Trojaner-Board - Windows blockiert - Zahlen und herunterladen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows blockiert - Zahlen und herunterladen (https://www.trojaner-board.de/109680-windows-blockiert-zahlen-herunterladen.html)

Windows blockiert - Zahlen und herunterladen

Hallo,

während ich meinen Rechner genutzt habe (Windows 7), wurde die Bildschirm schwarz und folgende Meldung wurde angezeigt:

"Achtung!
Aus Sicherheitsgründen wurde ihr Windowssytem blockiert."

weiter unten befindet sich dann ein Button mit der Aufschrift:
"Bezahlen und Runterladen"

Ein Avira Viren Scan im abgesicherten Modus hat dann das folgende Ergebnis geliefert:
Die Datei 'C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\5e5659d2-560c6b1f'
enthielt einen Virus oder unerwünschtes Programm 'EXP/CVE-2011-3544' [exploit].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ae6904c.qua' verschoben!

Leider taucht die Meldung weiterhin auf, wenn ich den Rechner neu starte.

Bei der Recherche bin ich auf dieses Forum gestoßen und habe mit OTL die empfohlenen txts erstellt und angehangen. Hinweise auf Benutzer und Computername habe ich mit *** ersetzt.

Vielen Dank für eure Hilfe!
Seppel3

Zitat:

Boot Mode: SafeMode with Networking |

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo Cosinus, vielen Dank für deine Antwort!

Malwarebytes hat Trojaner gefunden und beseitigt.

Danach konnte ich Windows auch wieder im normalen Modus starten.

ESET läuft noch und hat aber auch schon eine Infektion gefunden:
a variant of MSIL/Injectior.CL trojan

Kann ich mit ESET die Infektionen direkt bedseitigen?

Vielen Dank und beste Grüße,
Seppel3

Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.02.12.04

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Flo :: FLO_MOBIL [Administrator]

Schutz: Deaktiviert

12/02/2012 17:19:51
mbam-log-2012-02-12 (17-19-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 533424
Laufzeit: 1 Stunde(n), 17 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ffdwnd (Trojan.VUPX.MTS1) -> Daten: C:\Users\Flo\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\Flo\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.VUPX.MTS1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Flo\AppData\Local\Temp\ms0cfg32.exe (Trojan.VUPX.MTS1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Flo\Downloads\SoftonicDownloader_fuer_ac3filter.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Zitat:

Kann ich mit ESET die Infektionen direkt bedseitigen?

Nein steht doch da, dass du das nicht machen sollst! Erst das Log posten, dann entscheiden wir was gelöscht werden soll. Nur bei Malwarebytes sollst du immer alle Funde entfernen

Hallo Arne,

hier also das Log, vielen Dank!

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=66e99c2e2ab8bc41b771163bcb93c457
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-13 12:28:19
# local_time=2012-02-13 01:28:19 (+0100, Mitteleuropäische Zeit)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 32336 65602983 364201 0
# compatibility_mode=5893 16776573 100 94 0 80699577 0 0
# compatibility_mode=8192 67108863 100 0 3855 3855 0 0
# scanned=296915
# found=13
# cleaned=0
# scan_time=23192
C:\$Recycle.Bin\S-1-5-21-1047265912-43125369-1435325219-7572\$ROVRRWN\Lexware Taxman\CD1\TAXMAN2011.iso a variant of MSIL/Injector.CI trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\Local\Temp\9D6E5345-BAB0-7891-8D5F-107690E2ADB4\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader38341.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader_fuer_foxit-pdf-reader.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\SoftonicDownloader_fuer_testdisk.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\Downloads\WinMaximizer2011.exe a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I

geht der normale Modus wieder?

ja, windows ließ sich schon nach der anwendung von Malwarebytes wieder im normalen modus starten (siehe oben)

Seppel3

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 13/02/2012 13:09:53 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

 

3.84 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 56.75% Memory free

7.68 Gb Paging File | 5.92 Gb Available in Paging File | 77.09% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 296.92 Gb Total Space | 85.79 Gb Free Space | 28.89% Space Free | Partition Type: NTFS

 

Computer Name: ***_MOBIL | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET)

PRC - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)

PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

PRC - C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)

PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)

PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)

PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)

PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)

PRC - C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe (Iminent)

PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)

PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Windows.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Work***w.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Services.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Business.TinyUrl.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Booster.UI.dll ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)

SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)

SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)

SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)

SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)

SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)

SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)

SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)

SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)

DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)

DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)

DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)

DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)

DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)

DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\drivers\SMIksdrv.sys (SMI)

DRV:64bit: - (qcusbnetlno2k) Gobi 2000 USB-NDIS miniport(05C6-9205) -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys (QUALCOMM Incorporated)

DRV:64bit: - (qcusbserlno2k) Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205) -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys (QUALCOMM Incorporated)

DRV:64bit: - (qcfilterlno2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9205) -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys (QUALCOMM Incorporated)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (NETw1v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)

DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)

DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=16511&babsrc=HP_ss&mntrId=600621820000000000000026c70da65f

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16511"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.fc-union-berlin.de/start/"

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.74

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&AF=16511&q="

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\***\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/06/27 08:11:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/18 15:57:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/08 19:19:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a5pre\extensions\\Components: C:\Program Files (x86)\Minefield\components [2012/01/21 19:24:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a5pre\extensions\\Plugins: C:\Program Files (x86)\Minefield\plugins [2012/01/21 19:24:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/03 16:05:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/01 19:25:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/04 10:44:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/12/01 19:25:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/06/27 08:11:13 | 000,000,000 | ---D | M]

 

[2011/08/07 18:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2010/08/18 07:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/08/07 18:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012/02/05 13:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions

[2011/12/31 00:09:45 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\ffxtlbr@Facemoods.com

[2012/02/05 12:04:54 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\plugin@yontoo.com

[2011/12/08 19:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011/12/08 19:32:32 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files (x86)\mozilla firefox\extensions\webbooster@iminent.com

[2012/01/03 16:05:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/01/03 16:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/01/10 16:49:36 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012/01/03 16:05:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/01/03 16:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011/12/31 00:09:48 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2012/01/03 16:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/01/03 16:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/01/03 16:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (IsoBuster DE Toolbar) - {134B012B-132D-4516-A786-2395828640B5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)

O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)

O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe (Iminent)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found

O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - HKCU..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" File not found

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: An OneNote s&enden - res:///105 File not found

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: An OneNote s&enden - res:///105 File not found

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.89.96.156 141.89.96.152

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.***.***.de

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07CDD6FE-4184-4C7F-88B3-80E4B498B34C}: DhcpNameServer = 141.89.64.1 141.89.65.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9210018-D55E-49B1-8474-AA855B0EA3A6}: DhcpNameServer = 141.89.96.156 141.89.96.152

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{701d95a8-21aa-11df-9348-506313c55547}\Shell - "" = AutoRun

O33 - MountPoints2\{701d95a8-21aa-11df-9348-506313c55547}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{701d95ad-21aa-11df-9348-506313c55547}\Shell - "" = AutoRun

O33 - MountPoints2\{701d95ad-21aa-11df-9348-506313c55547}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{814cdee2-22c0-11df-b628-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{814cdee2-22c0-11df-b628-00269ed9827b}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{814cdef1-22c0-11df-b628-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{814cdef1-22c0-11df-b628-00269ed9827b}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{ad692f92-2178-11df-b1db-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{ad692f92-2178-11df-b1db-00269ed9827b}\Shell\AutoRun\command - "" = D:\NokiaPCIA_Autorun.exe

O33 - MountPoints2\{ad692f9d-2178-11df-b1db-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{ad692f9d-2178-11df-b1db-00269ed9827b}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{ad692fa0-2178-11df-b1db-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{ad692fa0-2178-11df-b1db-00269ed9827b}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/12 21:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\logdateiein_trojaner

[2012/02/12 18:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/02/12 18:57:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012/02/12 16:44:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012/02/12 16:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/12 16:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/12 16:44:37 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/02/12 16:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/02/12 11:14:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012/02/11 21:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/02/05 12:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo

[2012/02/05 12:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2012/02/05 12:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012/02/05 12:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload

[2012/02/02 15:37:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

[2012/01/21 19:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield

[2012/01/21 19:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minefield

[2012/01/18 08:48:09 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2012/01/18 08:48:09 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll

[2012/01/18 08:48:08 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll

[2012/01/18 08:48:08 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2012/01/18 08:48:08 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2012/01/18 08:48:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2012/01/16 19:08:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2012/01/15 10:41:30 | 000,000,000 | ---D | C] -- C:\13_TELEMETRIE

[2011/03/14 13:16:53 | 000,016,384 | ---- | C] (Uwe Sieber) -- C:\Program Files (x86)\WinOutOfScreen.exe

[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/02/13 13:10:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/02/13 13:09:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/02/13 10:07:34 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/13 10:07:34 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/13 09:58:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/13 09:58:41 | 3092,930,560 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/12 18:57:42 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012/02/12 16:44:38 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/12 11:15:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012/02/11 21:30:47 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/02/10 23:46:03 | 001,646,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/10 23:46:03 | 000,715,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012/02/10 23:46:03 | 000,677,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/10 23:46:03 | 000,158,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012/02/10 23:46:03 | 000,128,880 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/05 12:04:28 | 000,002,421 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk

[2012/02/05 10:39:44 | 000,001,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/02/05 10:39:43 | 000,001,024 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk

[2012/01/30 16:37:06 | 000,000,108 | ---- | M] () -- C:\Users\***\release.sbx

[2012/01/30 16:37:06 | 000,000,108 | ---- | M] () -- C:\Users\***\release.sbn

[2012/01/30 16:35:22 | 000,000,100 | ---- | M] () -- C:\Users\***\release.shx

[2012/01/30 16:35:22 | 000,000,100 | ---- | M] () -- C:\Users\***\release.shp

[2012/01/30 16:35:22 | 000,000,066 | ---- | M] () -- C:\Users\***\release.dbf

[2012/01/29 08:35:55 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job

[2012/01/27 13:01:00 | 000,798,649 | ---- | M] () -- C:\Users\***\Documents\PAPER.bib

[2012/01/27 10:53:57 | 000,741,522 | ---- | M] () -- C:\Users\***\Documents\EBOOKS.bib

[2012/01/21 19:24:29 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Minefield.lnk

[2012/01/18 10:16:18 | 009,873,501 | ---- | M] () -- C:\Users\***\Desktop\63y0744_03.pdf

[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/02/12 16:44:38 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/11 21:30:47 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/02/05 12:04:28 | 000,002,421 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk

[2012/01/30 16:37:06 | 000,000,108 | ---- | C] () -- C:\Users\***\release.sbx

[2012/01/30 16:37:06 | 000,000,108 | ---- | C] () -- C:\Users\***\release.sbn

[2012/01/30 16:35:22 | 000,000,100 | ---- | C] () -- C:\Users\***\release.shx

[2012/01/30 16:35:22 | 000,000,100 | ---- | C] () -- C:\Users\***\release.shp

[2012/01/30 16:35:22 | 000,000,066 | ---- | C] () -- C:\Users\***\release.dbf

[2012/01/21 19:24:29 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Minefield.lnk

[2012/01/18 10:16:10 | 009,873,501 | ---- | C] () -- C:\Users\***\Desktop\63y0744_03.pdf

[2011/11/23 13:02:29 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2011/08/17 15:54:21 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/16 10:05:11 | 000,000,350 | ---- | C] () -- C:\Windows\Vx4SLPlayer.INI

[2011/01/21 10:58:24 | 000,007,607 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg

[2010/12/14 14:36:32 | 000,005,618 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/11/09 18:13:44 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll

[2010/10/17 18:17:10 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe

[2010/10/17 18:17:10 | 000,017,762 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat

[2010/08/04 20:13:46 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini

[2010/02/28 15:30:13 | 000,646,848 | ---- | C] () -- C:\Users\***\AppData\Local\wanancsp.dat

[2010/02/24 22:43:15 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db

[2010/02/24 20:11:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/01/28 15:29:39 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/10/07 05:12:55 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2009/10/07 05:12:45 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009/10/07 05:12:45 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009/10/07 05:12:32 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2008/02/07 09:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll

[2006/04/21 09:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll

[1997/06/25 15:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll

 
 ========== LOP Check ==========

 

[2011/01/13 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon

[2011/12/31 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent

[2010/09/30 10:26:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon

[2010/03/04 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataEast

[2011/11/05 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Data***w Systems Pty Ltd

[2010/10/17 18:28:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dBpoweramp

[2012/02/13 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox

[2011/01/03 16:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular

[2011/03/24 08:17:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESRI

[2010/12/08 09:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software

[2010/05/25 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView

[2010/03/08 15:40:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JabRef 2.5

[2010/02/24 02:18:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo

[2011/07/24 09:46:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware

[2011/07/19 07:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia

[2011/07/19 07:25:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite

[2010/02/25 14:03:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2010/02/26 23:55:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite

[2011/12/05 09:54:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr

[2011/11/23 13:54:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr

[2010/08/18 07:36:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

[2012/02/01 13:21:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tinn-R

[2011/08/07 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom

[2011/04/06 08:58:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2011/02/02 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Update

[2010/05/17 07:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vemco

[2012/01/29 08:35:55 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job

[2012/02/13 13:10:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2011/08/17 08:03:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/02/13 13:09:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2683706C
 

< End of report >

--- --- ---

und hier noch das Extra.txt

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 13/02/2012 13:09:53 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

 

3.84 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 56.75% Memory free

7.68 Gb Paging File | 5.92 Gb Available in Paging File | 77.09% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 296.92 Gb Total Space | 85.79 Gb Free Space | 28.89% Space Free | Partition Type: NTFS

 

Computer Name: ***_MOBIL | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- Reg Error: Key error. File not found

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Minefield\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1"

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "%1"

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]

"AllowOutboundDestinationUnreachable" = 1

"AllowOutboundSourceQuench" = 1

"AllowRedirect" = 1

"AllowInboundEchoRequest" = 1

"AllowInboundRouterRequest" = 1

"AllowOutboundTimeExceeded" = 1

"AllowOutboundParameterProblem" = 1

"AllowInboundTimestampRequest" = 1

"AllowInboundMaskRequest" = 1

"AllowOutboundPacketTooBig" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"Enabled" = 1

"RemoteAddresses" = 141.89.96.0/24

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings]

"AllowOutboundDestinationUnreachable" = 1

"AllowOutboundSourceQuench" = 1

"AllowRedirect" = 1

"AllowInboundEchoRequest" = 1

"AllowInboundRouterRequest" = 1

"AllowOutboundTimeExceeded" = 1

"AllowOutboundParameterProblem" = 1

"AllowInboundTimestampRequest" = 1

"AllowInboundMaskRequest" = 1

"AllowOutboundPacketTooBig" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"Enabled" = 1

"RemoteAddresses" = 141.89.96.0/24

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90

"{1FBEA8BA-D40B-48BC-85BC-EE2D5575F27C}" = Microsoft SQL Server VSS Writer

"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software

"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit

"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz

"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{7C39E0D1-E138-42B1-B083-213EC2CF7692}" = Microsoft SQL Server Native Client

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02

"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)

"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows-Treiberpaket - Intel hdc  (06/04/2009 7.0.0.1013)

"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407)

"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)

"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)

"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 7.01.0.9)

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"C: Program Files (x86) HOBOware_is1" = HOBOware 3.2.2

"CNXT_AUDIO_HDA" = Conexant CX20582 SmartAudio HD

"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430)

"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem  (02/25/2011 4.7)

"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System  (06/04/2009 1.0.0.0002)

"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"Integrated Camera" = Integrated Camera

"LENOVO.SMIIF" = Lenovo System Interface Driver

"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"OnScreenDisplay" = Anzeige am Bildschirm

"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox

"Power Management Driver" = ThinkPad Power Management Driver

"ProInst" = Intel PROSet Wireless

"R for Windows 2.14.1_is1" = R for Windows 2.14.1

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"W7DevOR" =  Registry Patch to arrange icons in Device and Printers folder of Windows 7

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{1245703E-0A41-4C00-BF3B-24273105DA32}" = Nokia PC-Internetzugang

"{136E842A-87AC-4CFA-99A0-4D5BF9114566}" = Iminent

"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility

"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 23

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD

"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver

"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth

"{31240A64-C461-4138-AD9C-5076A171E94F}" = GME

"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform

"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{588E8B59-12DA-45BE-B3D1-6742948921F0}" = VUE

"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{607A0C67-ADAC-4F9C-BF8F-C314CBCFE2F5}" = Qualcomm Gobi 2000 Package for Lenovo

"{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite

"{64665955-E1A1-4A8B-BFFA-673A95318909}" = ArcGIS Desktop 10

"{6832CA38-64C6-4166-A214-3FAABB239D6C}_is1" = XTools Pro 7.1

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{777B898F-BB2C-4A7E-8FD9-A7E251C14E9D}" = Arc Hydro Tools

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8C7750D1-ADE6-4DAD-A54E-871EB2ABFE98}" = ThinkVantage GPS

"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2

"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{9202762E-4B4C-48C9-A6CC-C27F9F85190A}" = Mobile Broadband Connect

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English

"{A5E9C317-F4F0-4EF2-AA8A-975F6E1B29DC}" = Odyssey

"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch

"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer

"{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine

"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core

"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus

"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information

"{FE4270D7-A642-49C1-9A40-854DA3F13FB2}_is1" = Moyea FLV Player version: 2.0.2.96

"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Integrated Camera

"1ClickDownload" = 1ClickDownload

"5513-1208-7298-9440" = JDownloader 0.9

"AC3Filter_is1" = AC3Filter 1.63b

"Arc Hydro Tools" = Arc Hydro Tools

"ArcGIS Desktop 10" = ArcGIS Desktop 10

"ArcGIS Desktop 10 SP1" = ArcGIS Desktop 10 Service Pack 1

"ArcGIS Desktop 10 SP2" = ArcGIS Desktop 10 Service Pack 2

"AVI Splitter_is1" = AVI Splitter

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AVS Update Manager_is1" = AVS Update Manager 1.0

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3

"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6

"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2

"C: Program Files (x86) HOBOware_is1" = HOBOware 3.0 

...C:\Program Files (x86)\HOBOware

"conduitEngine" = Conduit Engine

"DBF Converter" = DBF Converter 2.45

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup" = DivX-Setup

"ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular für Privatanwender und Unternehmer

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"facemoods" = Facemoods Toolbar

"Foxit PDF Editor" = Foxit PDF Editor

"Foxit Reader" = Foxit Reader

"GPL Ghostscript 8.63" = GPL Ghostscript 8.63

"GSview 4.9" = GSview 4.9

"HP LaserJet P1000 series" = HP LaserJet P1000 series

"IMBoosterARP" = Iminent

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = LG CyberLink PowerDVD

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer

"IrfanView" = IrfanView (remove only)

"IsoBuster_DE Toolbar" = IsoBuster DE Toolbar

"IsoBuster_is1" = IsoBuster 2.8.5

"JabRef 2.5" = JabRef 2.5

"Lenovo Welcome_is1" = Lenovo Welcome

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"Mendeley Desktop" = Mendeley Desktop 1.1.2

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"MiKTeX 2.8" = MiKTeX 2.8

"Minefield (3.7a5pre)" = Minefield (3.7a5pre)

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)

"Nokia Ovi Suite" = Nokia Ovi Suite

"Nokia PC Internet Access" = Nokia PC-Internetzugang

"Nokia PC Suite" = Nokia PC Suite

"Picasa 3" = Picasa 3

"PowerISO" = PowerISO

"ProInst" = Intel PROSet Wireless

"Python 2.4.1" = Python 2.4.1

"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3

"Python 2.5.1" = Python 2.5.1

"Quantum GIS Daphnis" = Quantum GIS Daphnis 1.2.0 Daphnis

"Quantum GIS Mimas" = Quantum GIS Mimas 1.3.0

"RAndExcelWorkbooks_is1" = R and Excel Workbooks

"RealPlayer 12.0" = RealPlayer

"RExcel_is1" = RExcel

"statconnDCOM_is1" = statconnDCOM 3.1-2B6

"SWord_is1" = SWord 0.99-3B2Beta

"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1

"Tinn-R_is1" = Tinn-R 2.3.7.1

"Tobit Radio.fx Server 1" = WDR RadioRecorder

"VLC media player" = VLC media player 2.0.0

"Vx4SLPlayer_is1" = Vx4SLPlayer 1.5.0

"WinEdt 6_is1" = WinEdt 6

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinZip Self-Extractor" = WinZip Self-Extractor

"Zattoo4" = Zattoo4 4.0.5

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 17/05/2011 09:46:42 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Application Hang | ID = 1002

Description = Programm iTunes.exe, Version 10.2.2.12 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b14    Startzeit: 

01cc1491c5a1da4e    Endzeit: 52    Anwendungspfad: C:\Program Files (x86)\iTunes\iTunes.exe
 

Berichts-ID:

   

 

Error - 17/05/2011 12:29:48 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Die Daten sind unzulässig.  .

 

Error - 17/05/2011 21:10:05 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = SideBySide | ID = 16842811

Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files

 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler

 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement

 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.

 

Error - 22/05/2011 12:02:20 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Die Daten sind unzulässig.  .

 

Error - 22/05/2011 12:02:25 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Die Daten sind unzulässig.  .

 

Error - 22/05/2011 12:04:37 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Die Daten sind unzulässig.  .

 

Error - 22/05/2011 13:00:01 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Windows Backup | ID = 4103

Description = 

 

Error - 23/05/2011 12:40:29 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Die Daten sind unzulässig.  .

 

Error - 23/05/2011 12:41:26 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Die Daten sind unzulässig.  .

 

Error - 23/05/2011 12:43:25 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.

 Fehler: Die Daten sind unzulässig.  .

 

[ Cisco AnyConnect VPN Client Events ]

Error - 13/02/2012 05:01:04 | Computer Name = ***_MOBIL | Source = vpnagent | ID = 67108866

Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp

Line:

 344 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:

 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 

 

Error - 13/02/2012 05:01:04 | Computer Name = ***_MOBIL | Source = vpnagent | ID = 67108866

Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp

Line:

 1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:

 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 

 

Error - 13/02/2012 05:01:04 | Computer Name = ***_MOBIL | Source = vpnagent | ID = 67108866

Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp

Line:

 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780

 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 

 

Error - 13/02/2012 05:01:05 | Computer Name = ***_MOBIL | Source = vpnagent | ID = 67108866

Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp

Line:

 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780

 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 

 

Error - 13/02/2012 05:01:13 | Computer Name = ***_MOBIL | Source = vpnagent | ID = 67108866

Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp

Line:

 1002 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:

 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 

 

Error - 13/02/2012 05:01:13 | Computer Name = ***_MOBIL | Source = vpnagent | ID = 67108866

Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp

Line:

 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780

 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 

 

Error - 13/02/2012 05:01:13 | Computer Name = ***_MOBIL | Source = vpnagent | ID = 67108866

Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp

Line:

 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780

 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 

 

Error - 13/02/2012 05:01:13 | Computer Name = ***_MOBIL | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp

Line:

 1020 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363

 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could

 not contact target 

 

Error - 13/02/2012 05:01:13 | Computer Name = ***_MOBIL | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:

 856 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)

Description:

 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 

 

Error - 13/02/2012 05:01:13 | Computer Name = ***_MOBIL | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:

 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)

Description:

 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 

 

[ Lenovo-Message Center Plus/Admin Events ]

Error - 22/03/2011 01:51:27 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Ein Teil des Pfades "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB\SeedDB.tag"

 konnte nicht gefunden werden. -> Exception message: Ein Teil des Pfades "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB\SeedDB.tag"

 konnte nicht gefunden werden.

