Hallo zusammen,

der Trojaner TR/Crypt.ZPACK.Gen2 verursacht auf meinem neuen Notebook Ärger.
Antivir hat ihn in Quarantäne verschoben, durch Wiederherstellung hab ich das System einigermassen wieder zum laufen gebracht.
Trotzdem sind Ordner verschwunden und Programme zerschossen.

Nun hat Antivir aber noch weiteres gefunden:
JAVA/Agent.JP und
WORM/Lohack.C

Gerade auch im abgesicherten Modus mit Antivir gescannt, kein Fund.

Vermutlich sitzen die Viecher aber noch irgendwo, deshalb würde ich mich über Hilfe freuen, Danke schonmal.

Mein System:
Lenovo ThinkPad T510i mit Windows 7 Prof 64 Bit.

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles hier in den Thread.

hallo,
hier mal der Malwarebytes scan:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6229

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.03.2011 23:19:26
mbam-log-2011-03-31 (23-19-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 327307
Laufzeit: 47 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und hier die beiden von OTL:

[COLOR="Blue"]OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 31.03.2011 23:23:03 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 21,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 41,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221,95 Gb Total Space | 148,92 Gb Free Space | 67,10% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 1,83 Gb Free Space | 18,70% Space Free | Partition Type: NTFS
 
Computer Name: THINKPAD | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Scheerer Martin_2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlkd.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Programme\Lenovo\HOTKEY\tpnumlk.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Scheerer Martin_2\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SUService) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS ()
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1kexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV - (PCDSRVC{127174DC-C366ED8B-06020101}_0) -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010.12.03 07:30:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010.12.03 07:30:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010.12.03 07:30:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.27 14:48:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.27 14:48:50 | 000,000,000 | ---D | M]
 
