 | ---- | C] () -- C:\Users\Laney\Desktop\M5Betriebdeutsch.pdf
[2012.04.06 16:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.02.11 23:20:57 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012.02.11 23:20:57 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@
[2012.01.11 19:48:46 | 000,002,048 | -HS- | C] () -- C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@
[2011.11.16 12:57:56 | 000,001,458 | ---- | C] () -- C:\Users\Laney\.recently-used.xbel
[2011.06.24 14:27:49 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.06.24 14:25:07 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7030.dat
[2011.06.24 14:23:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011.06.24 14:23:34 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011.06.24 13:14:40 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.24 12:24:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.06.24 12:24:46 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.06.24 10:13:31 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.09.27 13:03:08 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2010.06.15 13:20:14 | 000,157,470 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
 
========== LOP Check ==========
 
[2011.10.28 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\.ProjectViewer
[2012.07.07 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Amazon
[2012.06.24 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\CheckPoint
[2011.09.29 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.08.14 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Dropbox
[2012.01.23 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FileZilla
[2011.10.27 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\GetRightToGo
[2011.11.16 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\gtk-2.0
[2012.07.01 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Jumping Bytes
[2012.06.21 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\MyPhoneExplorer
[2011.10.28 08:55:36 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PDF Writer
[2011.11.11 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PwrMgr
[2012.06.21 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Sony
[2011.06.25 15:37:00 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\TeamViewer
[2011.06.24 10:43:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Thunderbird
[2011.12.18 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Tracker Software
[2011.07.12 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Vodafone
[2012.04.28 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\{7AA05F48-9B52-4244-B296-F505ACBC5FD9}
[2012.02.20 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\CheckPoint
[2012.02.20 22:35:20 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\PwrMgr
[2012.02.20 19:02:25 | 000,000,000 | ---D | M] -- C:\Users\Sicherheit\AppData\Roaming\Vodafone
[2012.08.09 20:44:15 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.28 09:05:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\.ProjectViewer
[2012.02.20 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Adobe
[2012.07.07 13:23:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Amazon
[2012.04.25 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Avira
[2011.06.28 15:04:21 | 000,000,000 | R--D | M] -- C:\Users\Laney\AppData\Roaming\Brother
[2012.06.24 13:52:11 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\CheckPoint
[2011.09.29 11:42:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1
[2012.08.14 16:31:12 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Dropbox
[2012.08.18 10:00:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\dvdcss
[2012.01.23 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FileZilla
[2011.07.12 08:57:45 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\FLEXnet
[2011.10.27 11:30:22 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\GetRightToGo
[2011.11.16 12:57:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\gtk-2.0
[2011.06.24 10:08:47 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Identities
[2011.06.24 14:22:45 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\InstallShield
[2012.07.01 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Jumping Bytes
[2012.02.17 11:08:05 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Macromedia
[2012.08.14 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Media Center Programs
[2012.07.11 12:31:02 | 000,000,000 | --SD | M] -- C:\Users\Laney\AppData\Roaming\Microsoft
[2011.06.24 10:17:51 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Mozilla
[2012.06.21 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\MyPhoneExplorer
[2011.10.28 08:55:36 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PDF Writer
[2011.11.11 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\PwrMgr
[2012.07.28 22:19:29 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Skype
[2012.06.21 18:37:50 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Sony
[2011.06.25 15:37:00 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\TeamViewer
[2011.06.24 10:43:13 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Thunderbird
[2011.12.18 12:30:08 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Tracker Software
[2012.03.30 12:43:59 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\vlc
[2011.07.12 08:50:15 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\Vodafone
[2011.09.13 22:19:18 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\WinRAR
[2012.04.28 20:52:52 | 000,000,000 | ---D | M] -- C:\Users\Laney\AppData\Roaming\{7AA05F48-9B52-4244-B296-F505ACBC5FD9}
 
< %APPDATA%\*.exe /s >
[2012.06.14 04:08:56 | 027,595,032 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laney\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.06.14 04:09:00 | 000,874,440 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laney\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.06.14 04:09:06 | 000,181,776 | ---- | M] (Dropbox, Inc.) -- C:\Users\Laney\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.11.11 16:44:36 | 000,010,134 | R--- | M] () -- C:\Users\Laney\AppData\Roaming\Microsoft\Installer\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\DRIVERS\WIN\Turbomem\DRV\Winall\Driver\IaStor.sys
[2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009.08.07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1e7c6170b79c26b\iaStor.sys
[2009.08.07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\DRIVERS\WIN\Turbomem\DRV\Winall\Driver64\IaStor.sys
[2009.08.07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 04:29:56 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 04:30:08 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 04:21:34 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 04:17:56 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Vielen Dank für die Hilfe,
Laney

Alt 21.08.2012, 12:50   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - user.js - File not found
O3 - HKU\S-1-5-21-742040360-1056019599-3321883329-1001\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun
O33 - MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell - "" = AutoRun
O33 - MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
:Files
C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.08.2012, 15:59   #13
laney18
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Hallo,

vielen Dank, hier die Log-Datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-742040360-1056019599-3321883329-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae303-b769-11e0-b578-001d7284404f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae303-b769-11e0-b578-001d7284404f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae303-b769-11e0-b578-001d7284404f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae30a-b769-11e0-b578-001d7284404f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8acae30a-b769-11e0-b578-001d7284404f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8acae30a-b769-11e0-b578-001d7284404f}\ not found.
File E:\AutoRun.exe not found.
========== FILES ==========
C:\ProgramData\036DFF61004F8DA102F9842FF875EF7E folder moved successfully.
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L folder moved successfully.
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\L folder moved successfully.
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U folder moved successfully.
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\U folder moved successfully.
File\Folder C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n not found.
File\Folder C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\n not found.
C:\Windows\Installer\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@ moved successfully.
C:\Users\Laney\AppData\Local\{47e255ab-99fb-3ddf-7044-9355a8eae3dd}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Laney
->Temp folder emptied: 210015949 bytes
->Temporary Internet Files folder emptied: 68690827 bytes
->Java cache emptied: 1084735 bytes
->FireFox cache emptied: 391159200 bytes
->Flash cache emptied: 66969 bytes
 
User: Public
 
User: Sicherheit
->Temp folder emptied: 1256988 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 389520749 bytes
RecycleBin emptied: 244339496 bytes
 
Total Files Cleaned = 1.246,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Laney
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Sicherheit
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.58.1 log created on 08212012_164033

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Schönen Urlaub,
Laney

Alt 30.08.2012, 11:23   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.08.2012, 14:47   #15
laney18
 