 

Error - 23/03/2011 16:30:13 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = IOException -> Exception message: Der Prozess kann nicht auf die Datei

 "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin" zugreifen,

 da sie von einem anderen Prozess verwendet wird.

 

Error - 04/04/2011 10:19:23 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = IOException -> Exception message: Der Prozess kann nicht auf die Datei

 "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin" zugreifen,

 da sie von einem anderen Prozess verwendet wird.

 

Error - 04/04/2011 15:43:55 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Der Prozess kann nicht auf die Datei "C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\ServerRepositoryData.db"

 zugreifen, da sie von einem anderen Prozess verwendet wird. -> Exception message:

 Der Prozess kann nicht auf die Datei "C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\ServerRepositoryData.db"

 zugreifen, da sie von einem anderen Prozess verwendet wird.

 

Error - 04/04/2011 15:43:55 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Der Prozess kann nicht auf die Datei "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin"

 zugreifen, da sie von einem anderen Prozess verwendet wird. -> Exception message:

 Der Prozess kann nicht auf die Datei "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\LocalRepository.bin"

 zugreifen, da sie von einem anderen Prozess verwendet wird.

 

Error - 04/04/2011 15:43:55 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Die Datei "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW_1\appupdater.exe.manifest"

 konnte nicht gefunden werden. -> Exception message: Die Datei "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW_1\appupdater.exe.manifest"

 konnte nicht gefunden werden.

 

Error - 04/04/2011 15:43:56 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = IOException -> Exception message: Die Datei "LTTCheck.exe" konnte 

nicht gefunden werden.

 

Error - 04/04/2011 15:43:56 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = IOException -> Exception message: Der Prozess kann nicht auf die Datei

 "appupdater.exe.config" zugreifen, da sie von einem anderen Prozess verwendet wird.

 

Error - 04/04/2011 15:43:56 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Ein Teil des Pfades "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW_1\appupdater.exe"

 konnte nicht gefunden werden. -> Exception message: Ein Teil des Pfades "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\MCPToLTT_ROW_1\appupdater.exe"

 konnte nicht gefunden werden.

 

Error - 04/04/2011 15:43:56 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Ein Teil des Pfades "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB_1\SeedDB.tag"

 konnte nicht gefunden werden. -> Exception message: Ein Teil des Pfades "C:\ProgramData\Lenovo\MessageCenterPlus\LocalRepository\Messages\SeedDB_1\SeedDB.tag"

 konnte nicht gefunden werden.

 

[ Media Center Events ]

Error - 23/03/2011 01:52:19 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = MCUpdate | ID = 0

Description = 06:52:18 - Fehler beim Herstellen der Internetverbindung.  06:52:19 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 23/03/2011 01:52:33 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = MCUpdate | ID = 0

Description = 06:52:28 - Fehler beim Herstellen der Internetverbindung.  06:52:28 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 13/05/2011 12:41:04 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = MCUpdate | ID = 0

Description = 18:41:04 - Fehler beim Herstellen der Internetverbindung.  18:41:04 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 13/05/2011 12:41:14 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = MCUpdate | ID = 0

Description = 18:41:10 - Fehler beim Herstellen der Internetverbindung.  18:41:10 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 13/05/2011 13:41:19 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = MCUpdate | ID = 0

Description = 19:41:19 - Fehler beim Herstellen der Internetverbindung.  19:41:19 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 13/05/2011 13:41:26 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = MCUpdate | ID = 0

Description = 19:41:25 - Fehler beim Herstellen der Internetverbindung.  19:41:25 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 13/05/2011 14:41:31 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = MCUpdate | ID = 0

Description = 20:41:31 - Fehler beim Herstellen der Internetverbindung.  20:41:31 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 13/05/2011 14:41:38 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = MCUpdate | ID = 0

Description = 20:41:37 - Fehler beim Herstellen der Internetverbindung.  20:41:37 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 13/05/2011 15:41:44 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = MCUpdate | ID = 0

Description = 21:41:43 - Fehler beim Herstellen der Internetverbindung.  21:41:43 

-     Serververbindung konnte nicht hergestellt werden..  

 

Error - 13/05/2011 15:41:50 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = MCUpdate | ID = 0

Description = 21:41:49 - Fehler beim Herstellen der Internetverbindung.  21:41:49 

-     Serververbindung konnte nicht hergestellt werden..  

 

[ OSession Events ]

Error - 14/07/2011 06:49:26 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 598

 seconds with 120 seconds of active time.  This session ended with a crash.

 

Error - 14/07/2011 06:52:02 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 145

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 10/08/2011 03:32:50 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2074

 seconds with 900 seconds of active time.  This session ended with a crash.

 

Error - 19/10/2011 09:12:03 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 26691

 seconds with 480 seconds of active time.  This session ended with a crash.

 

Error - 25/10/2011 12:09:56 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6751

 seconds with 1740 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 12/02/2012 13:51:18 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = TermService | ID = 1067

Description = 

 

Error - 13/02/2012 04:58:48 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am ?13.?02.?2012 um 01:43:25 unerwartet heruntergefahren.

 

Error - 13/02/2012 04:58:54 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = NETLOGON | ID = 5719

Description = Der Computer konnte eine sichere Sitzung mit einem  Domänencontroller

 in der Domäne *** aufgrund der folgenden  Ursache nicht einrichten:   %%1311
 

Dies

 kann zu Authentifizierungsproblemen führen. Stellen  Sie sicher, dass der Computer

 mit dem Netzwerk verbunden ist.  Wenden Sie sich an den Domänenadministrator, wenn

 das Problem  weiterhin besteht.        ZUSÄTZLICHE INFORMATIONEN    Wenn dieser Computer ein 

Domänencontroller der bestimmten  Domäne ist, wird eine sichere Sitzung zum primären

Domänencontrolleremulator

 in der bestimmten Domäne eingerichtet.  Andernfalls richtet dieser Computer eine 

sichere Sitzung zu  einem beliebigen Domänencontroller in der bestimmten Domäne ein.

 

Error - 13/02/2012 04:58:56 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = Bei der Verarbeitung der Gruppenrichtlinie ist aufgrund fehlender 

Netzwerkkonnektivität mit einem Domänencontroller ein Fehler aufgetreten. Dies kann

 eine vorübergehende Bedingung sein. Es wird eine Erfolgsmeldung generiert, wenn

 die Verbindung des Computers mit dem Domänencontroller wiederhergestellt wurde 

und wenn die Gruppenrichtlinie erfolgreich verarbeitet wurde. Falls für mehrere 

Stunden keine Erfolgsmeldung angezeigt wird, wenden Sie sich an den Administrator.

 

Error - 13/02/2012 04:59:09 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Radio.fx Server" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%2

 

Error - 13/02/2012 04:59:14 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   avgio  cdrom

 

Error - 13/02/2012 05:01:50 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = DCOM | ID = 10005

Description = 

 

Error - 13/02/2012 05:01:50 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 ServiceLayer erreicht.

 

Error - 13/02/2012 05:01:50 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = Service Control Manager | ID = 7000

Description = Der Dienst "ServiceLayer" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%1053

 

Error - 13/02/2012 05:02:19 | Computer Name = ***_MOBIL.ad.***.uni-***.de | Source = TermService | ID = 1067

Description = 

 

 

< End of report >

--- --- ---

Anscheinend hast du meine Anleitung ignoriert über nur überflogen
1. war das kein CustomScan und 2.

Zitat:

Boot Mode: Normal | Scan Mode: Current user

solltest du den Haken bei alle Benutzer setzen! Die Anleitung sind nicht zur Deko da, sondern müssen genau gelesen und umgesetzt werden!

Entschuldige, war keine Absicht. Den zweiten Teil deiner Nachricht habe ich übersehen.
Ich hoffe jetzt habe ich alles richtig gemacht...

OTL Logfile:

Code:

OTL logfile created on: 13/02/2012 15:03:12 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: Großbritannien | Language: ENG | Date Format: dd/MM/yyyy

 

3.84 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 58.97% Memory free

7.68 Gb Paging File | 5.90 Gb Available in Paging File | 76.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 296.92 Gb Total Space | 84.25 Gb Free Space | 28.38% Space Free | Partition Type: NTFS

 

Computer Name: ***_MOBIL | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)

PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

PRC - C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)

PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)

PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)

PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)

PRC - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)

PRC - C:\Program Files (x86)\Iminent\IMBooster\IMBooster.exe (Iminent)

PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

PRC - C:\Programme\Lenovo\Comm***cations Utility\TPKNRSVC.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\Comm***cations Utility\TPKNRRES.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\Comm***cations Utility\CamMute.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)

PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()

MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Windows.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Work***w.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Services.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Business.TinyUrl.dll ()

MOD - C:\Program Files (x86)\Iminent\IMBooster\Iminent.Booster.UI.dll ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()

MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()

MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)

SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)

SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)

SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)

SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)

SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)

SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)

SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)

SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)

SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Comm***cations Utility\TPKNRSVC.exe (Lenovo Group Limited)

SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Comm***cations Utility\CamMute.exe (Lenovo Group Limited)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (QUALCOMM, Inc.)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)

DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)

DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)

DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)

DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)

DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)

DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)

DRV:64bit: - (ivusb) -- C:\Windows\SysNative\drivers\ivusb.sys (Initio Corporation)

DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)

DRV:64bit: - (usbsmi) -- C:\Windows\SysNative\drivers\SMIksdrv.sys (SMI)

DRV:64bit: - (qcusbnetlno2k) Gobi 2000 USB-NDIS miniport(05C6-9205) -- C:\Windows\SysNative\drivers\qcusbnetlno2k.sys (QUALCOMM Incorporated)

DRV:64bit: - (qcusbserlno2k) Gobi 2000 USB Device for Legacy Serial Comm***cation(05C6-9205) -- C:\Windows\SysNative\drivers\qcusbserlno2k.sys (QUALCOMM Incorporated)

DRV:64bit: - (qcfilterlno2k) Gobi 2000 USB Composite Device Filter Driver(05C6-9205) -- C:\Windows\SysNative\drivers\qcfilterlno2k.sys (QUALCOMM Incorporated)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (NETw1v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)

DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)

DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com

IE - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=16511&babsrc=HP_ss&mntrId=600621820000000000000026c70da65f

IE - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16511"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "hxxp://www.fc-***on-berlin.de/start/"

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.74

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&AF=16511&q="

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\***\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/06/27 08:11:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/18 15:57:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/08 19:19:14 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a5pre\extensions\\Components: C:\Program Files (x86)\Minefield\components [2012/01/21 19:24:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Minefield 3.7a5pre\extensions\\Plugins: C:\Program Files (x86)\Minefield\plugins [2012/01/21 19:24:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/03 16:05:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/01 19:25:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/04 10:44:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/12/01 19:25:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/06/27 08:11:13 | 000,000,000 | ---D | M]

 

[2011/08/07 18:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2010/08/18 07:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/08/07 18:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012/02/05 13:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions

[2011/12/31 00:09:45 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\ffxtlbr@Facemoods.com

[2012/02/05 12:04:54 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\plugin@yontoo.com

[2011/12/08 19:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011/12/08 19:32:32 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files (x86)\mozilla firefox\extensions\webbooster@iminent.com

[2012/01/03 16:05:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/01/03 16:05:30 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/01/10 16:49:36 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012/01/03 16:05:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/01/03 16:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011/12/31 00:09:48 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2012/01/03 16:05:30 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/01/03 16:05:30 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/01/03 16:05:30 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\..\Toolbar\WebBrowser: (IsoBuster DE Toolbar) - {134B012B-132D-4516-A786-2395828640B5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)

O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Comm***cations Utility\TPKNRRES.exe (Lenovo Group Limited)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)

O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe (Iminent)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found

O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\localadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\localadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\stein\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: An OneNote s&enden - res:///105 File not found

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O8:64bit: - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O8:64bit: - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: An OneNote s&enden - res:///105 File not found

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.89.96.156 141.89.96.152

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.***.***-***.de

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07CDD6FE-4184-4C7F-88B3-80E4B498B34C}: DhcpNameServer = 141.89.64.1 141.89.65.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9210018-D55E-49B1-8474-AA855B0EA3A6}: DhcpNameServer = 141.89.96.156 141.89.96.152

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{701d95a8-21aa-11df-9348-506313c55547}\Shell - "" = AutoRun

O33 - MountPoints2\{701d95a8-21aa-11df-9348-506313c55547}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{701d95ad-21aa-11df-9348-506313c55547}\Shell - "" = AutoRun

O33 - MountPoints2\{701d95ad-21aa-11df-9348-506313c55547}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{814cdee2-22c0-11df-b628-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{814cdee2-22c0-11df-b628-00269ed9827b}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{814cdef1-22c0-11df-b628-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{814cdef1-22c0-11df-b628-00269ed9827b}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{ad692f92-2178-11df-b1db-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{ad692f92-2178-11df-b1db-00269ed9827b}\Shell\AutoRun\command - "" = D:\NokiaPCIA_Autorun.exe

O33 - MountPoints2\{ad692f9d-2178-11df-b1db-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{ad692f9d-2178-11df-b1db-00269ed9827b}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{ad692fa0-2178-11df-b1db-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{ad692fa0-2178-11df-b1db-00269ed9827b}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - ***versal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard ***ppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - ***ppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - ***versal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard ***ppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - ***ppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - ***versal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard ***ppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - ***ppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - ***versal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard ***ppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - ***ppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {7EA4339F-81EB-2208-CBAE-9BBEF8EFD678} - Java (Sun)

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {923F5C72-FA28-D27E-722D-3E56F27F93CD} - Microsoft Windows Media Player

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F34CE5DF-0C81-CC77-7919-DA328C67E26C} - Java (Sun)

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codec - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/12 21:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\logdateiein_trojaner

[2012/02/12 18:57:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/02/12 18:57:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012/02/12 16:44:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012/02/12 16:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/12 16:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/02/12 16:44:37 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/02/12 16:44:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/02/12 11:14:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012/02/11 21:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2012/02/05 12:04:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo

[2012/02/05 12:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2012/02/05 12:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012/02/05 12:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload

[2012/02/02 15:37:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

[2012/01/21 19:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield

[2012/01/21 19:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minefield

[2012/01/16 19:08:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft

[2012/01/15 10:41:30 | 000,000,000 | ---D | C] -- C:\13_TELEMETRIE

[2011/03/14 13:16:53 | 000,016,384 | ---- | C] (Uwe Sieber) -- C:\Program Files (x86)\WinOutOfScreen.exe

[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/02/13 15:03:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012/02/13 15:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2012/02/13 14:55:24 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/13 14:55:24 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/13 09:58:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/02/13 09:58:41 | 3092,930,560 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/12 18:57:42 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012/02/12 16:44:38 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/12 11:15:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012/02/11 21:30:47 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/02/10 23:46:03 | 001,646,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/02/10 23:46:03 | 000,715,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012/02/10 23:46:03 | 000,677,742 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/02/10 23:46:03 | 000,158,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012/02/10 23:46:03 | 000,128,880 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/02/05 12:04:28 | 000,002,421 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk

[2012/02/05 10:39:44 | 000,001,004 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/02/05 10:39:43 | 000,001,024 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk

[2012/01/30 16:37:06 | 000,000,108 | ---- | M] () -- C:\Users\***\release.sbx

[2012/01/30 16:37:06 | 000,000,108 | ---- | M] () -- C:\Users\***\release.sbn

[2012/01/30 16:35:22 | 000,000,100 | ---- | M] () -- C:\Users\***\release.shx

[2012/01/30 16:35:22 | 000,000,100 | ---- | M] () -- C:\Users\***\release.shp

[2012/01/30 16:35:22 | 000,000,066 | ---- | M] () -- C:\Users\***\release.dbf

[2012/01/29 08:35:55 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Driver Fetch.job

[2012/01/27 13:01:00 | 000,798,649 | ---- | M] () -- C:\Users\***\Documents\PAPER.bib

[2012/01/27 10:53:57 | 000,741,522 | ---- | M] () -- C:\Users\***\Documents\EBOOKS.bib

[2012/01/21 19:24:29 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Minefield.lnk

[2012/01/18 10:16:18 | 009,873,501 | ---- | M] () -- C:\Users\***\Desktop\63y0744_03.pdf

[2 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/02/12 16:44:38 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/11 21:30:47 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk

[2012/02/05 12:04:28 | 000,002,421 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk

[2012/01/30 16:37:06 | 000,000,108 | ---- | C] () -- C:\Users\***\release.sbx

[2012/01/30 16:37:06 | 000,000,108 | ---- | C] () -- C:\Users\***\release.sbn

[2012/01/30 16:35:22 | 000,000,100 | ---- | C] () -- C:\Users\***\release.shx

[2012/01/30 16:35:22 | 000,000,100 | ---- | C] () -- C:\Users\***\release.shp

[2012/01/30 16:35:22 | 000,000,066 | ---- | C] () -- C:\Users\***\release.dbf

[2012/01/21 19:24:29 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Minefield.lnk

[2012/01/18 10:16:10 | 009,873,501 | ---- | C] () -- C:\Users\***\Desktop\63y0744_03.pdf

[2011/11/23 13:02:29 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

[2011/08/17 15:54:21 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/16 10:05:11 | 000,000,350 | ---- | C] () -- C:\Windows\Vx4SLPlayer.INI

[2011/01/21 10:58:24 | 000,007,607 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg

[2010/12/14 14:36:32 | 000,005,618 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/11/09 18:13:44 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll

[2010/10/17 18:17:10 | 006,814,952 | ---- | C] () -- C:\Windows\SysWow64\Spoon***nstall.exe

[2010/10/17 18:17:10 | 000,017,762 | ---- | C] () -- C:\Windows\SysWow64\Spoon***nstall-dBpoweramp Music Converter.dat

[2010/08/04 20:13:46 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini

[2010/02/28 15:30:13 | 000,646,848 | ---- | C] () -- C:\Users\***\AppData\Local\wanancsp.dat

[2010/02/24 22:43:15 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db

[2010/02/24 20:11:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/01/28 15:29:39 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/10/07 05:12:55 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin

[2009/10/07 05:12:45 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin

[2009/10/07 05:12:45 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[2009/10/07 05:12:32 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin

[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2008/02/07 09:05:18 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\hppatusg01.dll

[2006/04/21 09:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\HtmlHelp.dll

[1997/06/25 15:24:16 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\RegObj.dll

 
 ========== LOP Check ==========

 

[2011/01/13 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon

[2011/12/31 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent

[2010/09/30 10:26:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon

[2010/03/04 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataEast

[2011/11/05 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Data***w Systems Pty Ltd

[2010/10/17 18:28:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dBpoweramp

[2012/02/13 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox

[2011/01/03 16:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular

[2011/03/24 08:17:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESRI

[2010/12/08 09:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software

[2010/05/25 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView

[2010/03/08 15:40:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JabRef 2.5

[2010/02/24 02:18:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo

[2011/07/24 09:46:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware

[2011/07/19 07:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia

[2011/07/19 07:25:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite

[2010/02/25 14:03:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2010/02/26 23:55:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite

[2011/12/05 09:54:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr

[2011/11/23 13:54:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr

[2010/08/18 07:36:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

[2012/02/01 13:21:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tinn-R

[2011/08/07 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom

[2011/04/06 08:58:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2011/02/02 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Update

[2010/05/17 07:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vemco

[2010/09/25 12:53:05 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\BitTorrent

[2011/05/01 22:48:16 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Blitware

[2010/03/04 09:05:24 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\DataEast

[2011/09/05 22:43:06 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Dropbox

[2011/01/03 16:50:45 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\elsterformular

[2010/02/26 21:30:33 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\ESRI

[2010/12/08 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Foxit Software

[2010/03/28 13:26:05 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\IrfanView

[2010/02/26 20:36:05 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Lenovo

[2011/07/22 14:36:15 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Lexware

[2011/01/05 12:13:58 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Local

[2011/03/18 09:58:25 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Moyea

[2010/02/26 23:48:42 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Nokia

[2010/03/15 16:09:56 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\OpenOffice.org

[2010/02/26 23:32:17 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\PC Suite

[2011/07/25 08:29:32 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\PCDr

[2010/12/13 10:29:47 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Thunderbird

[2011/03/14 11:14:52 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Tinn-R

[2010/11/09 18:14:07 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Tobit

[2011/04/05 12:40:45 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\TuneUp Software

[2011/07/25 08:24:27 | 000,000,000 | ---D | M] -- C:\Users\localadmin\AppData\Roaming\Update

[2011/01/12 09:50:32 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Babylon

[2011/01/12 10:09:48 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\DataEast

[2011/01/12 10:10:08 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\ESRI

[2011/01/12 10:20:57 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Foxit Software

[2011/01/12 09:23:58 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\Lenovo

[2011/01/12 10:51:24 | 000,000,000 | ---D | M] -- C:\Users\root\AppData\Roaming\OpenOffice.org

[2011/01/12 15:41:52 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\Babylon

[2011/01/12 13:24:27 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\DataEast

[2011/03/02 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\ESRI

[2011/01/20 13:16:47 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\Foxit Software

[2011/08/02 15:28:15 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\IrfanView

[2010/12/14 14:39:43 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\Lenovo

[2011/07/26 08:38:09 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\Lexware

[2011/06/27 08:22:18 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\Nokia

[2011/06/27 08:22:20 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\Nokia Ovi Suite

[2011/02/02 12:27:41 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\OpenOffice.org

[2011/04/11 10:18:15 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\PC Suite

[2011/12/02 15:21:25 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\PwrMgr

[2011/11/16 15:55:01 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\Thunderbird

[2012/02/06 13:05:39 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\Tinn-R

[2011/04/05 13:14:17 | 000,000,000 | ---D | M] -- C:\Users\stein\AppData\Roaming\TuneUp Software

[2012/01/29 08:35:55 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Fetch.job

[2012/02/13 15:00:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2011/08/17 08:03:48 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/02/13 15:03:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010/10/17 18:18:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AccurateRip

[2010/02/25 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe

[2011/05/24 06:54:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer

[2010/12/07 11:22:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira

[2010/02/25 21:56:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AVS4YOU

[2011/01/13 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon

[2011/12/31 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BitTorrent

[2010/09/30 10:26:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon

[2010/09/21 10:05:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink

[2010/03/04 09:05:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DataEast

[2011/11/05 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Data***w Systems Pty Ltd