[2011.03.21 13:40:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.30 23:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b7j4du3v.default\extensions
[2011.03.30 23:35:34 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\b7j4du3v.default\extensions\toolbar@gmx.net
[2011.03.27 14:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.21 20:17:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.27 14:48:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.03.27 14:48:51 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net
File not found (No name found) -- 
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B7J4DU3V.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.03.21 20:17:44 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe ()
O4 - HKLM..\Run: [PWMTRV]  File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{c8ea6ede-fe97-11df-b6cb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ea6ede-fe97-11df-b6cb-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.31 22:29:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.03.31 22:29:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.03.31 22:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.31 22:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.31 22:29:11 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.03.31 22:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.03.31 14:59:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2011.03.30 23:41:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gsak
[2011.03.30 22:24:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.03.30 22:22:52 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.03.30 22:22:52 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.03.30 20:58:21 | 000,000,000 | ---D | C] -- C:\Users\***n\AppData\Roaming\Avira
[2011.03.30 17:41:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Update
[2011.03.30 15:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2011.03.30 15:48:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.03.30 14:09:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindSolutions
[2011.03.27 17:22:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Canneverbe Limited
[2011.03.27 17:21:23 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2011.03.25 13:17:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2011.03.24 10:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.03.23 12:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.03.23 00:51:23 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011.03.23 00:51:23 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011.03.23 00:51:22 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011.03.23 00:51:22 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011.03.23 00:51:22 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011.03.23 00:51:22 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011.03.23 00:51:22 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011.03.23 00:51:22 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011.03.23 00:51:16 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2011.03.22 22:13:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GARMIN
[2011.03.22 20:57:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Garmin
[2011.03.22 20:51:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Mein Garmin
[2011.03.22 20:49:22 | 000,017,536 | ---- | C] (GARMIN Corp.) -- C:\Windows\SysNative\drivers\grmn0200.sys
[2011.03.22 20:49:22 | 000,017,024 | ---- | C] (Walter Oney Software) -- C:\Windows\SysNative\drivers\grmngen.sys
[2011.03.22 20:49:22 | 000,016,512 | ---- | C] (GARMIN Corp.) -- C:\Windows\SysNative\drivers\grmn0400.sys
[2011.03.22 20:49:22 | 000,011,776 | ---- | C] (GARMIN Corp.) -- C:\Windows\SysNative\drivers\grmn1200.sys
[2011.03.22 20:49:22 | 000,007,296 | ---- | C] (GARMIN Corp.) -- C:\Windows\SysNative\drivers\grmnusb.sys
[2011.03.22 20:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2011.03.22 20:46:46 | 000,000,000 | ---D | C] -- C:\Garmin
[2011.03.22 20:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karsten Bilderschau
[2011.03.22 20:18:53 | 001,680,896 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\vcl100.bpl
[2011.03.22 20:18:53 | 000,857,088 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\xmlrtl100.bpl
[2011.03.22 20:18:53 | 000,843,264 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\rtl100.bpl
[2011.03.22 20:18:53 | 000,287,744 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\dbrtl100.bpl
[2011.03.22 20:18:53 | 000,198,656 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\vclx100.bpl
[2011.03.22 20:18:53 | 000,098,304 | ---- | C] (Borland Software Corporation) -- C:\Windows\SysWow64\vcljpg100.bpl
[2011.03.22 20:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Karsten Bilderschau
[2011.03.22 18:23:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc
[2011.03.22 18:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IZArc
[2011.03.22 11:15:43 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.2
[2011.03.22 11:15:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIMPshop
[2011.03.22 11:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMPshop
[2011.03.22 11:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMPshop
[2011.03.22 10:41:14 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.03.22 10:41:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.03.22 10:41:13 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.03.22 10:41:13 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.03.22 10:41:13 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.03.22 10:41:13 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.03.22 10:41:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.03.22 10:41:12 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.03.22 10:41:12 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.03.22 10:41:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.03.22 10:41:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.03.22 10:41:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.03.22 10:41:03 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.22 10:41:03 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.22 10:41:03 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.22 10:41:02 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.22 10:41:02 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.22 10:41:02 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.22 10:41:02 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.22 10:41:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.22 10:40:44 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2011.03.22 10:40:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011.03.22 10:40:42 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2011.03.22 10:40:38 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011.03.22 10:40:38 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011.03.22 10:40:38 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011.03.22 10:40:38 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2011.03.22 10:40:37 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011.03.22 10:40:37 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011.03.22 10:40:37 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2011.03.22 10:40:37 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2011.03.22 10:40:35 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2011.03.22 10:40:14 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2011.03.22 10:40:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.03.22 10:40:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011.03.22 10:40:09 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2011.03.22 10:39:59 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.03.22 10:39:59 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.03.22 10:39:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.03.22 10:39:58 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.03.22 10:39:58 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.03.22 10:39:57 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.03.22 10:39:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.03.22 10:39:57 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.03.22 10:39:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.03.22 10:39:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.03.22 10:39:45 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.03.22 10:39:45 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.03.22 10:39:45 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.03.22 10:39:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.03.22 10:39:41 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.03.22 10:39:31 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.03.22 10:39:31 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.22 10:39:31 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.03.22 10:39:31 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.22 10:39:31 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.22 10:39:30 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.22 10:39:27 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.03.22 10:39:26 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.03.22 10:39:26 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.03.22 10:39:25 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.03.22 10:39:25 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.03.22 10:39:25 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.03.22 10:39:25 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.03.22 10:39:24 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.03.22 10:39:24 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.03.22 10:39:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.03.22 10:39:08 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011.03.22 10:39:08 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011.03.22 10:38:55 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.03.22 10:38:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.03.22 10:38:55 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.03.22 10:38:40 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2011.03.22 10:38:39 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2011.03.22 10:38:23 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.03.22 10:38:22 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.03.22 10:38:21 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.03.22 10:38:21 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.03.22 10:38:15 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.03.22 10:38:15 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.03.22 10:38:14 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.03.22 10:38:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.03.22 10:38:08 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011.03.22 10:38:06 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2011.03.22 10:38:06 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2011.03.22 10:38:02 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.22 10:38:02 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.22 10:38:01 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.22 10:38:01 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.22 10:37:54 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2011.03.22 10:37:51 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011.03.22 10:37:50 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2011.03.22 10:37:49 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2011.03.22 10:37:47 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011.03.22 10:37:45 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.03.22 10:37:44 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.03.22 10:37:31 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2011.03.21 20:19:05 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011.03.21 20:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011.03.21 20:18:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Sun
[2011.03.21 20:17:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.03.21 20:17:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.03.21 20:17:52 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.03.21 20:17:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.03.21 20:17:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.03.21 20:17:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.03.21 20:15:50 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\OpenOffice.org 3.3 (de) Installation Files
[2011.03.21 18:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.03.21 18:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.03.21 16:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gsak
[2011.03.21 13:48:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.03.21 13:48:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2011.03.21 13:40:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2011.03.21 13:39:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.03.21 13:39:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2011.03.21 13:38:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2011.03.21 13:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.03.21 13:26:11 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011.03.21 13:26:11 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011.03.21 13:26:11 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011.03.21 13:26:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.03.21 13:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.03.21 13:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.03.21 13:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.21 13:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.03.21 13:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.03.21 13:24:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2011.03.21 13:24:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.03.21 13:23:58 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2011.03.21 13:23:44 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.03.21 13:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.03.21 13:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.03.21 13:23:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.03.21 13:21:57 | 000,000,000 | ---D | C] -- C:\Windows\de
[2011.03.21 13:21:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Google
[2011.03.21 13:19:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2011.03.21 13:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011.03.21 13:17:27 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbonRes.dll
[2011.03.21 13:17:27 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbonRes.dll
[2011.03.21 13:17:26 | 003,860,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIRibbon.dll
[2011.03.21 13:17:26 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIRibbon.dll
[2011.03.21 13:16:36 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.03.21 13:16:35 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.03.21 13:16:35 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.03.21 13:16:35 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.03.21 13:16:34 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.03.21 13:16:34 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.03.21 13:16:33 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.03.21 13:14:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live
[2011.03.21 12:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.03.21 12:05:34 | 000,000,000 | ---D | C] -- C:\Users\Scheerer Martin\AppData\Roaming\Intel
[2011.03.21 12:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.03.21 12:01:10 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.03.21 12:01:10 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.03.21 12:01:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2011.03.21 12:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.03.21 11:54:55 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.03.21 11:54:55 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2011.03.21 11:54:55 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.03.21 11:54:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2011.03.21 11:54:43 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2011.03.21 11:49:58 | 000,000,000 | ---D | C] -- C:\Users\***n\AppData\Roaming\Lenovo
[2011.03.21 11:47:30 | 000,000,000 | RHSD | C] -- C:\RRbackups
[2011.03.21 11:47:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2011.03.21 11:45:10 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2011.03.21 11:45:10 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2011.03.21 11:45:10 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2011.03.21 11:45:10 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2011.03.21 11:45:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2011.03.21 11:45:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2011.03.21 11:45:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.03.21 11:44:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.31 23:27:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.03.31 23:19:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.03.31 22:32:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.31 22:29:15 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.31 19:35:50 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[2011.03.31 18:04:23 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.31 18:00:24 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.31 12:11:03 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.31 12:11:03 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.31 12:10:41 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.31 12:10:41 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.31 12:10:41 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.31 12:10:41 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.31 12:10:41 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.31 12:03:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.31 12:03:03 | 1500,254,208 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.30 16:59:52 | 000,000,392 | -H-- | M] () -- C:\ProgramData\45276936
[2011.03.30 16:58:30 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~45276936r
[2011.03.30 16:58:30 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~45276936
[2011.03.27 17:21:25 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.03.27 14:48:58 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.23 12:02:17 | 000,319,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.03.22 21:40:52 | 000,000,885 | ---- | M] () -- C:\Users\***\Desktop\MapSource - Verknüpfung.lnk
[2011.03.22 20:18:54 | 000,001,002 | ---- | M] () -- C:\Users\***\Desktop\Karsten Bilderschau.lnk
[2011.03.22 18:23:06 | 000,001,840 | ---- | M] () -- C:\Users\***\Desktop\IZArc.lnk
[2011.03.22 11:15:37 | 000,001,108 | ---- | M] () -- C:\Users\***\Desktop\GIMPshop.lnk
[2011.03.21 20:19:05 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011.03.21 20:17:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.03.21 20:17:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.03.21 20:17:41 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.03.21 20:17:40 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.03.21 19:40:32 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.03.21 19:40:32 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.03.21 18:48:52 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.03.21 13:51:04 | 000,240,640 | ---- | M] () -- C:\Users\***\Desktop\verkleinerer17.exe
[2011.03.21 13:28:27 | 000,002,295 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.03.21 13:24:30 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.03.21 12:56:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.03.21 12:01:27 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.03.21 11:47:00 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\drivers\17AA_Lenovo_ThinkPad_T510_4314_A23.MRK
 