Live Security Platinum - vollständig entfernen - Standard

Live Security Platinum - vollständig entfernen



Hi!
Ich hoffe, Dein Urlaub war schön.
Vielen Dank für die Hilfe!
Hier die Log-Datei vom TDSSKiller:
Code:
ATTFilter
15:42:28.0493 3752  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:42:28.0556 3752  ============================================================
15:42:28.0556 3752  Current date / time: 2012/08/30 15:42:28.0556
15:42:28.0556 3752  SystemInfo:
15:42:28.0556 3752  
15:42:28.0556 3752  OS Version: 6.1.7601 ServicePack: 1.0
15:42:28.0556 3752  Product type: Workstation
15:42:28.0556 3752  ComputerName: TORNADO
15:42:28.0571 3752  UserName: Laney
15:42:28.0571 3752  Windows directory: C:\Windows
15:42:28.0571 3752  System windows directory: C:\Windows
15:42:28.0571 3752  Processor architecture: Intel x86
15:42:28.0571 3752  Number of processors: 2
15:42:28.0571 3752  Page size: 0x1000
15:42:28.0571 3752  Boot type: Normal boot
15:42:28.0571 3752  ============================================================
15:42:28.0946 3752  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:42:28.0961 3752  ============================================================
15:42:28.0961 3752  \Device\Harddisk1\DR1:
15:42:28.0961 3752  MBR partitions:
15:42:28.0961 3752  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x99A000, BlocksNum 0x1207F000
15:42:28.0961 3752  ============================================================
15:42:28.0961 3752  C: <-> \Device\Harddisk1\DR1\Partition1
15:42:28.0961 3752  ============================================================
15:42:28.0961 3752  Initialize success
15:42:28.0961 3752  ============================================================
15:43:36.0213 5292  ============================================================
15:43:36.0213 5292  Scan started
15:43:36.0213 5292  Mode: Manual; SigCheck; TDLFS; 
15:43:36.0213 5292  ============================================================
15:43:36.0993 5292  ================ Scan services =============================
15:43:37.0055 5292  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:43:37.0180 5292  1394ohci - ok
15:43:37.0196 5292  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:43:37.0211 5292  ACPI - ok
15:43:37.0227 5292  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:43:37.0274 5292  AcpiPmi - ok
15:43:37.0289 5292  [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
15:43:37.0352 5292  ADIHdAudAddService - ok
15:43:37.0367 5292  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:43:37.0367 5292  AdobeARMservice - ok
15:43:37.0430 5292  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:37.0445 5292  adp94xx - ok
15:43:37.0461 5292  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:43:37.0476 5292  adpahci - ok
15:43:37.0508 5292  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:43:37.0523 5292  adpu320 - ok
15:43:37.0523 5292  [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters    C:\Windows\system32\AEADISRV.EXE
15:43:37.0554 5292  AEADIFilters - ok
15:43:37.0554 5292  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:43:37.0586 5292  AeLookupSvc - ok
15:43:37.0617 5292  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
15:43:37.0664 5292  AFD - ok
15:43:37.0679 5292  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
15:43:37.0695 5292  agp440 - ok
15:43:37.0710 5292  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
15:43:37.0726 5292  aic78xx - ok
15:43:37.0960 5292  [ 29584F02A43E427C4227E3B1D9FF1B22 ] Akamai          c:\program files\common files\akamai/netsession_win_4f7fccd.dll
15:43:37.0960 5292  Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_4f7fccd.dll. md5: 29584F02A43E427C4227E3B1D9FF1B22
15:43:37.0976 5292  Akamai ( HiddenFile.Multi.Generic ) - warning
15:43:37.0976 5292  Akamai - detected HiddenFile.Multi.Generic (1)
15:43:37.0991 5292  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
15:43:38.0022 5292  ALG - ok
15:43:38.0038 5292  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:43:38.0054 5292  aliide - ok
15:43:38.0085 5292  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:43:38.0100 5292  amdagp - ok
15:43:38.0116 5292  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:43:38.0116 5292  amdide - ok
15:43:38.0147 5292  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:43:38.0178 5292  AmdK8 - ok
15:43:38.0194 5292  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:43:38.0241 5292  AmdPPM - ok
15:43:38.0256 5292  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:43:38.0272 5292  amdsata - ok
15:43:38.0288 5292  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:38.0303 5292  amdsbs - ok
15:43:38.0303 5292  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:43:38.0319 5292  amdxata - ok
15:43:38.0350 5292  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
15:43:38.0444 5292  androidusb - ok
15:43:38.0459 5292  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:43:38.0459 5292  AntiVirSchedulerService - ok
15:43:38.0475 5292  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:43:38.0475 5292  AntiVirService - ok
15:43:38.0506 5292  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
15:43:38.0646 5292  AppID - ok
15:43:38.0678 5292  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:43:38.0709 5292  AppIDSvc - ok
15:43:38.0724 5292  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
15:43:38.0756 5292  Appinfo - ok
15:43:38.0771 5292  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
15:43:38.0802 5292  AppMgmt - ok
15:43:38.0834 5292  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:43:38.0849 5292  arc - ok
15:43:38.0865 5292  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:43:38.0865 5292  arcsas - ok
15:43:38.0880 5292  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:39.0005 5292  AsyncMac - ok
15:43:39.0005 5292  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
15:43:39.0021 5292  atapi - ok
15:43:39.0052 5292  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:43:39.0099 5292  AudioEndpointBuilder - ok
15:43:39.0114 5292  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:43:39.0146 5292  Audiosrv - ok
15:43:39.0161 5292  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:43:39.0177 5292  avgntflt - ok
15:43:39.0177 5292  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:43:39.0192 5292  avipbb - ok
15:43:39.0208 5292  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:43:39.0208 5292  avkmgr - ok
15:43:39.0224 5292  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:43:39.0255 5292  AxInstSV - ok
15:43:39.0302 5292  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
15:43:39.0348 5292  b06bdrv - ok
15:43:39.0380 5292  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:43:39.0395 5292  b57nd60x - ok
15:43:39.0411 5292  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:43:39.0442 5292  BDESVC - ok
15:43:39.0442 5292  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:43:39.0473 5292  Beep - ok
15:43:39.0473 5292  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:39.0504 5292  blbdrive - ok
15:43:39.0504 5292  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:43:39.0551 5292  bowser - ok
15:43:39.0567 5292  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:39.0629 5292  BrFiltLo - ok
15:43:39.0645 5292  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:39.0676 5292  BrFiltUp - ok
15:43:39.0676 5292  [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser         C:\Windows\System32\browser.dll
15:43:39.0738 5292  Browser - ok
15:43:39.0754 5292  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:43:39.0785 5292  Brserid - ok
15:43:39.0801 5292  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:39.0832 5292  BrSerWdm - ok
15:43:39.0832 5292  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:39.0863 5292  BrUsbMdm - ok
15:43:39.0863 5292  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:39.0894 5292  BrUsbSer - ok
15:43:39.0926 5292  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
15:43:39.0941 5292  BthEnum - ok
15:43:39.0957 5292  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:39.0988 5292  BTHMODEM - ok
15:43:40.0019 5292  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
15:43:40.0035 5292  BthPan - ok
15:43:40.0082 5292  [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
15:43:40.0113 5292  BTHPORT - ok
15:43:40.0128 5292  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
15:43:40.0191 5292  bthserv - ok
15:43:40.0206 5292  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
15:43:40.0238 5292  BTHUSB - ok
15:43:40.0253 5292  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:43:40.0300 5292  cdfs - ok
15:43:40.0300 5292  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:43:40.0331 5292  cdrom - ok
15:43:40.0347 5292  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
15:43:40.0378 5292  CertPropSvc - ok
15:43:40.0409 5292  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:43:40.0425 5292  circlass - ok