[2010/10/17 18:28:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dBpoweramp

[2010/11/02 23:59:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX

[2010/02/25 23:10:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Download Manager

[2012/02/13 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox

[2012/01/20 09:17:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss

[2011/01/03 16:51:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular

[2011/03/24 08:17:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ESRI

[2010/12/08 09:55:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software

[2010/02/25 21:20:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google

[2010/02/24 02:21:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities

[2011/02/02 16:35:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel

[2010/05/25 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView

[2010/03/08 15:40:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JabRef 2.5

[2010/02/24 02:18:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lenovo

[2011/07/24 09:46:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware

[2010/02/24 02:50:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia

[2012/02/12 16:44:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs

[2012/01/10 23:16:15 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft

[2010/02/24 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla

[2011/07/19 07:25:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia

[2011/07/19 07:25:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite

[2010/02/25 14:03:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2010/02/26 23:55:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite

[2011/12/05 09:54:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr

[2011/11/23 13:54:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr

[2011/08/13 12:34:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real

[2012/01/23 16:00:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype

[2011/08/29 21:35:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM

[2010/08/18 07:36:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird

[2012/02/01 13:21:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tinn-R

[2011/08/07 18:14:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom

[2011/04/06 08:58:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software

[2011/02/02 16:07:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Update

[2010/05/17 07:53:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vemco

[2012/02/11 23:28:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc

[2010/10/04 18:17:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012/01/18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012/01/18 19:54:36 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\***nstall.exe

[2009/06/22 19:03:08 | 000,048,946 | ---- | M] () -- C:\Users\***\AppData\Roaming\JabRef 2.5\JabRef.exe

[2010/03/08 15:40:30 | 000,062,536 | ---- | M] (JabRef Team) -- C:\Users\***\AppData\Roaming\JabRef 2.5\***nstall.exe

[2011/11/23 13:14:10 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}\ARPPRODUCTICON.exe

[2010/09/27 13:28:13 | 000,025,214 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ARPPRODUCTICON.exe

[2010/09/27 13:28:13 | 000,025,214 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe

[2010/09/27 13:28:13 | 000,025,214 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe

[2010/09/27 13:28:13 | 000,025,214 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe

[2010/09/27 13:28:13 | 000,025,214 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe

[2010/09/27 13:28:13 | 000,025,214 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\***NST_***nstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe

[2010/09/27 13:28:13 | 000,025,214 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\***NST_***nstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe

[2011/11/23 13:14:15 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}\ARPPRODUCTICON.exe

[2011/01/25 15:16:11 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\setup3.13\setup.exe

[2011/11/06 07:55:13 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe

[2011/11/14 14:10:24 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe

[2011/11/14 14:10:14 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe

[2011/02/02 16:08:20 | 015,608,984 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\***\AppData\Roaming\Update\patch_569208to571736_64_01\patch_569208to571736_64_01.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007/11/07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys

[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009/08/07 05:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/08/06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SWTOOLS\DRIVERS\IMSM\WIN32\IaStor.sys

[2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys

[2009/08/07 05:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4fa22a1c88c09097\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010/01/28 23:37:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_cbde32e1ee86914c\winlogon.exe

[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

[2010/01/28 23:37:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=FEFF314FF78051201309E47D90554BE8 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_cc6fd1fd079cfbce\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

[2011/11/03 23:46:47 | 009,705,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2683706C
 

< End of report >

--- --- ---
[/code]

Zitat:

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.***.***-***.de

Sagmal ist das ist Büro- bzw gewerblich genutzer Rechner?

Das ist mein privater Rechner, den ich aber gelegentlich an der Uni anstecken muss, da mein Rechner dort für manche Modellierungen nicht über genug Rechenkapazität verfügt... traurig aber wahr.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com

IE - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=16511&babsrc=HP_ss&mntrId=600621820000000000000026c70da65f

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16511"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=16511&q="

[2011/12/31 00:09:45 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\ffxtlbr@Facemoods.com

[2012/02/05 12:04:54 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\plugin@yontoo.com

[2011/01/10 16:49:36 | 000,002,226 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012/01/03 16:05:30 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/01/03 16:05:30 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011/12/31 00:09:48 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

O2 - BHO: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (IsoBuster DE Toolbar) - {134b012b-132d-4516-a786-2395828640b5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\..\Toolbar\WebBrowser: (IsoBuster DE Toolbar) - {134B012B-132D-4516-A786-2395828640B5} - C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)

O4 - HKLM..\Run: [IMBooster] C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe (Iminent)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{701d95a8-21aa-11df-9348-506313c55547}\Shell - "" = AutoRun

O33 - MountPoints2\{701d95a8-21aa-11df-9348-506313c55547}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{701d95ad-21aa-11df-9348-506313c55547}\Shell - "" = AutoRun

O33 - MountPoints2\{701d95ad-21aa-11df-9348-506313c55547}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{814cdee2-22c0-11df-b628-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{814cdee2-22c0-11df-b628-00269ed9827b}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{814cdef1-22c0-11df-b628-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{814cdef1-22c0-11df-b628-00269ed9827b}\Shell\AutoRun\command - "" = D:\AutoRun.exe

O33 - MountPoints2\{ad692f92-2178-11df-b1db-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{ad692f92-2178-11df-b1db-00269ed9827b}\Shell\AutoRun\command - "" = D:\NokiaPCIA_Autorun.exe

O33 - MountPoints2\{ad692f9d-2178-11df-b1db-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{ad692f9d-2178-11df-b1db-00269ed9827b}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{ad692fa0-2178-11df-b1db-00269ed9827b}\Shell - "" = AutoRun

O33 - MountPoints2\{ad692fa0-2178-11df-b1db-00269ed9827b}\Shell\AutoRun\command - "" = E:\AutoRun.exe

[2011/01/13 12:29:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:2683706C

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

hier also das ergebnis:

Code:

 All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{134b012b-132d-4516-a786-2395828640b5} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ not found.

File C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll not found.

HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

HKU\S-1-5-21-4067980895-3631169771-1463112313-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=16511" removed from browser.search.defaulturl

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: "hxxp://search.babylon.com/?babsrc=adbartrp&AF=16511&q=" removed from keyword.URL

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\plugin@yontoo.com\skin folder moved successfully.

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\plugin@yontoo.com\locale folder moved successfully.

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\plugin@yontoo.com\defaults folder moved successfully.

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\plugin@yontoo.com\content folder moved successfully.

C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\skd570am.default\extensions\plugin@yontoo.com folder moved successfully.

File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.

File C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml not found.

File C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml not found.

File C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{134b012b-132d-4516-a786-2395828640b5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ not found.

File C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ not found.

File C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ not found.

C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.

C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.

C:\Program Files (x86)\Iminent\IMBooster4Web\Iminent.WebBooster.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}\ deleted successfully.

C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.

C:\Program Files (x86)\Yontoo\YontooIEClient.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{134b012b-132d-4516-a786-2395828640b5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134b012b-132d-4516-a786-2395828640b5}\ not found.

File C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.

File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.

C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-4067980895-3631169771-1463112313-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{134B012B-132D-4516-A786-2395828640B5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{134B012B-132D-4516-A786-2395828640B5}\ not found.

File C:\Program Files (x86)\IsoBuster_DE\prxtbIsoB.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.

C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMBooster deleted successfully.

C:\Program Files (x86)\Iminent\IMBooster\imbooster.exe moved successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.

C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll moved successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.

File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{701d95a8-21aa-11df-9348-506313c55547}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{701d95a8-21aa-11df-9348-506313c55547}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{701d95a8-21aa-11df-9348-506313c55547}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{701d95a8-21aa-11df-9348-506313c55547}\ not found.

File D:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{701d95ad-21aa-11df-9348-506313c55547}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{701d95ad-21aa-11df-9348-506313c55547}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{701d95ad-21aa-11df-9348-506313c55547}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{701d95ad-21aa-11df-9348-506313c55547}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{814cdee2-22c0-11df-b628-00269ed9827b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{814cdee2-22c0-11df-b628-00269ed9827b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{814cdee2-22c0-11df-b628-00269ed9827b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{814cdee2-22c0-11df-b628-00269ed9827b}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{814cdef1-22c0-11df-b628-00269ed9827b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{814cdef1-22c0-11df-b628-00269ed9827b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{814cdef1-22c0-11df-b628-00269ed9827b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{814cdef1-22c0-11df-b628-00269ed9827b}\ not found.

File D:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad692f92-2178-11df-b1db-00269ed9827b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad692f92-2178-11df-b1db-00269ed9827b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad692f92-2178-11df-b1db-00269ed9827b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad692f92-2178-11df-b1db-00269ed9827b}\ not found.

File D:\NokiaPCIA_Autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad692f9d-2178-11df-b1db-00269ed9827b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad692f9d-2178-11df-b1db-00269ed9827b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad692f9d-2178-11df-b1db-00269ed9827b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad692f9d-2178-11df-b1db-00269ed9827b}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad692fa0-2178-11df-b1db-00269ed9827b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad692fa0-2178-11df-b1db-00269ed9827b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad692fa0-2178-11df-b1db-00269ed9827b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad692fa0-2178-11df-b1db-00269ed9827b}\ not found.

File E:\AutoRun.exe not found.

C:\Users\***\AppData\Roaming\Babylon\updates folder moved successfully.

C:\Users\***\AppData\Roaming\Babylon\Content\icons folder moved successfully.

C:\Users\***\AppData\Roaming\Babylon\Content folder moved successfully.

C:\Users\***\AppData\Roaming\Babylon folder moved successfully.

ADS C:\ProgramData\Temp:2683706C deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: ***

->Temp folder emptied: 1028744358 bytes

->Temporary Internet Files folder emptied: 324283259 bytes

->Java cache emptied: 40884151 bytes

->FireFox cache emptied: 54387833 bytes

->Flash cache emptied: 504 bytes

 

User: ***

->Temp folder emptied: 80135443 bytes

->Temporary Internet Files folder emptied: 39594884 bytes

->Java cache emptied: 7140 bytes

->FireFox cache emptied: 68644179 bytes

->Flash cache emptied: 2049 bytes

 

User: Public

 

User: root

->Temp folder emptied: 334846 bytes

->Temporary Internet Files folder emptied: 1029707 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 47852071 bytes

->Flash cache emptied: 809 bytes

 

User: ***

->Temp folder emptied: 179072312 bytes

->Temporary Internet Files folder emptied: 65666866 bytes

->Java cache emptied: 13988 bytes

->FireFox cache emptied: 150034285 bytes

->Flash cache emptied: 12300 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 183333575 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 758 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 2,159.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 02132012_170411
 

Files\Folders moved on Reboot...