========== Files Created - No Company Name ==========
 
[2011.03.31 22:29:15 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.31 19:35:50 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2011.03.30 22:25:00 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.03.30 16:58:30 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~45276936r
[2011.03.30 16:58:28 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~45276936
[2011.03.30 16:58:08 | 000,000,392 | -H-- | C] () -- C:\ProgramData\45276936
[2011.03.27 17:21:25 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.03.27 17:21:25 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2011.03.27 14:48:58 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.22 21:40:52 | 000,000,885 | ---- | C] () -- C:\Users\***\Desktop\MapSource - Verknüpfung.lnk
[2011.03.22 20:18:54 | 000,001,002 | ---- | C] () -- C:\Users\***\Desktop\Karsten Bilderschau.lnk
[2011.03.22 18:23:06 | 000,001,840 | ---- | C] () -- C:\Users\***\Desktop\IZArc.lnk
[2011.03.22 11:15:37 | 000,001,108 | ---- | C] () -- C:\Users\***\Desktop\GIMPshop.lnk
[2011.03.21 20:19:05 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011.03.21 18:48:52 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.03.21 13:51:00 | 000,240,640 | ---- | C] () -- C:\Users\***\Desktop\verkleinerer17.exe
[2011.03.21 13:28:27 | 000,002,295 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.03.21 13:27:16 | 000,001,126 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.21 13:27:16 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.21 13:24:30 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.03.21 13:24:10 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.03.21 12:56:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.03.21 12:19:09 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.21 12:01:27 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.03.21 11:55:03 | 000,001,416 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.03.21 11:54:57 | 000,001,450 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2010.12.03 06:56:00 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.12.03 06:56:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.12.03 06:56:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.12.03 06:56:00 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.12.03 06:55:59 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 23:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 23:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 23:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >
         

--- --- ---


und

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 31.03.2011 23:23:03 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\***\Desktop
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
         

Code: Alles auswählenAufklappen

ATTFilter

 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 21,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 41,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221,95 Gb Total Space | 148,92 Gb Free Space | 67,10% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 1,83 Gb Free Space | 18,70% Space Free | Partition Type: NTFS
 
Computer Name: THINKPAD | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi-Software
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55CEDC7F-3965-47C0-AC71-40AAA418B6A5}" = ThinkVantage Fingerprint Software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{B24A47E5-F196-461E-A7A4-AADB72CB19DD}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)
"30A4777E896192B8D398199AE1AB235B69BAB26D" = Windows-Treiberpaket - Intel (HECIx64) System  (09/17/2009 6.0.0.1179)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"3C4C8BB88656F616D170176E1905526541B60FDF" = Windows-Treiberpaket - Intel (e1kexpress) Net  (06/22/2010 11.5.10.1012)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"50BEEEA1F00D30E432867EA15672212B3FB5740E" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (04/22/2010 15.0.18.0)
"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows-Treiberpaket - Intel USB  (08/20/2009 9.1.1.1020)
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows-Treiberpaket - Intel System  (10/28/2009 9.1.1.1022)
"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF" = Windows-Treiberpaket - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07)
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.02.02
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E105942-593C-4C48-AB3D-BEC2124F5FCE}" = Garmin City Navigator Europe NT 2008
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4330AAE7-1893-42F9-BC38-539A1A60530B}" = Mobile Broadband
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{641FE800-650B-4E99-A304-9D50E7235BAF}" = Topo Deutschland v2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}" = Garmin Trip and Waypoint Manager v4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery
"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.19
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF07A1C9-098F-47DD-99E0-B6558C33871B}" = Garmin MapSource
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"GIMPshop" = GIMPshop .1 beta
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"Karsten Bilderschau_is1" = Karsten Bilderschau 3.5.4
"Lenovo Welcome_is1" = Lenovo Welcome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.03.2011 13:25:40 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 27.03.2011 13:25:40 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13042
 
Error - 27.03.2011 13:25:40 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13042
 
Error - 27.03.2011 13:25:41 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 27.03.2011 13:25:41 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14040
 
Error - 27.03.2011 13:25:41 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14040
 
Error - 27.03.2011 13:25:42 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 27.03.2011 13:25:42 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15039
 
Error - 27.03.2011 13:25:42 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15039
 
Error - 27.03.2011 13:33:27 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ System Events ]
Error - 30.03.2011 03:11:56 | Computer Name = Thinkpad | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 TVT Backup Service erreicht.
 
Error - 30.03.2011 11:15:37 | Computer Name = Thinkpad | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Dienst für Schriftartencache erreicht.
 
Error - 30.03.2011 11:15:37 | Computer Name = Thinkpad | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows-Dienst für Schriftartencache" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 30.03.2011 11:16:07 | Computer Name = Thinkpad | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 30.03.2011 11:16:07 | Computer Name = Thinkpad | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 30.03.2011 11:16:07 | Computer Name = Thinkpad | Source = DCOM | ID = 10005
Description = 
 
Error - 30.03.2011 11:17:40 | Computer Name = Thinkpad | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Bluetooth Service erreicht.
 
Error - 30.03.2011 11:17:40 | Computer Name = Thinkpad | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 30.03.2011 11:24:59 | Computer Name = Thinkpad | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst iphlpsvc erreicht.
 
Error - 30.03.2011 11:26:07 | Computer Name = Thinkpad | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
 
< End of report >
         

--- --- ---


Ich hoffe das ist aussagekräftig für dich, danke schonmal.
rechner zeigt derzeit keine symptome, ausser dass einige programme zerschossen sind.

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

nein, war nur das eine drin unter "logs":

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6229

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.04.2011 15:12:42
mbam-log-2011-04-01 (15-12-42).txt

Scan type: Full scan (C:\|Q:\|)
Objects scanned: 269878
Time elapsed: 42 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.

Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Danach müssen wir noch mit OTL ran.

wahnsinn, ja, sind wieder da

nun nochmal ein OTL-scan wie vorher ?

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code: Alles auswählenAufklappen

ATTFilter

:OTL
[2011.03.30 16:58:30 | 000,000,152 | -H-- | C] () -- C:\ProgramData\~45276936r
[2011.03.30 16:58:28 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~45276936
[2011.03.30 16:58:08 | 000,000,392 | -H-- | C] () -- C:\ProgramData\45276936
[2011.03.30 16:59:52 | 000,000,392 | -H-- | M] () -- C:\ProgramData\45276936
[2011.03.30 16:58:30 | 000,000,152 | -H-- | M] () -- C:\ProgramData\~45276936r
[2011.03.30 16:58:30 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~45276936
[2011.03.30 15:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2011.03.30 23:41:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gsak
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{c8ea6ede-fe97-11df-b6cb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ea6ede-fe97-11df-b6cb-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

hi arne,
hab das fix eingespielt, hat funktioniert, danke !

wie gehts weiter ?

Hast du das Log dazu? Müsste in C:\_OTL liegen

hi arne, das müsste das log gewesen sein:


All processes killed
========== OTL ==========
C:\ProgramData\~45276936r moved successfully.
C:\ProgramData\~45276936 moved successfully.
C:\ProgramData\45276936 moved successfully.
File C:\ProgramData\45276936 not found.
File C:\ProgramData\~45276936r not found.
File C:\ProgramData\~45276936 not found.
C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}\x64 folder moved successfully.
C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3} folder moved successfully.
C:\Users\***\AppData\Roaming\gsak\UserImages folder moved successfully.
C:\Users\***\AppData\Roaming\gsak\Temp\waypoints folder moved successfully.
C:\Users\***\AppData\Roaming\gsak\Temp folder moved successfully.
C:\Users\***\AppData\Roaming\gsak\Macros folder moved successfully.
C:\Users\***\AppData\Roaming\gsak\locations folder moved successfully.
C:\Users\***\AppData\Roaming\gsak\data\GrabbedImages folder moved successfully.
C:\Users\***\AppData\Roaming\gsak\data\Default folder moved successfully.
C:\Users\***\AppData\Roaming\gsak\data folder moved successfully.
C:\Users\***\AppData\Roaming\gsak\Backup folder moved successfully.
C:\Users\***\AppData\Roaming\gsak folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Q:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8ea6ede-fe97-11df-b6cb-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8ea6ede-fe97-11df-b6cb-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8ea6ede-fe97-11df-b6cb-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8ea6ede-fe97-11df-b6cb-806e6f6e6963}\ not found.
Q:\LenovoQDrive.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: ***
->Temp folder emptied: 117336693 bytes
->Temporary Internet Files folder emptied: 39948553 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 60983332 bytes
->Flash cache emptied: 1586 bytes

User: ***_2
->Temp folder emptied: 11367814 bytes
->Temporary Internet Files folder emptied: 64578951 bytes
->Java cache emptied: 1065 bytes
->FireFox cache emptied: 254184744 bytes
->Flash cache emptied: 10837 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 97154286 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 13729307 bytes

Total Files Cleaned = 629,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04012011_203802

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

• Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

so hier das log:

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 11-04-03.01 - *** 03.04.2011  20:14:06.2.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.1908.817 [GMT 2:00]
ausgeführt von:: c:\users\***_2\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\cofi.exe
c:\cofi.exe\CF15220.cfxxe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-03 bis 2011-04-03  ))))))))))))))))))))))))))))))
.
.
2011-04-03 18:21 . 2011-04-03 18:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-03 18:21 . 2011-04-03 18:21	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2011-04-03 17:37 . 2011-04-03 17:37	--------	d-----w-	c:\program files\CCleaner
2011-04-01 18:38 . 2011-04-01 18:38	--------	d-----w-	C:\_OTL
2011-04-01 08:49 . 2011-03-23 08:11	8424784	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F315AB52-E1E9-41C4-A697-D8D817C94281}\mpengine.dll
2011-03-31 20:29 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-31 20:29 . 2011-03-31 20:29	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-31 20:29 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-31 20:29 . 2011-03-31 20:29	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-30 20:22 . 2011-03-30 20:24	--------	d-----w-	c:\program files\iTunes
2011-03-30 20:22 . 2011-03-30 20:22	--------	d-----w-	c:\program files\iPod
2011-03-30 13:48 . 2011-03-30 13:48	--------	d-----w-	c:\windows\system32\appmgmt
2011-03-30 12:09 . 2011-03-30 12:09	--------	d-----w-	c:\programdata\WindSolutions
2011-03-27 15:22 . 2011-03-27 15:22	--------	d-----w-	c:\programdata\Canneverbe Limited
2011-03-27 15:21 . 2011-03-27 15:21	--------	d-----w-	c:\program files\CDBurnerXP
2011-03-25 11:17 . 2011-03-25 11:17	--------	d-----w-	c:\program files (x86)\Garmin
2011-03-24 08:14 . 2011-03-24 08:14	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-03-23 10:09 . 2011-03-23 10:09	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2011-03-22 22:55 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-03-22 22:55 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-03-22 22:51 . 2009-11-25 11:47	99176	----a-w-	c:\windows\SysWow64\PresentationHostProxy.dll
2011-03-22 22:51 . 2009-11-25 11:47	297808	----a-w-	c:\windows\SysWow64\mscoree.dll
2011-03-22 22:51 . 2009-11-25 11:47	295264	----a-w-	c:\windows\SysWow64\PresentationHost.exe
2011-03-22 22:51 . 2009-11-25 11:47	49472	----a-w-	c:\windows\SysWow64\netfxperf.dll
2011-03-22 22:51 . 2009-11-25 11:47	48960	----a-w-	c:\windows\system32\netfxperf.dll
2011-03-22 22:51 . 2009-11-25 11:47	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2011-03-22 22:51 . 2009-11-25 11:47	109912	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2011-03-22 22:51 . 2009-11-25 11:47	444752	----a-w-	c:\windows\system32\mscoree.dll
2011-03-22 22:51 . 2009-11-25 11:47	320352	----a-w-	c:\windows\system32\PresentationHost.exe
2011-03-22 22:51 . 2009-11-25 11:47	1942856	----a-w-	c:\windows\system32\dfshim.dll
2011-03-22 22:51 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2011-03-22 22:47 . 2010-03-04 04:40	184832	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2011-03-22 22:47 . 2010-03-04 04:32	243712	----a-w-	c:\windows\system32\drivers\ks.sys
2011-03-22 18:49 . 2006-07-11 19:50	11776	----a-w-	c:\windows\system32\drivers\grmn1200.sys
2011-03-22 18:49 . 2006-04-11 19:51	16512	----a-w-	c:\windows\system32\drivers\grmn0400.sys
2011-03-22 18:49 . 2006-02-20 18:25	17536	----a-w-	c:\windows\system32\drivers\grmn0200.sys
2011-03-22 18:49 . 2003-09-23 14:42	7296	----a-w-	c:\windows\system32\drivers\grmnusb.sys
2011-03-22 18:49 . 2003-09-23 14:42	17024	----a-w-	c:\windows\system32\drivers\grmngen.sys
2011-03-22 18:46 . 2011-03-30 19:44	--------	d-----w-	C:\Garmin
2011-03-22 18:18 . 2006-03-03 16:02	843264	----a-w-	c:\windows\SysWow64\rtl100.bpl
2011-03-22 18:18 . 2006-03-03 16:02	287744	----a-w-	c:\windows\SysWow64\dbrtl100.bpl
2011-03-22 18:18 . 2006-03-03 16:02	1680896	----a-w-	c:\windows\SysWow64\vcl100.bpl
2011-03-22 18:18 . 2005-11-14 18:00	98304	----a-w-	c:\windows\SysWow64\vcljpg100.bpl
2011-03-22 18:18 . 2005-11-14 18:00	857088	----a-w-	c:\windows\SysWow64\xmlrtl100.bpl
2011-03-22 18:18 . 2005-11-14 18:00	198656	----a-w-	c:\windows\SysWow64\vclx100.bpl
2011-03-22 18:18 . 2011-03-22 18:18	--------	d-----w-	c:\program files (x86)\Karsten Bilderschau
2011-03-22 16:23 . 2011-03-22 16:24	--------	d-----w-	c:\program files (x86)\IZArc
2011-03-22 09:15 . 2011-03-22 09:15	--------	d-----w-	c:\program files (x86)\GIMPshop
2011-03-22 08:40 . 2010-10-27 05:06	2048	----a-w-	c:\windows\system32\tzres.dll
2011-03-22 08:39 . 2010-12-21 06:16	1197056	----a-w-	c:\windows\system32\wininet.dll
2011-03-22 08:38 . 2011-01-05 06:20	612352	----a-w-	c:\windows\system32\vbscript.dll
2011-03-21 18:18 . 2011-03-21 18:18	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2011-03-21 18:17 . 2011-03-21 18:17	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-03-21 18:17 . 2011-03-21 18:17	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-03-21 18:17 . 2011-03-21 18:17	--------	d-----w-	c:\program files (x86)\Java
2011-03-21 16:48 . 2011-03-30 19:40	--------	d-----w-	c:\program files (x86)\VideoLAN
2011-03-21 14:44 . 2011-03-31 14:28	--------	d-----w-	c:\program files (x86)\gsak
2011-03-21 11:26 . 2009-05-18 12:17	34152	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-21 11:26 . 2008-04-17 11:12	126312	----a-w-	c:\windows\system32\GEARAspi64.dll
2011-03-21 11:26 . 2008-04-17 11:12	107368	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2011-03-21 11:26 . 2011-03-21 11:26	--------	dc----w-	c:\windows\system32\DRVSTORE
2011-03-21 11:25 . 2011-03-30 19:41	--------	d-----w-	c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-03-21 11:25 . 2011-03-30 20:24	--------	d-----w-	c:\program files (x86)\iTunes
2011-03-21 11:24 . 2011-03-21 11:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-21 11:24 . 2011-03-21 11:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-21 11:24 . 2011-03-21 11:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-21 11:24 . 2011-03-21 11:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-21 11:24 . 2011-03-21 11:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-21 11:24 . 2011-03-21 11:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-21 11:24 . 2011-03-21 11:24	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-21 11:24 . 2011-03-30 19:40	--------	d-----w-	c:\programdata\Apple Computer