15:43:40.0425 5292  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:43:40.0440 5292  CLFS - ok
15:43:40.0472 5292  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:40.0487 5292  clr_optimization_v2.0.50727_32 - ok
15:43:40.0518 5292  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:40.0534 5292  clr_optimization_v4.0.30319_32 - ok
15:43:40.0534 5292  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:40.0550 5292  CmBatt - ok
15:43:40.0565 5292  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:43:40.0581 5292  cmdide - ok
15:43:40.0596 5292  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
15:43:40.0628 5292  CNG - ok
15:43:40.0628 5292  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:43:40.0643 5292  Compbatt - ok
15:43:40.0659 5292  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:43:40.0674 5292  CompositeBus - ok
15:43:40.0690 5292  COMSysApp - ok
15:43:40.0706 5292  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:40.0706 5292  crcdisk - ok
15:43:40.0737 5292  [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:43:40.0768 5292  CryptSvc - ok
15:43:40.0784 5292  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
15:43:40.0846 5292  CSC - ok
15:43:40.0877 5292  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
15:43:40.0908 5292  CscService - ok
15:43:40.0940 5292  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
15:43:40.0955 5292  CVirtA - ok
15:43:41.0033 5292  [ 30443EEF52F5FB043654859EAA8E5247 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
15:43:41.0080 5292  CVPND - ok
15:43:41.0096 5292  [ CB90B2762B1A1D0B40496400C55B6ADE ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
15:43:41.0127 5292  CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
15:43:41.0127 5292  CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
15:43:41.0158 5292  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:43:41.0189 5292  DcomLaunch - ok
15:43:41.0205 5292  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:43:41.0236 5292  defragsvc - ok
15:43:41.0252 5292  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:43:41.0283 5292  DfsC - ok
15:43:41.0298 5292  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:43:41.0345 5292  Dhcp - ok
15:43:41.0345 5292  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:43:41.0376 5292  discache - ok
15:43:41.0392 5292  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:43:41.0408 5292  Disk - ok
15:43:41.0408 5292  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
15:43:41.0423 5292  DNE - ok
15:43:41.0423 5292  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:43:41.0454 5292  Dnscache - ok
15:43:41.0470 5292  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:43:41.0501 5292  dot3svc - ok
15:43:41.0517 5292  [ 6D279BB0DE1D8E34F454E1B353F4D738 ] DozeHDD         C:\Windows\system32\DRIVERS\DozeHDD.sys
15:43:41.0517 5292  DozeHDD - ok
15:43:41.0548 5292  [ 01E2180C3D72CB0ADCC43FB83D18942A ] DozeSvc         C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
15:43:41.0564 5292  DozeSvc - ok
15:43:41.0579 5292  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
15:43:41.0626 5292  DPS - ok
15:43:41.0642 5292  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:43:41.0673 5292  drmkaud - ok
15:43:41.0704 5292  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:43:41.0735 5292  DXGKrnl - ok
15:43:41.0751 5292  [ CF0A6015F437161698C5B2A0A12CF052 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
15:43:41.0782 5292  e1express - ok
15:43:41.0782 5292  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
15:43:41.0813 5292  EapHost - ok
15:43:41.0829 5292  [ 312B74DC21C0EE503905740852DAE28B ] easytether      C:\Windows\system32\DRIVERS\easytthr.sys
15:43:41.0829 5292  easytether - ok
15:43:41.0954 5292  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
15:43:42.0110 5292  ebdrv - ok
15:43:42.0110 5292  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
15:43:42.0141 5292  EFS - ok
15:43:42.0172 5292  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:43:42.0203 5292  ehRecvr - ok
15:43:42.0234 5292  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
15:43:42.0250 5292  ehSched - ok
15:43:42.0281 5292  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:43:42.0297 5292  elxstor - ok
15:43:42.0328 5292  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:43:42.0344 5292  ErrDev - ok
15:43:42.0375 5292  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
15:43:42.0422 5292  EventSystem - ok
15:43:42.0453 5292  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
15:43:42.0484 5292  exfat - ok
15:43:42.0515 5292  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:43:42.0562 5292  fastfat - ok
15:43:42.0593 5292  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
15:43:42.0640 5292  Fax - ok
15:43:42.0656 5292  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:43:42.0656 5292  fdc - ok
15:43:42.0687 5292  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
15:43:42.0718 5292  fdPHost - ok
15:43:42.0718 5292  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:43:42.0749 5292  FDResPub - ok
15:43:42.0749 5292  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:43:42.0765 5292  FileInfo - ok
15:43:42.0780 5292  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:43:42.0812 5292  Filetrace - ok
15:43:42.0827 5292  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:42.0843 5292  flpydisk - ok
15:43:42.0858 5292  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:43:42.0874 5292  FltMgr - ok
15:43:42.0921 5292  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
15:43:42.0952 5292  FontCache - ok
15:43:42.0968 5292  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:43:42.0968 5292  FontCache3.0.0.0 - ok
15:43:42.0983 5292  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:43:42.0999 5292  FsDepends - ok
15:43:42.0999 5292  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:43:43.0014 5292  Fs_Rec - ok
15:43:43.0030 5292  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:43:43.0046 5292  fvevol - ok
15:43:43.0077 5292  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:43.0077 5292  gagp30kx - ok
15:43:43.0108 5292  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:43:43.0155 5292  gpsvc - ok
15:43:43.0170 5292  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:43:43.0202 5292  hcw85cir - ok
15:43:43.0233 5292  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:43.0248 5292  HdAudAddService - ok
15:43:43.0264 5292  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:43:43.0295 5292  HDAudBus - ok
15:43:43.0311 5292  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:43.0326 5292  HidBatt - ok
15:43:43.0342 5292  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:43:43.0373 5292  HidBth - ok
15:43:43.0389 5292  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:43:43.0420 5292  HidIr - ok
15:43:43.0420 5292  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
15:43:43.0436 5292  hidserv - ok
15:43:43.0482 5292  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:43:43.0482 5292  HidUsb - ok
15:43:43.0498 5292  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:43:43.0529 5292  hkmsvc - ok
15:43:43.0560 5292  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:43:43.0592 5292  HomeGroupListener - ok
15:43:43.0623 5292  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:43:43.0638 5292  HomeGroupProvider - ok
15:43:43.0670 5292  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:43:43.0685 5292  HpSAMD - ok
15:43:43.0716 5292  [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:43:43.0794 5292  HSF_DPV - ok
15:43:43.0810 5292  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
15:43:43.0826 5292  HSXHWAZL - ok
15:43:43.0857 5292  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:43:43.0888 5292  HTTP - ok
15:43:43.0919 5292  [ 988C0A49F09D75D3341CB419141793C1 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
15:43:43.0935 5292  hwdatacard - ok
15:43:43.0950 5292  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:43:43.0950 5292  hwpolicy - ok
15:43:43.0982 5292  [ A259D3619AA23D4562581067F85E2006 ] hwusbdev        C:\Windows\system32\DRIVERS\ewusbdev.sys
15:43:43.0997 5292  hwusbdev - ok
15:43:44.0013 5292  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:43:44.0028 5292  i8042prt - ok
15:43:44.0044 5292  [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:43:44.0060 5292  IAANTMON - ok
15:43:44.0075 5292  [ D0310C79C5A9D42B96E37C5C510C6A5C ] iaNvStor        C:\Windows\system32\DRIVERS\iaNvStor.sys
15:43:44.0091 5292  iaNvStor - ok
15:43:44.0106 5292  [ 01446278D4563B3013C92830AE6CBB26 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:43:44.0122 5292  iaStor - ok
15:43:44.0138 5292  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:43:44.0153 5292  iaStorV - ok
15:43:44.0153 5292  [ BF648877413F6160E480814A24942B65 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
15:43:44.0169 5292  IBMPMDRV - ok