C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ok, hier das log des TDSSKiller:

Code:

 23:05:54.0398 4688        TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

23:05:54.0831 4688        ============================================================

23:05:54.0831 4688        Current date / time: 2012/02/13 23:05:54.0831

23:05:54.0831 4688        SystemInfo:

23:05:54.0831 4688        

23:05:54.0831 4688        OS Version: 6.1.7601 ServicePack: 1.0

23:05:54.0831 4688        Product type: Workstation

23:05:54.0832 4688        ComputerName: ***

23:05:54.0832 4688        UserName: ***

23:05:54.0832 4688        Windows directory: C:\Windows

23:05:54.0832 4688        System windows directory: C:\Windows

23:05:54.0832 4688        Running under WOW64

23:05:54.0832 4688        Processor architecture: Intel x64

23:05:54.0832 4688        Number of processors: 2

23:05:54.0832 4688        Page size: 0x1000

23:05:54.0832 4688        Boot type: Normal boot

23:05:54.0832 4688        ============================================================

23:05:55.0525 4688        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:05:55.0534 4688        \Device\Harddisk0\DR0:

23:05:55.0534 4688        MBR used

23:05:55.0535 4688        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000

23:05:55.0535 4688        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x251D5AB0

23:05:55.0612 4688        Initialize success

23:05:55.0612 4688        ============================================================

23:06:29.0169 1092        ============================================================

23:06:29.0169 1092        Scan started

23:06:29.0169 1092        Mode: Manual; SigCheck; TDLFS; 

23:06:29.0169 1092        ============================================================

23:06:29.0657 1092        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

23:06:29.0918 1092        1394ohci - ok

23:06:30.0020 1092        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

23:06:30.0062 1092        ACPI - ok

23:06:30.0089 1092        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

23:06:30.0205 1092        AcpiPmi - ok

23:06:30.0374 1092        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

23:06:30.0423 1092        adp94xx - ok

23:06:30.0545 1092        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

23:06:30.0582 1092        adpahci - ok

23:06:30.0609 1092        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

23:06:30.0634 1092        adpu320 - ok

23:06:30.0751 1092        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

23:06:30.0826 1092        AFD - ok

23:06:30.0910 1092        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

23:06:30.0941 1092        agp440 - ok

23:06:31.0007 1092        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

23:06:31.0034 1092        aliide - ok

23:06:31.0098 1092        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

23:06:31.0125 1092        amdide - ok

23:06:31.0177 1092        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

23:06:31.0253 1092        AmdK8 - ok

23:06:31.0336 1092        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

23:06:31.0385 1092        AmdPPM - ok

23:06:31.0485 1092        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

23:06:31.0516 1092        amdsata - ok

23:06:31.0572 1092        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

23:06:31.0608 1092        amdsbs - ok

23:06:31.0687 1092        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

23:06:31.0718 1092        amdxata - ok

23:06:31.0793 1092        AMPPAL          (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys

23:06:31.0859 1092        AMPPAL - ok

23:06:31.0982 1092        AMPPALP         (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys

23:06:32.0017 1092        AMPPALP - ok

23:06:32.0206 1092        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

23:06:32.0393 1092        AppID - ok

23:06:32.0510 1092        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

23:06:32.0541 1092        arc - ok

23:06:32.0560 1092        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

23:06:32.0592 1092        arcsas - ok

23:06:32.0616 1092        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

23:06:32.0780 1092        AsyncMac - ok

23:06:32.0869 1092        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

23:06:32.0896 1092        atapi - ok

23:06:32.0948 1092        avgio - ok

23:06:33.0033 1092        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

23:06:33.0100 1092        avgntflt - ok

23:06:33.0163 1092        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

23:06:33.0186 1092        avipbb - ok

23:06:33.0292 1092        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

23:06:33.0382 1092        b06bdrv - ok

23:06:33.0483 1092        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

23:06:33.0571 1092        b57nd60a - ok

23:06:33.0736 1092        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

23:06:33.0832 1092        Beep - ok

23:06:33.0930 1092        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

23:06:33.0977 1092        blbdrive - ok

23:06:34.0078 1092        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

23:06:34.0138 1092        bowser - ok

23:06:34.0176 1092        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:06:34.0253 1092        BrFiltLo - ok

23:06:34.0337 1092        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:06:34.0377 1092        BrFiltUp - ok

23:06:34.0413 1092        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

23:06:34.0478 1092        Brserid - ok

23:06:34.0563 1092        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

23:06:34.0611 1092        BrSerWdm - ok

23:06:34.0637 1092        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

23:06:34.0668 1092        BrUsbMdm - ok

23:06:34.0748 1092        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

23:06:34.0786 1092        BrUsbSer - ok

23:06:34.0883 1092        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

23:06:34.0952 1092        BthEnum - ok

23:06:35.0049 1092        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

23:06:35.0104 1092        BTHMODEM - ok

23:06:35.0134 1092        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

23:06:35.0181 1092        BthPan - ok

23:06:35.0292 1092        BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

23:06:35.0358 1092        BTHPORT - ok

23:06:35.0500 1092        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

23:06:35.0549 1092        BTHUSB - ok

23:06:35.0646 1092        btusbflt        (2641a3fe3d7b0646308f33b67f3b5300) C:\Windows\system32\drivers\btusbflt.sys

23:06:35.0668 1092        btusbflt - ok

23:06:35.0713 1092        btwaudio        (a72a9101f9730db7332714e566614e4d) C:\Windows\system32\drivers\btwaudio.sys

23:06:35.0734 1092        btwaudio - ok

23:06:35.0857 1092        btwavdt         (5ceec634b617525f2b6ad29f871033f7) C:\Windows\system32\DRIVERS\btwavdt.sys

23:06:35.0880 1092        btwavdt - ok

23:06:36.0012 1092        btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

23:06:36.0030 1092        btwl2cap - ok

23:06:36.0062 1092        btwrchid        (2af5604d28bef77b7cf4b9d232fe7cd3) C:\Windows\system32\DRIVERS\btwrchid.sys

23:06:36.0081 1092        btwrchid - ok

23:06:36.0172 1092        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

23:06:36.0275 1092        cdfs - ok

23:06:36.0360 1092        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

23:06:36.0418 1092        cdrom - ok

23:06:36.0469 1092        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

23:06:36.0523 1092        circlass - ok

23:06:36.0610 1092        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

23:06:36.0653 1092        CLFS - ok

23:06:36.0803 1092        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

23:06:36.0848 1092        CmBatt - ok

23:06:36.0869 1092        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

23:06:36.0900 1092        cmdide - ok

23:06:36.0993 1092        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

23:06:37.0046 1092        CNG - ok

23:06:37.0155 1092        CnxtHdAudService (572ada4af43cadd41b16399411c3f09c) C:\Windows\system32\drivers\CHDRT64.sys

23:06:37.0202 1092        CnxtHdAudService - ok

23:06:37.0306 1092        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

23:06:37.0335 1092        Compbatt - ok

23:06:37.0371 1092        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

23:06:37.0421 1092        CompositeBus - ok

23:06:37.0507 1092        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

23:06:37.0537 1092        crcdisk - ok

23:06:37.0594 1092        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

23:06:37.0680 1092        CSC - ok

23:06:37.0791 1092        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

23:06:37.0895 1092        DfsC - ok

23:06:37.0935 1092        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

23:06:38.0029 1092        discache - ok

23:06:38.0121 1092        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

23:06:38.0151 1092        Disk - ok

23:06:38.0194 1092        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

23:06:38.0233 1092        drmkaud - ok

23:06:38.0343 1092        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

23:06:38.0393 1092        DXGKrnl - ok

23:06:38.0575 1092        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

23:06:38.0721 1092        ebdrv - ok

23:06:38.0846 1092        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

23:06:38.0889 1092        elxstor - ok

23:06:38.0970 1092        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

23:06:39.0039 1092        ErrDev - ok

23:06:39.0169 1092        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

23:06:39.0276 1092        exfat - ok

23:06:39.0295 1092        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

23:06:39.0371 1092        fastfat - ok

23:06:39.0472 1092        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

23:06:39.0506 1092        fdc - ok

23:06:39.0569 1092        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

23:06:39.0601 1092        FileInfo - ok

23:06:39.0675 1092        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

23:06:39.0785 1092        Filetrace - ok

23:06:39.0918 1092        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

23:06:39.0963 1092        flpydisk - ok

23:06:40.0016 1092        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

23:06:40.0055 1092        FltMgr - ok

23:06:40.0158 1092        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

23:06:40.0187 1092        FsDepends - ok

23:06:40.0214 1092        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

23:06:40.0241 1092        Fs_Rec - ok

23:06:40.0279 1092        FTDIBUS         (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys

23:06:40.0302 1092        FTDIBUS - ok

23:06:40.0383 1092        FTSER2K         (24237091348d1efb5635a1cf9649e311) C:\Windows\system32\drivers\ftser2k.sys

23:06:40.0403 1092        FTSER2K - ok

23:06:40.0463 1092        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

23:06:40.0503 1092        fvevol - ok

23:06:40.0590 1092        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

23:06:40.0610 1092        gagp30kx - ok

23:06:40.0654 1092        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:06:40.0673 1092        GEARAspiWDM - ok

23:06:40.0779 1092        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

23:06:40.0830 1092        hcw85cir - ok

23:06:40.0930 1092        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

23:06:40.0981 1092        HdAudAddService - ok

23:06:41.0013 1092        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

23:06:41.0055 1092        HDAudBus - ok

23:06:41.0077 1092        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

23:06:41.0109 1092        HidBatt - ok

23:06:41.0195 1092        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

23:06:41.0262 1092        HidBth - ok

23:06:41.0277 1092        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

23:06:41.0329 1092        HidIr - ok

23:06:41.0426 1092        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

23:06:41.0475 1092        HidUsb - ok

23:06:41.0532 1092        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

23:06:41.0558 1092        HpSAMD - ok

23:06:41.0664 1092        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

23:06:41.0767 1092        HTTP - ok

23:06:41.0843 1092        hwdatacard - ok

23:06:41.0877 1092        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

23:06:41.0896 1092        hwpolicy - ok

23:06:42.0010 1092        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

23:06:42.0047 1092        i8042prt - ok

23:06:42.0127 1092        iaStor          (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys

23:06:42.0157 1092        iaStor - ok

23:06:42.0258 1092        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

23:06:42.0302 1092        iaStorV - ok

23:06:42.0343 1092        IBMPMDRV        (e03fa8b9c161e34d21a4e3850e490eb7) C:\Windows\system32\DRIVERS\ibmpmdrv.sys

23:06:42.0365 1092        IBMPMDRV - ok

23:06:42.0668 1092        igfx            (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys

23:06:43.0008 1092        igfx - ok

23:06:43.0105 1092        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

23:06:43.0134 1092        iirsp - ok

23:06:43.0205 1092        IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys

23:06:43.0264 1092        IntcHdmiAddService - ok

23:06:43.0347 1092        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

23:06:43.0379 1092        intelide - ok

23:06:43.0414 1092        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

23:06:43.0462 1092        intelppm - ok

23:06:43.0575 1092        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:06:43.0668 1092        IpFilterDriver - ok

23:06:43.0708 1092        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

23:06:43.0733 1092        IPMIDRV - ok

23:06:43.0902 1092        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

23:06:44.0013 1092        IPNAT - ok

23:06:44.0104 1092        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

23:06:44.0172 1092        IRENUM - ok

23:06:44.0209 1092        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

23:06:44.0236 1092        isapnp - ok

23:06:44.0335 1092        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

23:06:44.0373 1092        iScsiPrt - ok

23:06:44.0495 1092        ivusb           (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys

23:06:44.0517 1092        ivusb - ok

23:06:44.0571 1092        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

23:06:44.0606 1092        kbdclass - ok

23:06:44.0695 1092        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

23:06:44.0735 1092        kbdhid - ok

23:06:44.0765 1092        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

23:06:44.0786 1092        KSecDD - ok

23:06:44.0844 1092        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

23:06:44.0869 1092        KSecPkg - ok

23:06:44.0934 1092        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

23:06:45.0048 1092        ksthunk - ok

23:06:45.0190 1092        lenovo.smi      (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys

23:06:45.0214 1092        lenovo.smi - ok

23:06:45.0349 1092        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

23:06:45.0453 1092        lltdio - ok

23:06:45.0507 1092        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

23:06:45.0539 1092        LSI_FC - ok

23:06:45.0634 1092        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

23:06:45.0668 1092        LSI_SAS - ok

23:06:45.0698 1092        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:06:45.0729 1092        LSI_SAS2 - ok