2011-03-21 11:24 . 2011-03-21 11:24	--------	d-----w-	c:\program files (x86)\QuickTime
2011-03-21 11:24 . 2011-03-21 11:24	--------	d-----w-	c:\program files (x86)\Apple Software Update
2011-03-21 11:23 . 2011-03-21 11:23	--------	d-----w-	c:\program files\Common Files\Apple
2011-03-21 11:23 . 2011-03-21 11:23	--------	d-----w-	c:\program files\Bonjour
2011-03-21 11:23 . 2011-03-21 11:23	--------	d-----w-	c:\program files (x86)\Bonjour
2011-03-21 11:23 . 2011-03-30 20:22	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2011-03-21 11:23 . 2011-03-30 19:41	--------	d-----w-	c:\programdata\Apple
2011-03-21 11:21 . 2011-03-21 11:21	--------	d-----w-	c:\windows\de
2011-03-21 11:19 . 2011-03-21 11:28	--------	d-----w-	c:\program files (x86)\Google
2011-03-21 11:17 . 2010-08-11 05:13	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2011-03-21 11:17 . 2010-08-11 04:35	1164800	----a-w-	c:\windows\SysWow64\UIRibbonRes.dll
2011-03-21 11:17 . 2010-08-11 05:19	3860992	----a-w-	c:\windows\system32\UIRibbon.dll
2011-03-21 11:17 . 2010-08-11 04:44	2983424	----a-w-	c:\windows\SysWow64\UIRibbon.dll
2011-03-21 11:16 . 2010-05-23 08:35	206848	----a-w-	c:\windows\system32\mfps.dll
2011-03-21 11:16 . 2010-05-23 10:15	1619456	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2011-03-21 11:16 . 2010-05-23 10:11	196608	----a-w-	c:\windows\SysWow64\mfreadwrite.dll
2011-03-21 11:16 . 2010-05-23 08:35	257024	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-03-21 11:16 . 2010-05-23 08:37	1888256	----a-w-	c:\windows\system32\WMVDECOD.DLL
2011-03-21 11:16 . 2010-05-23 08:35	4068864	----a-w-	c:\windows\system32\mf.dll
2011-03-21 11:16 . 2010-05-23 10:11	3181568	----a-w-	c:\windows\SysWow64\mf.dll
2011-03-21 11:15 . 2011-03-21 11:15	15712	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\575738fd1cbe7b905\MeshBetaRemover.exe
2011-03-21 10:01 . 2011-01-10 13:23	83120	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-03-21 10:01 . 2011-01-10 13:23	116568	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-21 10:01 . 2011-03-21 10:01	--------	d-----w-	c:\programdata\Avira
2011-03-21 10:01 . 2011-03-21 10:01	--------	d-----w-	c:\program files (x86)\Avira
2011-03-21 09:47 . 2011-03-30 19:41	--------	d-sh--r-	C:\RRbackups
2011-03-21 09:45 . 2011-03-30 19:44	--------	d-----w-	c:\users\***
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 11:37 . 2010-06-24 10:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-18 15:36 . 2011-02-18 15:36	51712	----a-w-	c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 15:36 . 2011-02-18 15:36	4184352	----a-w-	c:\windows\system32\usbaaplrc.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-04-03_17.59.32   )))))))))))))))))))))))))))))))))))))))))
.
- 2011-03-21 17:38 . 2011-04-03 17:37	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-21 17:38 . 2011-04-03 18:02	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-03 17:37 . 2011-04-03 17:37	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-03 17:37 . 2011-04-03 18:02	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-03 18:02	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-03 17:37	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-21 10:20 . 2011-04-03 17:11	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-21 10:20 . 2011-04-03 18:13	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-21 10:20 . 2011-04-03 18:13	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-21 10:20 . 2011-04-03 17:11	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:36 . 2011-04-03 16:58	616008              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-04-03 18:05	616008              c:\windows\system32\perfh009.dat
+ 2010-12-03 13:28 . 2011-04-03 18:05	654166              c:\windows\system32\perfh007.dat
- 2010-12-03 13:28 . 2011-04-03 16:58	654166              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-04-03 18:05	106388              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-04-03 16:58	106388              c:\windows\system32\perfc009.dat
+ 2010-12-03 13:28 . 2011-04-03 18:05	130006              c:\windows\system32\perfc007.dat
- 2010-12-03 13:28 . 2011-04-03 16:58	130006              c:\windows\system32\perfc007.dat
+ 2009-07-14 02:34 . 2011-04-03 18:08	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-04-03 17:07	10223616              c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Launch Backup Service Once"="c:\program files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe" [2009-08-28 21304]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-01 421160]
.
c:\users\Scheerer Martin_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-11 1080608]
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-12-3 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 136176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-08-24 164200]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2010-11-12 25072]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-09-29 126392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2010-04-07 93032]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-03 2533400]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2010-08-24 75112]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 11:26]
.
2011-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 11:26]
.
2011-04-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-11-12 01:34]
.
2011-04-03 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-11-12 01:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"TpShocks"="TpShocks.exe" [2010-07-01 380776]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-15 307768]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-05 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-05 415256]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://lenovo.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\b7j4du3v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-03  20:23:41
ComboFix-quarantined-files.txt  2011-04-03 18:23
ComboFix2.txt  2011-04-03 18:05
.
Vor Suchlauf: 15 Verzeichnis(se), 153.624.309.760 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 153.574.584.320 Bytes frei
.
- - End Of File - - B5B32D0AF30F8336B3DB940E88183681
         