15:43:44.0184 5292  [ A75CE11915E4ECC5E1597D6E0F7BB2DB ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
15:43:44.0184 5292  IBMPMSVC - ok
15:43:44.0247 5292  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:43:44.0278 5292  idsvc - ok
15:43:44.0450 5292  [ 1F50623259DF354776DF04C56504A2D7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
15:43:44.0684 5292  igfx - ok
15:43:44.0699 5292  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:43:44.0699 5292  iirsp - ok
15:43:44.0730 5292  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:43:44.0777 5292  IKEEXT - ok
15:43:44.0793 5292  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:43:44.0793 5292  intelide - ok
15:43:44.0808 5292  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:43:44.0824 5292  intelppm - ok
15:43:44.0840 5292  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:43:44.0886 5292  IPBusEnum - ok
15:43:44.0886 5292  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:44.0933 5292  IpFilterDriver - ok
15:43:44.0949 5292  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:43:44.0964 5292  IPMIDRV - ok
15:43:44.0980 5292  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:43:45.0011 5292  IPNAT - ok
15:43:45.0027 5292  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:43:45.0089 5292  IRENUM - ok
15:43:45.0105 5292  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:43:45.0105 5292  isapnp - ok
15:43:45.0120 5292  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:43:45.0136 5292  iScsiPrt - ok
15:43:45.0152 5292  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:45.0167 5292  kbdclass - ok
15:43:45.0167 5292  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:45.0198 5292  kbdhid - ok
15:43:45.0198 5292  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
15:43:45.0214 5292  KeyIso - ok
15:43:45.0245 5292  [ EC97BE0D539597965BE5A8DABBD67BD9 ] KMWDFILTERx86   C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:43:45.0261 5292  KMWDFILTERx86 - ok
15:43:45.0339 5292  [ 37C4748910241C745FEA5A8D3059543C ] KMWDSERVICE     C:\Program Files\Mouse Driver\KMWDSrv.exe
15:43:45.0417 5292  KMWDSERVICE ( UnsignedFile.Multi.Generic ) - warning
15:43:45.0417 5292  KMWDSERVICE - detected UnsignedFile.Multi.Generic (1)
15:43:45.0417 5292  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:43:45.0432 5292  KSecDD - ok
15:43:45.0448 5292  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:43:45.0464 5292  KSecPkg - ok
15:43:45.0495 5292  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:43:45.0557 5292  KtmRm - ok
15:43:45.0573 5292  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:43:45.0604 5292  LanmanServer - ok
15:43:45.0604 5292  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:45.0635 5292  LanmanWorkstation - ok
15:43:45.0651 5292  [ FCE735941DA27929DBFC1918F286FFD8 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
15:43:45.0666 5292  LENOVO.MICMUTE - ok
15:43:45.0666 5292  [ 9AAC267A225F3CAEBB9E633F7EB16E4B ] lenovo.smi      C:\Windows\system32\DRIVERS\smiif32.sys
15:43:45.0666 5292  lenovo.smi - ok
15:43:45.0682 5292  [ 6F2CC57EB5836D2AC9BD37F3554D55F8 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
15:43:45.0682 5292  Lenovo.VIRTSCRLSVC - ok
15:43:45.0698 5292  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:43:45.0729 5292  lltdio - ok
15:43:45.0744 5292  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:43:45.0776 5292  lltdsvc - ok
15:43:45.0791 5292  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:43:45.0822 5292  lmhosts - ok
15:43:45.0854 5292  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:45.0854 5292  LSI_FC - ok
15:43:45.0869 5292  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:45.0885 5292  LSI_SAS - ok
15:43:45.0900 5292  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:45.0916 5292  LSI_SAS2 - ok
15:43:45.0932 5292  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:45.0947 5292  LSI_SCSI - ok
15:43:45.0947 5292  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
15:43:45.0978 5292  luafv - ok
15:43:46.0010 5292  [ 8D9C68FA8B7FBE0E225BDE0BBCD8CE9B ] massfilter      C:\Windows\system32\DRIVERS\massfilter.sys
15:43:46.0025 5292  massfilter - ok
15:43:46.0041 5292  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:43:46.0056 5292  Mcx2Svc - ok
15:43:46.0072 5292  [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:43:46.0088 5292  mdmxsdk - ok
15:43:46.0103 5292  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:43:46.0119 5292  megasas - ok
15:43:46.0150 5292  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:46.0166 5292  MegaSR - ok
15:43:46.0197 5292  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:43:46.0197 5292  Microsoft Office Groove Audit Service - ok
15:43:46.0212 5292  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
15:43:46.0244 5292  MMCSS - ok
15:43:46.0244 5292  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
15:43:46.0290 5292  Modem - ok
15:43:46.0290 5292  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:43:46.0306 5292  monitor - ok
15:43:46.0322 5292  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:43:46.0322 5292  mouclass - ok
15:43:46.0353 5292  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:43:46.0368 5292  mouhid - ok
15:43:46.0384 5292  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:43:46.0400 5292  mountmgr - ok
15:43:46.0446 5292  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:43:46.0446 5292  MozillaMaintenance - ok
15:43:46.0478 5292  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:43:46.0493 5292  mpio - ok
15:43:46.0524 5292  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:43:46.0571 5292  mpsdrv - ok
15:43:46.0602 5292  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:43:46.0618 5292  MRxDAV - ok
15:43:46.0634 5292  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:46.0665 5292  mrxsmb - ok
15:43:46.0680 5292  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:46.0712 5292  mrxsmb10 - ok
15:43:46.0727 5292  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:46.0743 5292  mrxsmb20 - ok
15:43:46.0743 5292  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
15:43:46.0758 5292  msahci - ok
15:43:46.0774 5292  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:43:46.0790 5292  msdsm - ok
15:43:46.0805 5292  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
15:43:46.0821 5292  MSDTC - ok
15:43:46.0836 5292  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:43:46.0852 5292  Msfs - ok
15:43:46.0868 5292  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:43:46.0914 5292  mshidkmdf - ok
15:43:46.0914 5292  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:43:46.0930 5292  msisadrv - ok
15:43:46.0946 5292  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:43:46.0977 5292  MSiSCSI - ok
15:43:46.0992 5292  msiserver - ok
15:43:47.0008 5292  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:43:47.0039 5292  MSKSSRV - ok
15:43:47.0055 5292  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:47.0086 5292  MSPCLOCK - ok
15:43:47.0086 5292  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:43:47.0133 5292  MSPQM - ok
15:43:47.0133 5292  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:43:47.0148 5292  MsRPC - ok
15:43:47.0164 5292  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:43:47.0180 5292  mssmbios - ok
15:43:47.0195 5292  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:43:47.0211 5292  MSTEE - ok
15:43:47.0226 5292  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:47.0242 5292  MTConfig - ok
15:43:47.0242 5292  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:43:47.0258 5292  Mup - ok
15:43:47.0273 5292  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
15:43:47.0320 5292  napagent - ok
15:43:47.0336 5292  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:43:47.0351 5292  NativeWifiP - ok
15:43:47.0382 5292  [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:43:47.0414 5292  NDIS - ok
15:43:47.0476 5292  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:47.0507 5292  NdisCap - ok
15:43:47.0507 5292  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:47.0538 5292  NdisTapi - ok
15:43:47.0554 5292  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:47.0570 5292  Ndisuio - ok
15:43:47.0585 5292  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:47.0616 5292  NdisWan - ok
15:43:47.0616 5292  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:43:47.0648 5292  NDProxy - ok
15:43:47.0648 5292  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:43:47.0679 5292  NetBIOS - ok
15:43:47.0694 5292  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:43:47.0741 5292  NetBT - ok
15:43:47.0741 5292  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
15:43:47.0757 5292  Netlogon - ok
15:43:47.0772 5292  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:43:47.0804 5292  Netman - ok
15:43:47.0819 5292  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:43:47.0866 5292  netprofm - ok