23:06:45.0818 1092        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:06:45.0850 1092        LSI_SCSI - ok

23:06:45.0883 1092        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

23:06:46.0016 1092        luafv - ok

23:06:46.0139 1092        MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

23:06:46.0158 1092        MBAMProtector - ok

23:06:46.0214 1092        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

23:06:46.0233 1092        megasas - ok

23:06:46.0323 1092        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

23:06:46.0362 1092        MegaSR - ok

23:06:46.0392 1092        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

23:06:46.0478 1092        Modem - ok

23:06:46.0568 1092        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

23:06:46.0615 1092        monitor - ok

23:06:46.0670 1092        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

23:06:46.0698 1092        mouclass - ok

23:06:46.0794 1092        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

23:06:46.0842 1092        mouhid - ok

23:06:46.0884 1092        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

23:06:46.0914 1092        mountmgr - ok

23:06:47.0004 1092        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

23:06:47.0039 1092        mpio - ok

23:06:47.0071 1092        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

23:06:47.0165 1092        mpsdrv - ok

23:06:47.0211 1092        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

23:06:47.0303 1092        MRxDAV - ok

23:06:47.0384 1092        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:06:47.0432 1092        mrxsmb - ok

23:06:47.0479 1092        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:06:47.0525 1092        mrxsmb10 - ok

23:06:47.0610 1092        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:06:47.0645 1092        mrxsmb20 - ok

23:06:47.0681 1092        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

23:06:47.0699 1092        msahci - ok

23:06:47.0768 1092        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

23:06:47.0802 1092        msdsm - ok

23:06:47.0874 1092        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

23:06:47.0947 1092        Msfs - ok

23:06:47.0995 1092        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

23:06:48.0069 1092        mshidkmdf - ok

23:06:48.0097 1092        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

23:06:48.0116 1092        msisadrv - ok

23:06:48.0213 1092        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

23:06:48.0310 1092        MSKSSRV - ok

23:06:48.0341 1092        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

23:06:48.0425 1092        MSPCLOCK - ok

23:06:48.0505 1092        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

23:06:48.0603 1092        MSPQM - ok

23:06:48.0635 1092        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

23:06:48.0664 1092        MsRPC - ok

23:06:48.0735 1092        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

23:06:48.0763 1092        mssmbios - ok

23:06:48.0821 1092        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

23:06:48.0899 1092        MSTEE - ok

23:06:48.0965 1092        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

23:06:49.0017 1092        MTConfig - ok

23:06:49.0047 1092        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

23:06:49.0078 1092        Mup - ok

23:06:49.0191 1092        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

23:06:49.0253 1092        NativeWifiP - ok

23:06:49.0336 1092        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys

23:06:49.0393 1092        NDIS - ok

23:06:49.0498 1092        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

23:06:49.0607 1092        NdisCap - ok

23:06:49.0640 1092        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

23:06:49.0744 1092        NdisTapi - ok

23:06:49.0822 1092        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

23:06:49.0928 1092        Ndisuio - ok

23:06:49.0962 1092        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

23:06:50.0075 1092        NdisWan - ok

23:06:50.0159 1092        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

23:06:50.0270 1092        NDProxy - ok

23:06:50.0318 1092        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

23:06:50.0413 1092        NetBIOS - ok

23:06:50.0500 1092        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

23:06:50.0607 1092        NetBT - ok

23:06:50.0937 1092        NETw1v64        (e72f4522801ffb8f0456924fb0017bff) C:\Windows\system32\DRIVERS\NETw1v64.sys

23:06:51.0313 1092        NETw1v64 - ok

23:06:51.0617 1092        NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys

23:06:51.0968 1092        NETw5s64 - ok

23:06:52.0245 1092        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys

23:06:52.0512 1092        netw5v64 - ok

23:06:52.0842 1092        NETwNs64        (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys

23:06:53.0213 1092        NETwNs64 - ok

23:06:53.0320 1092        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

23:06:53.0349 1092        nfrd960 - ok

23:06:53.0385 1092        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

23:06:53.0481 1092        Npfs - ok

23:06:53.0573 1092        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

23:06:53.0668 1092        nsiproxy - ok

23:06:53.0734 1092        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

23:06:53.0799 1092        Ntfs - ok

23:06:53.0877 1092        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

23:06:53.0947 1092        Null - ok

23:06:53.0982 1092        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

23:06:54.0002 1092        nvraid - ok

23:06:54.0085 1092        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

23:06:54.0120 1092        nvstor - ok

23:06:54.0160 1092        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

23:06:54.0181 1092        nv_agp - ok

23:06:54.0288 1092        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

23:06:54.0333 1092        ohci1394 - ok

23:06:54.0482 1092        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

23:06:54.0517 1092        Parport - ok

23:06:54.0554 1092        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

23:06:54.0585 1092        partmgr - ok

23:06:54.0695 1092        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

23:06:54.0728 1092        pccsmcfd - ok

23:06:54.0769 1092        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

23:06:54.0803 1092        pci - ok

23:06:54.0886 1092        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

23:06:54.0913 1092        pciide - ok

23:06:54.0961 1092        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

23:06:54.0995 1092        pcmcia - ok

23:06:55.0034 1092        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

23:06:55.0059 1092        pcw - ok

23:06:55.0124 1092        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

23:06:55.0231 1092        PEAUTH - ok

23:06:55.0475 1092        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

23:06:55.0568 1092        PptpMiniport - ok

23:06:55.0600 1092        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

23:06:55.0632 1092        Processor - ok

23:06:55.0750 1092        psadd           (b8035af9cc0ccba9a09ac0a0d9801797) C:\Windows\system32\DRIVERS\psadd.sys

23:06:55.0771 1092        psadd - ok

23:06:55.0822 1092        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

23:06:55.0914 1092        Psched - ok

23:06:56.0012 1092        qcfilterlno2k   (4342964c1a4cf0f4cb0decc20335de00) C:\Windows\system32\DRIVERS\qcfilterlno2k.sys

23:06:56.0058 1092        qcfilterlno2k - ok

23:06:56.0162 1092        qcusbnetlno2k   (feb9abd8e036cbb2ae520e3bd9d78e2b) C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys

23:06:56.0225 1092        qcusbnetlno2k - ok

23:06:56.0312 1092        qcusbserlno2k   (9b682f4bdde7453ecdc70572c52dd97b) C:\Windows\system32\DRIVERS\qcusbserlno2k.sys

23:06:56.0365 1092        qcusbserlno2k - ok

23:06:56.0533 1092        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

23:06:56.0610 1092        ql2300 - ok

23:06:56.0697 1092        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

23:06:56.0729 1092        ql40xx - ok

23:06:56.0765 1092        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

23:06:56.0821 1092        QWAVEdrv - ok

23:06:56.0942 1092        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

23:06:57.0039 1092        RasAcd - ok

23:06:57.0073 1092        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

23:06:57.0137 1092        RasAgileVpn - ok

23:06:57.0224 1092        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:06:57.0306 1092        Rasl2tp - ok

23:06:57.0339 1092        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

23:06:57.0411 1092        RasPppoe - ok

23:06:57.0493 1092        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

23:06:57.0613 1092        RasSstp - ok

23:06:57.0649 1092        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

23:06:57.0744 1092        rdbss - ok

23:06:57.0822 1092        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

23:06:57.0870 1092        rdpbus - ok

23:06:57.0890 1092        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:06:57.0956 1092        RDPCDD - ok

23:06:58.0051 1092        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

23:06:58.0104 1092        RDPDR - ok

23:06:58.0153 1092        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

23:06:58.0260 1092        RDPENCDD - ok

23:06:58.0335 1092        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

23:06:58.0412 1092        RDPREFMP - ok

23:06:58.0453 1092        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

23:06:58.0516 1092        RDPWD - ok

23:06:58.0573 1092        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

23:06:58.0603 1092        rdyboost - ok

23:06:58.0721 1092        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

23:06:58.0781 1092        RFCOMM - ok

23:06:58.0912 1092        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

23:06:58.0977 1092        rspndr - ok

23:06:59.0023 1092        RSUSBSTOR       (da67387f9644c48f204147b351877cb3) C:\Windows\system32\Drivers\RtsUStor.sys

23:06:59.0063 1092        RSUSBSTOR - ok

23:06:59.0166 1092        RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

23:06:59.0207 1092        RTL8167 - ok

23:06:59.0281 1092        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

23:06:59.0379 1092        s3cap - ok

23:06:59.0428 1092        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

23:06:59.0461 1092        sbp2port - ok

23:06:59.0573 1092        SCDEmu          (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys

23:06:59.0611 1092        SCDEmu - ok

23:06:59.0652 1092        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

23:06:59.0767 1092        scfilter - ok

23:06:59.0854 1092        sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

23:06:59.0928 1092        sdbus - ok

23:07:00.0002 1092        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

23:07:00.0113 1092        secdrv - ok

23:07:00.0200 1092        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

23:07:00.0243 1092        Serenum - ok

23:07:00.0283 1092        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

23:07:00.0324 1092        Serial - ok

23:07:00.0355 1092        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

23:07:00.0383 1092        sermouse - ok

23:07:00.0492 1092        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

23:07:00.0542 1092        sffdisk - ok

23:07:00.0569 1092        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

23:07:00.0611 1092        sffp_mmc - ok

23:07:00.0623 1092        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

23:07:00.0682 1092        sffp_sd - ok

23:07:00.0762 1092        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

23:07:00.0806 1092        sfloppy - ok

23:07:00.0868 1092        Shockprf        (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys

23:07:00.0898 1092        Shockprf - ok

23:07:00.0985 1092        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:07:01.0014 1092        SiSRaid2 - ok

23:07:01.0044 1092        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

23:07:01.0063 1092        SiSRaid4 - ok

23:07:01.0135 1092        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

23:07:01.0257 1092        Smb - ok

23:07:01.0367 1092        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

23:07:01.0394 1092        spldr - ok

23:07:01.0465 1092        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

23:07:01.0522 1092        srv - ok

23:07:01.0609 1092        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

23:07:01.0664 1092        srv2 - ok

23:07:01.0720 1092        SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS

23:07:01.0784 1092        SrvHsfHDA - ok

23:07:01.0928 1092        SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

23:07:02.0021 1092        SrvHsfV92 - ok

23:07:02.0127 1092        SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

23:07:02.0184 1092        SrvHsfWinac - ok

23:07:02.0296 1092        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

23:07:02.0345 1092        srvnet - ok

23:07:02.0397 1092        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

23:07:02.0426 1092        stexstor - ok

23:07:02.0523 1092        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

23:07:02.0551 1092        storflt - ok

23:07:02.0599 1092        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

23:07:02.0628 1092        storvsc - ok

23:07:02.0740 1092        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

23:07:02.0767 1092        swenum - ok

23:07:02.0861 1092        SynTP           (ffbe7c45999252c3131cbdd05e2fa135) C:\Windows\system32\DRIVERS\SynTP.sys

23:07:02.0928 1092        SynTP - ok

23:07:03.0092 1092        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

23:07:03.0166 1092        Tcpip - ok

23:07:03.0315 1092        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

23:07:03.0385 1092        TCPIP6 - ok

23:07:03.0463 1092        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

23:07:03.0559 1092        tcpipreg - ok

23:07:03.0596 1092        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

23:07:03.0669 1092        TDPIPE - ok

23:07:03.0738 1092        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

23:07:03.0812 1092        TDTCP - ok

23:07:03.0865 1092        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

23:07:03.0937 1092        tdx - ok

23:07:04.0023 1092        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

23:07:04.0052 1092        TermDD - ok

23:07:04.0133 1092        TPDIGIMN        (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys

23:07:04.0153 1092        TPDIGIMN - ok

23:07:04.0276 1092        TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

23:07:04.0335 1092        TPM - ok

23:07:04.0396 1092        TPPWRIF         (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys

23:07:04.0415 1092        TPPWRIF - ok

23:07:04.0518 1092        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:07:04.0621 1092        tssecsrv - ok

23:07:04.0669 1092        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

23:07:04.0721 1092        TsUsbFlt - ok

23:07:04.0841 1092        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

23:07:04.0950 1092        tunnel - ok

23:07:04.0988 1092        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

23:07:05.0017 1092        uagp35 - ok

23:07:05.0120 1092        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

23:07:05.0230 1092        udfs - ok

23:07:05.0268 1092        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

23:07:05.0288 1092        uliagpkx - ok

23:07:05.0371 1092        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

23:07:05.0418 1092        umbus - ok

23:07:05.0446 1092        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

23:07:05.0489 1092        UmPass - ok

23:07:05.0590 1092        USBAAPL64       (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys

23:07:05.0618 1092        USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning

23:07:05.0618 1092        USBAAPL64 - detected UnsignedFile.Multi.Generic (1)

23:07:05.0647 1092        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

23:07:05.0701 1092        usbccgp - ok

23:07:05.0788 1092        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

23:07:05.0851 1092        usbcir - ok

23:07:05.0888 1092        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

23:07:05.0924 1092        usbehci - ok

23:07:06.0023 1092        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

23:07:06.0081 1092        usbhub - ok

23:07:06.0117 1092        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

23:07:06.0140 1092        usbohci - ok

23:07:06.0208 1092        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

23:07:06.0245 1092        usbprint - ok

23:07:06.0286 1092        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

23:07:06.0340 1092        usbscan - ok

23:07:06.0445 1092        usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys

23:07:06.0506 1092        usbser - ok

23:07:06.0621 1092        usbsmi          (63fe600d71d72eb960ff01b0f0e5d837) C:\Windows\system32\DRIVERS\SMIksdrv.sys

23:07:06.0673 1092        usbsmi - ok

23:07:06.0717 1092        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:07:06.0781 1092        USBSTOR - ok

23:07:06.0862 1092        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

23:07:06.0906 1092        usbuhci - ok

23:07:06.0964 1092        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

23:07:07.0012 1092        usbvideo - ok

23:07:07.0104 1092        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

23:07:07.0135 1092        vdrvroot - ok

23:07:07.0171 1092        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

23:07:07.0198 1092        vga - ok

23:07:07.0233 1092        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

23:07:07.0304 1092        VgaSave - ok

23:07:07.0379 1092        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

23:07:07.0415 1092        vhdmp - ok

23:07:07.0445 1092        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

23:07:07.0465 1092        viaide - ok

23:07:07.0490 1092        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

23:07:07.0514 1092        vmbus - ok

23:07:07.0539 1092        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

23:07:07.0585 1092        VMBusHID - ok

23:07:07.0658 1092        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

23:07:07.0688 1092        volmgr - ok

23:07:07.0725 1092        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

23:07:07.0766 1092        volmgrx - ok

23:07:07.0848 1092        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

23:07:07.0888 1092        volsnap - ok

23:07:07.0949 1092        vpnva           (e526a69d932538ae8bc96b3f4a5a90b1) C:\Windows\system32\DRIVERS\vpnva64.sys

23:07:07.0969 1092        vpnva - ok

23:07:08.0117 1092        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

23:07:08.0153 1092        vsmraid - ok

23:07:08.0205 1092        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

23:07:08.0264 1092        vwifibus - ok

23:07:08.0329 1092        VWiFiFlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

23:07:08.0375 1092        VWiFiFlt - ok

23:07:08.0425 1092        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

23:07:08.0471 1092        vwifimp - ok

23:07:08.0500 1092        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

23:07:08.0546 1092        WacomPen - ok

23:07:08.0615 1092        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:07:08.0720 1092        WANARP - ok

23:07:08.0738 1092        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

23:07:08.0827 1092        Wanarpv6 - ok

23:07:08.0965 1092        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

23:07:08.0993 1092        Wd - ok

23:07:09.0039 1092        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

23:07:09.0083 1092        Wdf01000 - ok

23:07:09.0224 1092        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

23:07:09.0300 1092        WfpLwf - ok

23:07:09.0318 1092        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

23:07:09.0336 1092        WIMMount - ok

23:07:09.0482 1092        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

23:07:09.0539 1092        WinUsb - ok

23:07:09.0592 1092        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

23:07:09.0625 1092        WmiAcpi - ok

23:07:09.0730 1092        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

23:07:09.0827 1092        ws2ifsl - ok

23:07:09.0870 1092        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

23:07:09.0943 1092        WudfPf - ok

23:07:10.0056 1092        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:07:10.0140 1092        WUDFRd - ok

23:07:10.0217 1092        MBR (0x1B8)     (f03d291aa65a8612f7694628c9e7da16) \Device\Harddisk0\DR0

23:07:10.0299 1092        \Device\Harddisk0\DR0 - ok

23:07:10.0332 1092        Boot (0x1200)   (3e190e2e1e125736cc04556a1f648bec) \Device\Harddisk0\DR0\Partition0

23:07:10.0334 1092        \Device\Harddisk0\DR0\Partition0 - ok

23:07:10.0352 1092        Boot (0x1200)   (7b2bc355271cb56d7c1ee7ca04834781) \Device\Harddisk0\DR0\Partition1

23:07:10.0353 1092        \Device\Harddisk0\DR0\Partition1 - ok

23:07:10.0354 1092        ============================================================

23:07:10.0355 1092        Scan finished

23:07:10.0355 1092        ============================================================

23:07:10.0383 6192        Detected object count: 1

23:07:10.0383 6192        Actual detected object count: 1

23:07:46.0835 6192        USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user

23:07:46.0835 6192        USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 12-02-13.01 - *** 13/02/2012  23:37:04.1.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1031.18.3933.2365 [GMT 1:00]

Running from: c:\users\***\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\facemoods.com

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe

c:\programdata\Roaming

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\users\localadmin\AppData\Roaming\Local

c:\users\***\HOBOware.tmp

.

.

(((((((((((((((((((((((((   Files Created from 2012-01-13 to 2012-02-13  )))))))))))))))))))))))))))))))

.

.

2012-02-13 22:48 . 2012-02-13 22:48        --------        d-----w-        c:\users\***\AppData\Local\temp

2012-02-13 22:48 . 2012-02-13 22:48        --------        d-----w-        c:\users\root\AppData\Local\temp

2012-02-13 22:48 . 2012-02-13 22:48        --------        d-----w-        c:\users\localadmin\AppData\Local\temp

2012-02-13 22:48 . 2012-02-13 22:48        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-13 15:21 . 2012-02-13 15:21        --------        d-----w-        C:\_OTL

2012-02-12 17:57 . 2012-02-12 17:57        --------        d-----w-        c:\program files (x86)\ESET

2012-02-12 15:44 . 2012-02-12 15:44        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes

2012-02-12 15:44 . 2012-02-12 15:44        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-12 15:44 . 2012-02-12 15:44        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-12 15:44 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-10 08:17 . 2012-01-06 05:15        8602168        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{31CBB2C8-0793-4C68-89C5-E711E836B97A}\mpengine.dll

2012-02-05 11:04 . 2012-02-13 16:05        --------        d-----w-        c:\program files (x86)\Yontoo

2012-02-05 11:04 . 2012-02-05 11:04        --------        d-----w-        c:\programdata\Babylon

2012-02-05 11:03 . 2012-02-05 11:19        --------        d-----w-        c:\program files (x86)\1ClickDownload

2012-01-21 18:24 . 2012-01-21 18:24        --------        d-----w-        c:\program files (x86)\Minefield

2012-01-15 09:41 . 2012-01-31 11:29        --------        d-----w-        C:\13_TELEMETRIE

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-26 23:52 . 2010-02-24 19:09        279656        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-12 10:04 . 2011-08-13 11:34        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52 . 2011-12-15 07:11        3145216        ----a-w-        c:\windows\system32\win32k.sys

2011-11-23 12:04 . 2011-11-23 12:04        40248        ----a-w-        c:\windows\system32\drivers\psadd.sys

2011-11-19 14:58 . 2012-01-11 10:58        77312        ----a-w-        c:\windows\system32\packager.dll

2011-11-19 14:01 . 2012-01-11 10:58        67072        ----a-w-        c:\windows\SysWow64\packager.dll

2011-11-18 14:56 . 2009-09-24 21:35        499712        ----a-w-        c:\windows\SysWow64\msvcp71.dll

2011-11-17 06:41 . 2012-01-11 10:58        1731920        ----a-w-        c:\windows\system32\ntdll.dll

2011-11-17 05:38 . 2012-01-11 10:58        1292080        ----a-w-        c:\windows\SysWow64\ntdll.dll

2008-02-17 11:24 . 2011-03-14 12:16        16384        ----a-w-        c:\program files (x86)\WinOutOfScreen.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2011-06-16 1500160]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-10-04 1631296]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-07 281768]

"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-18 273528]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\localadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1047265912-43125369-1435325219-7572\Scripts\Logon\0\0]

"Script"=\\ad.geoecology.uni-potsdam.de\SysVol\ad.geoecology.uni-potsdam.de\scripts\login_mitarbeiter.cmd

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Message Center Plus"=c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Radio.fx;Radio.fx Server;d:\tobit radio.fx\Server\rfx-server.exe [x]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [x]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]

R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]

R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-10-04 89152]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-10-04 175168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]

S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]

S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-07-27 50536]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]

S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-07-27 74088]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [2009-10-01 333048]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]

S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 qcfilterlno2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9205);c:\windows\system32\DRIVERS\qcfilterlno2k.sys [x]

S3 qcusbnetlno2k;Gobi 2000 USB-NDIS miniport(05C6-9205);c:\windows\system32\DRIVERS\qcusbnetlno2k.sys [x]

S3 qcusbserlno2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9205);c:\windows\system32\DRIVERS\qcusbserlno2k.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-30 225792]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 usbsmi;Integrated Camera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-29 c:\windows\Tasks\Driver Fetch.job

- c:\program files (x86)\Driver Fetch\2.3.0.5\DriverFetch.exe [2010-03-28 08:51]

.

2012-02-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]

.

2012-02-13 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        97792        ----a-w-        c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"TpShocks"="TpShocks.exe" [2011-03-29 380776]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-28 508472]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-20 307768]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-10 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-10 365592]

"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2011-06-10 5990200]

"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2011-04-14 31592]

"combofix"="c:\combofix\CF2846.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCInstallQueue"="netman.dll" [2009-07-14 360448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = 

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: An OneNote s&enden - /105

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\skd570am.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.fc-union-berlin.de/start/

FF - user.js: extentions.y2layers.installId - d89b47c9-ce98-4265-9999-6e923f47c342

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,TopRelatedTopics,BestVideoDownloader,

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\LENOVO\HOTKEY\tposdsvc.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files (x86)\Lenovo\System Update\SUService.exe

c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

.

**************************************************************************

.

Completion time: 2012-02-13  23:59:58 - machine was rebooted

ComboFix-quarantined-files.txt  2012-02-13 22:59

.

Pre-Run: 38 Verzeichnis(se), 93,899,960,320 Bytes frei

Post-Run: 43 Verzeichnis(se), 95,216,394,240 Bytes frei

.

- - End Of File - - 8006D349148D6543CBCC0EF8AE25AC25

--- --- ---