--- --- ---

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

so, hier dieses log:

2011/04/03 20:48:03.0426 2020 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/03 20:48:04.0003 2020 ================================================================================
2011/04/03 20:48:04.0003 2020 SystemInfo:
2011/04/03 20:48:04.0003 2020
2011/04/03 20:48:04.0003 2020 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/03 20:48:04.0003 2020 Product type: Workstation
2011/04/03 20:48:04.0003 2020 ComputerName: THINKPAD
2011/04/03 20:48:04.0003 2020 UserName: ***
2011/04/03 20:48:04.0003 2020 Windows directory: C:\Windows
2011/04/03 20:48:04.0003 2020 System windows directory: C:\Windows
2011/04/03 20:48:04.0003 2020 Running under WOW64
2011/04/03 20:48:04.0003 2020 Processor architecture: Intel x64
2011/04/03 20:48:04.0003 2020 Number of processors: 4
2011/04/03 20:48:04.0003 2020 Page size: 0x1000
2011/04/03 20:48:04.0003 2020 Boot type: Normal boot
2011/04/03 20:48:04.0003 2020 ================================================================================
2011/04/03 20:48:04.0347 2020 Initialize success
2011/04/03 20:48:09.0635 5572 ================================================================================
2011/04/03 20:48:09.0635 5572 Scan started
2011/04/03 20:48:09.0635 5572 Mode: Manual;
2011/04/03 20:48:09.0635 5572 ================================================================================
2011/04/03 20:48:10.0431 5572 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/03 20:48:10.0571 5572 5U877 (708ccd77b9363f245d9f9ace480824ca) C:\Windows\system32\DRIVERS\5U877.sys
2011/04/03 20:48:10.0743 5572 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/03 20:48:10.0914 5572 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/03 20:48:11.0070 5572 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/03 20:48:11.0257 5572 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/03 20:48:11.0413 5572 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/03 20:48:11.0585 5572 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/03 20:48:11.0788 5572 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/03 20:48:11.0959 5572 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/03 20:48:12.0115 5572 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/03 20:48:12.0271 5572 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/03 20:48:12.0427 5572 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/03 20:48:12.0568 5572 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/03 20:48:12.0724 5572 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/03 20:48:12.0880 5572 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/03 20:48:13.0083 5572 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/03 20:48:13.0285 5572 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/03 20:48:13.0457 5572 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/03 20:48:13.0629 5572 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/03 20:48:13.0785 5572 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/03 20:48:13.0909 5572 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/03 20:48:14.0034 5572 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/03 20:48:14.0206 5572 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/03 20:48:14.0409 5572 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/03 20:48:14.0580 5572 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/03 20:48:14.0767 5572 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/03 20:48:14.0939 5572 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/03 20:48:15.0111 5572 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/03 20:48:15.0204 5572 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/03 20:48:15.0438 5572 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/03 20:48:15.0454 5572 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/03 20:48:15.0501 5572 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/03 20:48:15.0516 5572 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/03 20:48:15.0579 5572 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/04/03 20:48:15.0610 5572 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/03 20:48:15.0625 5572 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/04/03 20:48:15.0719 5572 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/04/03 20:48:15.0797 5572 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/04/03 20:48:15.0906 5572 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
2011/04/03 20:48:16.0000 5572 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
2011/04/03 20:48:16.0078 5572 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
2011/04/03 20:48:16.0125 5572 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
2011/04/03 20:48:16.0249 5572 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/04/03 20:48:16.0343 5572 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/03 20:48:16.0437 5572 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/03 20:48:16.0483 5572 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/03 20:48:16.0546 5572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/03 20:48:16.0671 5572 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/03 20:48:16.0702 5572 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/03 20:48:16.0764 5572 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/03 20:48:16.0858 5572 CnxtHdAudService (22bc1c27274d1cb1c3a8c14cdba0cdf2) C:\Windows\system32\drivers\CHDRT64.sys
2011/04/03 20:48:16.0967 5572 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/03 20:48:17.0029 5572 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/03 20:48:17.0092 5572 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/03 20:48:17.0154 5572 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/04/03 20:48:17.0232 5572 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/03 20:48:17.0263 5572 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/03 20:48:17.0326 5572 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/03 20:48:17.0419 5572 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/03 20:48:17.0513 5572 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/03 20:48:17.0638 5572 DzHDD64 (5bdef3faa1bfd9c9c5d3dc972049f0fa) C:\Windows\system32\DRIVERS\DzHDD64.sys
2011/04/03 20:48:17.0716 5572 e1kexpress (d2325d1ae61335e2ebadeb1b7c39cb13) C:\Windows\system32\DRIVERS\e1k62x64.sys
2011/04/03 20:48:17.0887 5572 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/03 20:48:18.0090 5572 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/03 20:48:18.0168 5572 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/03 20:48:18.0277 5572 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/03 20:48:18.0309 5572 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/03 20:48:18.0355 5572 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/03 20:48:18.0418 5572 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/03 20:48:18.0433 5572 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/03 20:48:18.0449 5572 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/03 20:48:18.0465 5572 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/03 20:48:18.0496 5572 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/03 20:48:18.0511 5572 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/03 20:48:18.0605 5572 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/03 20:48:18.0652 5572 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/03 20:48:18.0699 5572 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/03 20:48:18.0745 5572 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/03 20:48:18.0792 5572 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/03 20:48:18.0870 5572 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/03 20:48:18.0948 5572 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/04/03 20:48:18.0964 5572 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/03 20:48:18.0995 5572 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/03 20:48:19.0026 5572 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/03 20:48:19.0057 5572 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/03 20:48:19.0120 5572 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/03 20:48:19.0229 5572 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/04/03 20:48:19.0354 5572 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/03 20:48:19.0385 5572 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/03 20:48:19.0432 5572 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/03 20:48:19.0494 5572 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/03 20:48:19.0557 5572 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/03 20:48:19.0635 5572 IBMPMDRV (3761fab385f1c2f51b2fad48cfabbe9d) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/04/03 20:48:19.0915 5572 igfx (cca0460f3871d3753a881abc81141cd5) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/04/03 20:48:20.0212 5572 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/03 20:48:20.0274 5572 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/04/03 20:48:20.0352 5572 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/04/03 20:48:20.0368 5572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/03 20:48:20.0399 5572 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/03 20:48:20.0430 5572 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/03 20:48:20.0461 5572 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/03 20:48:20.0477 5572 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/03 20:48:20.0539 5572 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/03 20:48:20.0555 5572 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/03 20:48:20.0602 5572 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/03 20:48:20.0649 5572 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/03 20:48:20.0680 5572 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/03 20:48:20.0742 5572 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/03 20:48:20.0773 5572 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/03 20:48:20.0789 5572 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/03 20:48:20.0898 5572 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys
2011/04/03 20:48:20.0961 5572 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/03 20:48:21.0039 5572 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/03 20:48:21.0054 5572 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/03 20:48:21.0070 5572 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/03 20:48:21.0085 5572 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/03 20:48:21.0101 5572 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/03 20:48:21.0179 5572 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/04/03 20:48:21.0195 5572 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/03 20:48:21.0241 5572 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/03 20:48:21.0257 5572 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/03 20:48:21.0335 5572 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/03 20:48:21.0366 5572 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/03 20:48:21.0397 5572 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/03 20:48:21.0460 5572 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/03 20:48:21.0507 5572 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/03 20:48:21.0522 5572 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/03 20:48:21.0553 5572 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/03 20:48:21.0616 5572 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/03 20:48:21.0631 5572 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/03 20:48:21.0663 5572 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/03 20:48:21.0694 5572 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/03 20:48:21.0709 5572 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/03 20:48:21.0772 5572 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/03 20:48:21.0787 5572 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/03 20:48:21.0803 5572 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/03 20:48:21.0850 5572 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/03 20:48:21.0897 5572 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/03 20:48:21.0912 5572 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/03 20:48:21.0928 5572 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/03 20:48:21.0943 5572 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/03 20:48:21.0990 5572 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/03 20:48:22.0006 5572 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/03 20:48:22.0021 5572 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/03 20:48:22.0084 5572 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/03 20:48:22.0177 5572 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/03 20:48:22.0255 5572 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/03 20:48:22.0287 5572 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/03 20:48:22.0302 5572 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/03 20:48:22.0333 5572 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/03 20:48:22.0349 5572 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/03 20:48:22.0427 5572 Netaapl (307bc83250fc8e3b2878d81e7d760299) C:\Windows\system32\DRIVERS\netaapl64.sys