15:43:47.0897 5292  [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:43:47.0897 5292  NetTcpPortSharing - ok
15:43:48.0038 5292  [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32        C:\Windows\system32\DRIVERS\netw5v32.sys
15:43:48.0256 5292  netw5v32 - ok
15:43:48.0272 5292  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:48.0287 5292  nfrd960 - ok
15:43:48.0303 5292  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:43:48.0334 5292  NlaSvc - ok
15:43:48.0350 5292  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:43:48.0381 5292  Npfs - ok
15:43:48.0381 5292  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
15:43:48.0412 5292  nsi - ok
15:43:48.0412 5292  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:43:48.0443 5292  nsiproxy - ok
15:43:48.0490 5292  [ 81189C3D7763838E55C397759D49007A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:43:48.0537 5292  Ntfs - ok
15:43:48.0552 5292  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:43:48.0771 5292  Null - ok
15:43:48.0818 5292  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:43:48.0818 5292  nvraid - ok
15:43:48.0864 5292  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:43:48.0864 5292  nvstor - ok
15:43:48.0880 5292  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:43:48.0896 5292  nv_agp - ok
15:43:48.0927 5292  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:43:48.0942 5292  odserv - ok
15:43:48.0974 5292  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:43:49.0005 5292  ohci1394 - ok
15:43:49.0020 5292  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:49.0036 5292  ose - ok
15:43:49.0067 5292  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:43:49.0098 5292  p2pimsvc - ok
15:43:49.0114 5292  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:43:49.0145 5292  p2psvc - ok
15:43:49.0145 5292  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:43:49.0176 5292  Parport - ok
15:43:49.0176 5292  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:43:49.0192 5292  partmgr - ok
15:43:49.0208 5292  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:43:49.0239 5292  Parvdm - ok
15:43:49.0254 5292  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:43:49.0270 5292  PcaSvc - ok
15:43:49.0270 5292  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
15:43:49.0286 5292  pci - ok
15:43:49.0317 5292  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
15:43:49.0317 5292  pciide - ok
15:43:49.0332 5292  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:49.0348 5292  pcmcia - ok
15:43:49.0364 5292  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
15:43:49.0364 5292  pcw - ok
15:43:49.0395 5292  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:43:49.0488 5292  PEAUTH - ok
15:43:49.0535 5292  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
15:43:49.0566 5292  PeerDistSvc - ok
15:43:49.0629 5292  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
15:43:49.0707 5292  pla - ok
15:43:49.0722 5292  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:43:49.0754 5292  PlugPlay - ok
15:43:49.0769 5292  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:43:49.0785 5292  PNRPAutoReg - ok
15:43:49.0816 5292  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:43:49.0832 5292  PNRPsvc - ok
15:43:49.0863 5292  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:43:49.0910 5292  PolicyAgent - ok
15:43:49.0910 5292  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
15:43:49.0941 5292  Power - ok
15:43:49.0972 5292  [ 836FE79DE8767D77136B6491A3D61089 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
15:43:49.0988 5292  Power Manager DBC Service - ok
15:43:49.0988 5292  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:43:50.0019 5292  PptpMiniport - ok
15:43:50.0050 5292  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:43:50.0066 5292  Processor - ok
15:43:50.0112 5292  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
15:43:50.0128 5292  ProfSvc - ok
15:43:50.0144 5292  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:43:50.0159 5292  ProtectedStorage - ok
15:43:50.0159 5292  [ 06F82545E04EBF113B1C2C1C9F766D81 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
15:43:50.0175 5292  psadd - ok
15:43:50.0175 5292  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:43:50.0206 5292  Psched - ok
15:43:50.0222 5292  [ 576444157F1CB25AE2057EED586D4889 ] PwmEWSvc        C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE
15:43:50.0237 5292  PwmEWSvc - ok
15:43:50.0300 5292  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:43:50.0378 5292  ql2300 - ok
15:43:50.0378 5292  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:50.0393 5292  ql40xx - ok
15:43:50.0409 5292  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
15:43:50.0440 5292  QWAVE - ok
15:43:50.0471 5292  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:43:50.0487 5292  QWAVEdrv - ok
15:43:50.0502 5292  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:43:50.0534 5292  RasAcd - ok
15:43:50.0534 5292  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:50.0580 5292  RasAgileVpn - ok
15:43:50.0596 5292  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
15:43:50.0612 5292  RasAuto - ok
15:43:50.0627 5292  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:50.0658 5292  Rasl2tp - ok
15:43:50.0690 5292  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
15:43:50.0721 5292  RasMan - ok
15:43:50.0721 5292  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:50.0752 5292  RasPppoe - ok
15:43:50.0752 5292  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:43:50.0799 5292  RasSstp - ok
15:43:50.0814 5292  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:43:50.0846 5292  rdbss - ok
15:43:50.0846 5292  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:50.0877 5292  rdpbus - ok
15:43:50.0877 5292  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:50.0924 5292  RDPCDD - ok
15:43:50.0955 5292  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
15:43:50.0970 5292  RDPDR - ok
15:43:50.0970 5292  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:43:51.0017 5292  RDPENCDD - ok
15:43:51.0017 5292  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:43:51.0064 5292  RDPREFMP - ok
15:43:51.0095 5292  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:43:51.0126 5292  RDPWD - ok
15:43:51.0126 5292  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:43:51.0158 5292  rdyboost - ok
15:43:51.0173 5292  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:43:51.0205 5292  RemoteAccess - ok
15:43:51.0220 5292  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:43:51.0251 5292  RemoteRegistry - ok
15:43:51.0267 5292  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
15:43:51.0283 5292  RFCOMM - ok
15:43:51.0298 5292  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:43:51.0329 5292  RpcEptMapper - ok
15:43:51.0345 5292  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:43:51.0376 5292  RpcLocator - ok
15:43:51.0392 5292  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
15:43:51.0423 5292  RpcSs - ok
15:43:51.0439 5292  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:43:51.0454 5292  rspndr - ok
15:43:51.0485 5292  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
15:43:51.0501 5292  s3cap - ok
15:43:51.0501 5292  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
15:43:51.0517 5292  SamSs - ok
15:43:51.0532 5292  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:43:51.0548 5292  sbp2port - ok
15:43:51.0563 5292  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:43:51.0595 5292  SCardSvr - ok
15:43:51.0610 5292  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:43:51.0641 5292  scfilter - ok
15:43:51.0673 5292  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
15:43:51.0735 5292  Schedule - ok
15:43:51.0766 5292  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:43:51.0782 5292  SCPolicySvc - ok
15:43:51.0782 5292  [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus           C:\Windows\system32\drivers\sdbus.sys
15:43:51.0813 5292  sdbus - ok
15:43:51.0829 5292  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:43:51.0860 5292  SDRSVC - ok
15:43:51.0860 5292  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:43:51.0891 5292  secdrv - ok
15:43:51.0907 5292  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:43:51.0938 5292  seclogon - ok
15:43:51.0938 5292  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
15:43:51.0969 5292  SENS - ok
15:43:52.0000 5292  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:43:52.0000 5292  SensrSvc - ok
15:43:52.0016 5292  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:43:52.0047 5292  Serenum - ok
15:43:52.0063 5292  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:43:52.0078 5292  Serial - ok
15:43:52.0109 5292  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:43:52.0109 5292  sermouse - ok
15:43:52.0141 5292  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:43:52.0187 5292  SessionEnv - ok
15:43:52.0187 5292  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
15:43:52.0219 5292  sffdisk - ok
15:43:52.0234 5292  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:43:52.0265 5292  sffp_mmc - ok
15:43:52.0265 5292  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
15:43:52.0281 5292  sffp_sd - ok
15:43:52.0312 5292  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:43:52.0328 5292  sfloppy - ok
15:43:52.0359 5292  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:43:52.0390 5292  ShellHWDetection - ok
15:43:52.0406 5292  [ DF6A84DD19D3C0858D707B5E64938D60 ] Shockprf        C:\Windows\system32\DRIVERS\Apsx86.sys
15:43:52.0421 5292  Shockprf - ok
15:43:52.0453 5292  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:43:52.0453 5292  sisagp - ok
15:43:52.0499 5292  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:43:52.0499 5292  SiSRaid2 - ok
15:43:52.0515 5292  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:43:52.0531 5292  SiSRaid4 - ok
15:43:52.0546 5292  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:43:52.0577 5292  Smb - ok
15:43:52.0577 5292  [ 0B9C01236D25BDCB37AA79DC59DFB7D3 ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
15:43:52.0593 5292  smihlp - ok
15:43:52.0609 5292  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:43:52.0609 5292  SNMPTRAP - ok
15:43:52.0952 5292  [ 11BB0E11D42CC3A43D741D9B30839BE1 ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
15:43:53.0342 5292  SNPSTD3 - ok
15:43:53.0357 5292  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:43:53.0357 5292  spldr - ok
15:43:53.0389 5292  [ 866A43013535DC8587C258E43579C764 ] Spooler         C:\Windows\System32\spoolsv.exe
15:43:53.0420 5292  Spooler - ok
15:43:53.0732 5292  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:43:53.0857 5292  sppsvc - ok
15:43:53.0888 5292  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:43:53.0919 5292  sppuinotify - ok
15:43:53.0935 5292  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:43:53.0966 5292  srv - ok
15:43:53.0981 5292  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:43:54.0013 5292  srv2 - ok
15:43:54.0059 5292  [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:43:54.0091 5292  SrvHsfHDA - ok
15:43:54.0122 5292  [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:43:54.0184 5292  SrvHsfV92 - ok
15:43:54.0215 5292  [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:43:54.0231 5292  SrvHsfWinac - ok
15:43:54.0247 5292  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:43:54.0262 5292  srvnet - ok
15:43:54.0293 5292  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
15:43:54.0325 5292  ssadbus - ok
15:43:54.0356 5292  [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:43:54.0356 5292  ssadmdfl - ok
15:43:54.0387 5292  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
15:43:54.0403 5292  ssadmdm - ok
15:43:54.0418 5292  [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
15:43:54.0434 5292  ssadserd - ok
15:43:54.0449 5292  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:43:54.0481 5292  SSDPSRV - ok
15:43:54.0481 5292  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
15:43:54.0496 5292  ssmdrv - ok
15:43:54.0512 5292  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:43:54.0527 5292  SstpSvc - ok
15:43:54.0574 5292  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:43:54.0574 5292  stexstor - ok
15:43:54.0605 5292  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:43:54.0637 5292  StiSvc - ok
15:43:54.0652 5292  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
15:43:54.0668 5292  storflt - ok
15:43:54.0683 5292  [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc         C:\Windows\system32\storsvc.dll
15:43:54.0683 5292  StorSvc - ok
15:43:54.0715 5292  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
15:43:54.0730 5292  storvsc - ok
15:43:54.0730 5292  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:43:54.0746 5292  swenum - ok
15:43:54.0761 5292  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
15:43:54.0793 5292  swprv - ok
15:43:54.0855 5292  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
15:43:54.0902 5292  SysMain - ok
15:43:54.0917 5292  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:43:54.0949 5292  TabletInputService - ok
15:43:54.0964 5292  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:43:54.0995 5292  TapiSrv - ok
15:43:54.0995 5292  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
15:43:55.0027 5292  TBS - ok
15:43:55.0073 5292  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:43:55.0136 5292  Tcpip - ok
15:43:55.0183 5292  [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:43:55.0214 5292  TCPIP6 - ok
15:43:55.0214 5292  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:43:55.0245 5292  tcpipreg - ok
15:43:55.0307 5292  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:43:55.0339 5292  TDPIPE - ok
15:43:55.0354 5292  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:43:55.0370 5292  TDTCP - ok
15:43:55.0385 5292  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:43:55.0417 5292  tdx - ok
15:43:55.0495 5292  [ 0F0FEDEB1BEF118CF676B1E5BBB0FE9A ] TeamViewer6     C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
15:43:55.0541 5292  TeamViewer6 - ok
15:43:55.0635 5292  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
15:43:55.0682 5292  TeamViewer7 - ok
15:43:55.0682 5292  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:43:55.0697 5292  TermDD - ok
15:43:55.0760 5292  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
15:43:55.0822 5292  TermService - ok
15:43:55.0822 5292  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:43:55.0853 5292  Themes - ok
15:43:55.0869 5292  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:43:55.0885 5292  THREADORDER - ok
15:43:55.0900 5292  [ 1C950AE9C09904C229525F22EEFC15DB ] Tp4Track        C:\Windows\system32\DRIVERS\tp4track.sys
15:43:55.0900 5292  Tp4Track - ok
15:43:55.0916 5292  [ 50B570E4209F6D401893720FC8DDCE46 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM86.sys
15:43:55.0916 5292  TPDIGIMN - ok
15:43:55.0947 5292  [ 1F98A2433555DD854CB4E2EDC819DEB4 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG.exe
15:43:55.0947 5292  TPHDEXLGSVC - ok
15:43:55.0963 5292  [ 88D609BFDEB7E013E9E491434190BA43 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
15:43:55.0963 5292  TPHKLOAD ( UnsignedFile.Multi.Generic ) - warning
15:43:55.0963 5292  TPHKLOAD - detected UnsignedFile.Multi.Generic (1)
15:43:55.0963 5292  [ 9E6E4A9789F76593CC5A6A5AF8FC5929 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
15:43:55.0978 5292  TPHKSVC - ok
15:43:55.0978 5292  [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM             C:\Windows\system32\drivers\tpm.sys
15:43:56.0009 5292  TPM - ok
15:43:56.0009 5292  [ C16EC6A5390904D3971179553852025B ] TPPWRIF         C:\Windows\system32\drivers\Tppwr32v.sys
15:43:56.0025 5292  TPPWRIF - ok
15:43:56.0025 5292  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:43:56.0056 5292  TrkWks - ok
15:43:56.0072 5292  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:43:56.0103 5292  TrustedInstaller - ok
15:43:56.0134 5292  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:43:56.0165 5292  tssecsrv - ok
15:43:56.0197 5292  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:43:56.0212 5292  TsUsbFlt - ok
15:43:56.0228 5292  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:43:56.0259 5292  tunnel - ok
15:43:56.0290 5292  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:43:56.0306 5292  uagp35 - ok
15:43:56.0337 5292  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:43:56.0368 5292  udfs - ok
15:43:56.0384 5292  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:43:56.0399 5292  UI0Detect - ok
15:43:56.0431 5292  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:43:56.0431 5292  uliagpkx - ok
15:43:56.0446 5292  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:43:56.0477 5292  umbus - ok
15:43:56.0493 5292  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:43:56.0509 5292  UmPass - ok
15:43:56.0509 5292  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
15:43:56.0540 5292  UmRdpService - ok
15:43:56.0571 5292  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:43:56.0618 5292  upnphost - ok
15:43:56.0633 5292  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:43:56.0649 5292  usbccgp - ok
15:43:56.0680 5292  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:43:56.0696 5292  usbcir - ok
15:43:56.0711 5292  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:43:56.0711 5292  usbehci - ok
15:43:56.0727 5292  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:43:56.0774 5292  usbhub - ok
15:43:56.0789 5292  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:43:56.0789 5292  usbohci - ok
15:43:56.0821 5292  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:43:56.0836 5292  usbprint - ok
15:43:56.0867 5292  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:43:56.0883 5292  usbscan - ok