2011/04/03 20:48:22.0458 5572 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/03 20:48:22.0474 5572 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/03 20:48:22.0645 5572 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/04/03 20:48:22.0973 5572 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
2011/04/03 20:48:23.0223 5572 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/03 20:48:23.0301 5572 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/03 20:48:23.0316 5572 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/03 20:48:23.0394 5572 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
2011/04/03 20:48:23.0441 5572 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/03 20:48:23.0503 5572 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/03 20:48:23.0535 5572 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/03 20:48:23.0581 5572 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/03 20:48:23.0597 5572 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/03 20:48:23.0628 5572 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/03 20:48:23.0659 5572 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/03 20:48:23.0784 5572 PCDSRVC{127174DC-C366ED8B-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\pc-doctor\pcdsrvc_x64.pkms
2011/04/03 20:48:23.0956 5572 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/03 20:48:24.0112 5572 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/03 20:48:24.0221 5572 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/03 20:48:24.0252 5572 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/03 20:48:24.0299 5572 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/03 20:48:24.0564 5572 pmxdrv (0bee791c7c7ace453c134e73633c497d) C:\Windows\system32\drivers\pmxdrv.sys
2011/04/03 20:48:24.0861 5572 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/03 20:48:25.0063 5572 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/03 20:48:25.0282 5572 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
2011/04/03 20:48:25.0516 5572 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/03 20:48:25.0734 5572 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/03 20:48:25.0968 5572 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/03 20:48:26.0140 5572 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/03 20:48:26.0311 5572 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/03 20:48:26.0483 5572 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/03 20:48:26.0561 5572 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/03 20:48:26.0592 5572 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/03 20:48:26.0639 5572 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/03 20:48:26.0655 5572 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/03 20:48:26.0670 5572 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/03 20:48:26.0717 5572 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/03 20:48:26.0764 5572 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/04/03 20:48:26.0795 5572 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/03 20:48:26.0826 5572 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/03 20:48:26.0842 5572 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/03 20:48:26.0951 5572 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
2011/04/03 20:48:27.0045 5572 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/04/03 20:48:27.0138 5572 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
2011/04/03 20:48:27.0247 5572 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/03 20:48:27.0279 5572 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/03 20:48:27.0310 5572 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/03 20:48:27.0325 5572 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/03 20:48:27.0403 5572 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/03 20:48:27.0481 5572 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/03 20:48:27.0559 5572 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/03 20:48:27.0606 5572 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/03 20:48:27.0637 5572 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/03 20:48:27.0731 5572 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/03 20:48:27.0747 5572 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/03 20:48:27.0778 5572 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/03 20:48:27.0809 5572 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/03 20:48:27.0934 5572 Shockprf (29e316de2c0261c30c08f872032c53a2) C:\Windows\system32\DRIVERS\Apsx64.sys
2011/04/03 20:48:27.0996 5572 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/03 20:48:28.0027 5572 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/03 20:48:28.0059 5572 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/03 20:48:28.0152 5572 smihlp (c5b1a19b14f19b08ae72fcb20a3075b6) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
2011/04/03 20:48:28.0355 5572 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/03 20:48:28.0464 5572 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/03 20:48:28.0667 5572 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/03 20:48:28.0854 5572 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/04/03 20:48:28.0963 5572 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/04/03 20:48:29.0026 5572 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/04/03 20:48:29.0104 5572 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/03 20:48:29.0197 5572 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/03 20:48:29.0260 5572 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/03 20:48:29.0307 5572 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/03 20:48:29.0353 5572 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/03 20:48:29.0447 5572 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/03 20:48:29.0572 5572 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/03 20:48:29.0712 5572 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/03 20:48:29.0775 5572 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/03 20:48:29.0821 5572 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/03 20:48:29.0837 5572 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/03 20:48:29.0853 5572 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/03 20:48:29.0899 5572 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/03 20:48:30.0118 5572 TPDIGIMN (8b359a7f4c715b84c76de3c5167797c5) C:\Windows\system32\DRIVERS\ApsHM64.sys
2011/04/03 20:48:30.0227 5572 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
2011/04/03 20:48:30.0399 5572 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys
2011/04/03 20:48:30.0492 5572 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/03 20:48:30.0679 5572 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/03 20:48:30.0867 5572 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys
2011/04/03 20:48:31.0054 5572 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
2011/04/03 20:48:31.0132 5572 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/03 20:48:31.0179 5572 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/03 20:48:31.0257 5572 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/03 20:48:31.0303 5572 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/03 20:48:31.0335 5572 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/03 20:48:31.0428 5572 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/04/03 20:48:31.0491 5572 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/03 20:48:31.0537 5572 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/03 20:48:31.0584 5572 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/03 20:48:31.0740 5572 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/03 20:48:31.0818 5572 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/03 20:48:31.0943 5572 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/03 20:48:32.0099 5572 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/03 20:48:32.0193 5572 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/03 20:48:32.0380 5572 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/03 20:48:32.0505 5572 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/03 20:48:32.0723 5572 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/03 20:48:32.0801 5572 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/03 20:48:32.0863 5572 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/03 20:48:32.0895 5572 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/03 20:48:32.0941 5572 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/03 20:48:32.0957 5572 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/03 20:48:33.0019 5572 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/03 20:48:33.0035 5572 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/03 20:48:33.0082 5572 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/03 20:48:33.0129 5572 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/03 20:48:33.0160 5572 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/03 20:48:33.0269 5572 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/03 20:48:33.0441 5572 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/03 20:48:33.0503 5572 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/03 20:48:33.0565 5572 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 20:48:33.0597 5572 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/03 20:48:33.0737 5572 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/03 20:48:33.0831 5572 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/03 20:48:34.0049 5572 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/03 20:48:34.0111 5572 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/03 20:48:34.0189 5572 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/04/03 20:48:34.0423 5572 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/03 20:48:34.0548 5572 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/03 20:48:34.0689 5572 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/03 20:48:34.0735 5572 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/03 20:48:34.0782 5572 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/03 20:48:34.0845 5572 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/04/03 20:48:34.0938 5572 ================================================================================
2011/04/03 20:48:34.0938 5572 Scan finished
2011/04/03 20:48:34.0938 5572 ================================================================================
2011/04/03 20:48:54.0906 4196 Deinitialize success