15:43:56.0899 5292  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:43:56.0914 5292  USBSTOR - ok
15:43:56.0914 5292  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:43:56.0930 5292  usbuhci - ok
15:43:56.0930 5292  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
15:43:56.0977 5292  UxSms - ok
15:43:56.0977 5292  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
15:43:56.0992 5292  VaultSvc - ok
15:43:56.0992 5292  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:43:57.0008 5292  vdrvroot - ok
15:43:57.0039 5292  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
15:43:57.0101 5292  vds - ok
15:43:57.0133 5292  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:43:57.0148 5292  vga - ok
15:43:57.0148 5292  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:43:57.0179 5292  VgaSave - ok
15:43:57.0195 5292  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:43:57.0211 5292  vhdmp - ok
15:43:57.0226 5292  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:43:57.0242 5292  viaagp - ok
15:43:57.0242 5292  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
15:43:57.0257 5292  ViaC7 - ok
15:43:57.0289 5292  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
15:43:57.0304 5292  viaide - ok
15:43:57.0320 5292  [ F4C327CEA220C858E057FD82C6D803EA ] VmbService      C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
15:43:57.0320 5292  VmbService ( UnsignedFile.Multi.Generic ) - warning
15:43:57.0320 5292  VmbService - detected UnsignedFile.Multi.Generic (1)
15:43:57.0335 5292  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
15:43:57.0351 5292  vmbus - ok
15:43:57.0351 5292  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
15:43:57.0367 5292  VMBusHID - ok
15:43:57.0367 5292  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:43:57.0382 5292  volmgr - ok
15:43:57.0398 5292  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:43:57.0429 5292  volmgrx - ok
15:43:57.0429 5292  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:43:57.0460 5292  volsnap - ok
15:43:57.0523 5292  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:43:57.0538 5292  vsmraid - ok
15:43:57.0585 5292  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
15:43:57.0647 5292  VSS - ok
15:43:57.0663 5292  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
15:43:57.0679 5292  vwifibus - ok
15:43:57.0710 5292  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
15:43:57.0741 5292  W32Time - ok
15:43:57.0772 5292  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:43:57.0803 5292  WacomPen - ok
15:43:57.0803 5292  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:43:57.0819 5292  WANARP - ok
15:43:57.0835 5292  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:43:57.0850 5292  Wanarpv6 - ok
15:43:57.0913 5292  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:43:57.0991 5292  WatAdminSvc - ok
15:43:58.0053 5292  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
15:43:58.0131 5292  wbengine - ok
15:43:58.0147 5292  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:43:58.0178 5292  WbioSrvc - ok
15:43:58.0209 5292  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:43:58.0225 5292  wcncsvc - ok
15:43:58.0240 5292  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:43:58.0271 5292  WcsPlugInService - ok
15:43:58.0287 5292  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:43:58.0303 5292  Wd - ok
15:43:58.0318 5292  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:43:58.0349 5292  Wdf01000 - ok
15:43:58.0349 5292  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:43:58.0381 5292  WdiServiceHost - ok
15:43:58.0381 5292  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:43:58.0396 5292  WdiSystemHost - ok
15:43:58.0412 5292  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
15:43:58.0443 5292  WebClient - ok
15:43:58.0459 5292  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:43:58.0490 5292  Wecsvc - ok
15:43:58.0505 5292  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:43:58.0537 5292  wercplsupport - ok
15:43:58.0537 5292  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:43:58.0568 5292  WerSvc - ok
15:43:58.0568 5292  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:43:58.0599 5292  WfpLwf - ok
15:43:58.0615 5292  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:43:58.0615 5292  WIMMount - ok
15:43:58.0646 5292  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:43:58.0677 5292  winachsf - ok
15:43:58.0693 5292  WinHttpAutoProxySvc - ok
15:43:58.0708 5292  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:43:58.0739 5292  Winmgmt - ok
15:43:58.0786 5292  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
15:43:58.0849 5292  WinRM - ok
15:43:58.0849 5292  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
15:43:58.0880 5292  WinUsb - ok
15:43:58.0911 5292  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:43:58.0973 5292  Wlansvc - ok
15:43:58.0989 5292  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:43:59.0005 5292  WmiAcpi - ok
15:43:59.0036 5292  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:43:59.0067 5292  wmiApSrv - ok
15:43:59.0114 5292  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:43:59.0161 5292  WMPNetworkSvc - ok
15:43:59.0176 5292  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:43:59.0207 5292  WPCSvc - ok
15:43:59.0207 5292  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:43:59.0239 5292  WPDBusEnum - ok
15:43:59.0254 5292  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:43:59.0285 5292  ws2ifsl - ok
15:43:59.0285 5292  WSearch - ok
15:43:59.0301 5292  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:43:59.0332 5292  WudfPf - ok
15:43:59.0332 5292  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:43:59.0363 5292  WUDFRd - ok
15:43:59.0363 5292  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:43:59.0395 5292  wudfsvc - ok
15:43:59.0441 5292  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:43:59.0473 5292  WwanSvc - ok
15:43:59.0473 5292  [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
15:43:59.0488 5292  XAudio - ok
15:43:59.0504 5292  [ 15A317674A08DF26BE65164D959E9203 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
15:43:59.0519 5292  XAudioService - ok
15:43:59.0551 5292  [ 966756D861161FCC04D8051F210B942F ] ZTEusbmdm6k     C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:43:59.0566 5292  ZTEusbmdm6k - ok
15:43:59.0582 5292  [ 966756D861161FCC04D8051F210B942F ] ZTEusbnmea      C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
15:43:59.0597 5292  ZTEusbnmea - ok
15:43:59.0597 5292  [ 966756D861161FCC04D8051F210B942F ] ZTEusbser6k     C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
15:43:59.0613 5292  ZTEusbser6k - ok
15:43:59.0629 5292  [ 966756D861161FCC04D8051F210B942F ] ZTEusbvoice     C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
15:43:59.0644 5292  ZTEusbvoice - ok
15:43:59.0644 5292  [ 6C26A5776A1913B5458B4BED50FAF47F ] ZTEusbwwan      C:\Windows\system32\DRIVERS\ZTEusbwwan.sys
15:43:59.0675 5292  ZTEusbwwan - ok
15:43:59.0691 5292  ================ Scan global ===============================
15:43:59.0691 5292  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:43:59.0722 5292  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
15:43:59.0722 5292  [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
15:43:59.0722 5292  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:43:59.0738 5292  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:43:59.0738 5292  [Global] - ok
15:43:59.0738 5292  ================ Scan MBR ==================================
15:43:59.0753 5292  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
15:44:00.0221 5292  \Device\Harddisk1\DR1 - ok
15:44:00.0221 5292  ================ Scan VBR ==================================
15:44:00.0221 5292  [ 65A437FA4C1C7030D9CE2870BC5CA583 ] \Device\Harddisk1\DR1\Partition1
15:44:00.0221 5292  \Device\Harddisk1\DR1\Partition1 - ok
15:44:00.0221 5292  ============================================================
15:44:00.0221 5292  Scan finished
15:44:00.0221 5292  ============================================================
15:44:00.0237 5308  Detected object count: 5
15:44:00.0237 5308  Actual detected object count: 5
15:44:26.0211 5308  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
15:44:26.0211 5308  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
15:44:26.0211 5308  CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:26.0211 5308  CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:26.0211 5308  KMWDSERVICE ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:26.0211 5308  KMWDSERVICE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:26.0211 5308  TPHKLOAD ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:26.0211 5308  TPHKLOAD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:44:26.0211 5308  VmbService ( UnsignedFile.Multi.Generic ) - skipped by user
15:44:26.0211 5308  VmbService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Schöne Grüße
Lena

Antwort

Themen zu Live Security Platinum - vollständig entfernen
application/pdf:, avg secure search, avg security toolbar, daten löschen, einstellung, entfernen, iexplore.exe, langs, programm, registry, rogue.livesecurityplatinum, rootkit.0access, secure search, security, software, tracker, trojan.agent.vgenx, trojan.zaccess, vodafone, vollständig entfernen, vtoolbarupdater



Ähnliche Themen: Live Security Platinum - vollständig entfernen


  1. Live Security Platinum entfernen
    Log-Analyse und Auswertung - 04.10.2012 (31)
  2. Live Security Platinum komplett entfernen
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (3)
  3. Live Security Platinum 3.6.1 vollständig entfernt?
    Log-Analyse und Auswertung - 14.08.2012 (24)
  4. Live Security Platinum - Wie Entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (29)
  5. "Live Security Platinum" vollständig entfernt? Logs anbei.
    Log-Analyse und Auswertung - 03.08.2012 (33)
  6. Entfernen von Live Security Platinum erfolgreich?
    Log-Analyse und Auswertung - 29.07.2012 (11)
  7. Log Files nach Entfernen von Live Security Platinum - Was muss ich nun noch tun?
    Log-Analyse und Auswertung - 27.07.2012 (9)
  8. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (1)
  9. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (1)
  10. Live Security Platinum wieder entfernen?
    Log-Analyse und Auswertung - 24.07.2012 (27)
  11. Live Security Platinum entfernen
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (1)
  12. Entfernen von Live Security Platinum erfolgreich? (inkl. Logs)
    Log-Analyse und Auswertung - 22.07.2012 (4)
  13. Live Security Platinum entfernen - hier mein Malwarebytes scan
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  14. Live Security Platinum entfernen
    Mülltonne - 18.07.2012 (0)
  15. Live Security Platinum vollständig entfernt?
    Log-Analyse und Auswertung - 16.07.2012 (1)
  16. Live Security Platinum lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  17. Live Security Platinum entfernen
    Anleitungen, FAQs & Links - 01.06.2012 (2)

Zum Thema Live Security Platinum - vollständig entfernen - Hi! Leider habe ich diesen Live Security Platinum Virus auf meinem Rechner. Es wäre sehr nett, wenn Ihr mir helfen und sagen könntet, was ich tun soll, damit der Virus - Live Security Platinum - vollständig entfernen...
Archiv
Du betrachtest: Live Security Platinum - vollständig entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.