Trojaner-Board - Verschlüsselungs-Trojaner: Weißer Bildschirm: Bitte warten bis Verbindung hergestellt wird

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Verschlüsselungs-Trojaner: Weißer Bildschirm: Bitte warten bis Verbindung hergestellt wird (https://www.trojaner-board.de/115805-verschluesselungs-trojaner-weisser-bildschirm-bitte-warten-verbindung-hergestellt.html)

Verschlüsselungs-Trojaner: Weißer Bildschirm: Bitte warten bis Verbindung hergestellt wird

Hallo, ich habe mir wahrscheinlich beim surfen den im Titel beschriebenen Trojaner geholt. Wurde aufgefordert 100€ zu bezahlen, beim Neustart, kam dann sofort der weiße Bildschirm.

Windows (7 professional 64-bit) geht auch nicht mehr im abgesicherten Modus, auch nicht im abgesicherten Modus mit Netzwerktreibern. Als Gastbenutzer sehe ich den normalen Desktop.

Ich habe mir eine OTLPE-CD gebrannt und kann von dieser booten:
es erscheint der schwarze Bildschirm mit: ''starting Reatogo-X-Pe ...''
Der anschließende Ladevorgang von Wondows 7 wird dann immer recht schnell abgebrochen und es erscheint folgender Blue Screen:

'' A problem has been detected and windows has been shut down to prevent damage to your computer

if this is the first time you've seen this stop error screen restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove any newly installed hard drives controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKSK /F to check for hard drive corruption, and then restart your computer.

Technical information:
*** stop: 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x,00000000)

bitte um Hilfe
Danke im Voraus
Falko

Geh mal ins BIOS deines Computers und stell den Plattencontroller von AHCI auf IDE bzw. Compatible um. Genauere Anleitungen kann man nicht posten, da fast jedes BIOS anders aussieht. Schau notfalls ins Handbuch.

Um das installierte Windows wieder booten zu können musst du natürlich auf AHCI wieder umstellen.

Hier sind die beiden Dateien, die wohl mein problem beschreiben.

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

O4 - HKLM..\Run: [9txXqR9p2lPiFxH] E:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe ()

O4 - HKU\Falko_Vehling_ON_E..\Run: [9txXqR9p2lPiFxH] E:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe ()

O4 - HKU\Falko_Vehling_ON_E..\Run: [Center Agent]  File not found

O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found

O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\Falko_Vehling_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKU\Falko_Vehling_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\Falko_Vehling_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O20 - HKLM Winlogon: Shell - (C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe) - E:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe ()

O20 - HKLM Winlogon: UserInit - (C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe) - E:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe ()

O20 - HKU\Falko_Vehling_ON_E Winlogon: Shell - (C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe) - E:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe ()

O20 - HKU\Falko_Vehling_ON_E Winlogon: UserInit - (C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe) - E:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe ()

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{e8001087-9ab2-11e1-beff-60d819f2e29b}\Shell - "" = AutoRun

O33 - MountPoints2\{e8001087-9ab2-11e1-beff-60d819f2e29b}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{e80010b8-9ab2-11e1-beff-60d819f2e29b}\Shell - "" = AutoRun

O33 - MountPoints2\{e80010b8-9ab2-11e1-beff-60d819f2e29b}\Shell\AutoRun\command - "" = E:\AutoRun.exe

:Files

E:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Habe hier das logfile nach dem Fixen
Das hochladen der Zip-Datei war erfolgreich

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_USERS\***_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop not found.
Registry value HKEY_USERS\***_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\***_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\AppData\Roaming\Diablo_III.exe deleted successfully.
File E:\Users\***\AppData\Roaming\Diablo_III.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\***\AppData\Roaming\Diablo_III.exe deleted successfully.
File E:\Users\***\AppData\Roaming\Diablo_III.exe not found.
Registry value HKEY_USERS\***_ON_E\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\AppData\Roaming\Diablo_III.exe deleted successfully.
File E:\Users\***\AppData\Roaming\Diablo_III.exe not found.
Registry value HKEY_USERS\***_ON_E\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\***\AppData\Roaming\Diablo_III.exe deleted successfully.
File E:\Users\***\AppData\Roaming\Diablo_III.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8001087-9ab2-11e1-beff-60d819f2e29b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8001087-9ab2-11e1-beff-60d819f2e29b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8001087-9ab2-11e1-beff-60d819f2e29b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8001087-9ab2-11e1-beff-60d819f2e29b}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e80010b8-9ab2-11e1-beff-60d819f2e29b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e80010b8-9ab2-11e1-beff-60d819f2e29b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e80010b8-9ab2-11e1-beff-60d819f2e29b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e80010b8-9ab2-11e1-beff-60d819f2e29b}\ not found.
File E:\AutoRun.exe not found.
========== FILES ==========
File\Folder E:\Users\***\AppData\Roaming\Diablo_III.exe not found.
========== COMMANDS ==========
E:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 05312012_090342

Bitte jetzt routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

ok, hier zuerst das Log von Malwarebytes:

Code:

 Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.05.30.04
 

Windows 7 Service Pack 1 x64 FAT

Internet Explorer 9.0.8112.16421

*** :: ***-PC [Administrator]
 

31.05.2012 11:47:14

mbam-log-2012-05-31 (15-56-37).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 401750

Laufzeit: 42 Minute(n), 10 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: c:\users\***\appdata\roaming\diablo_iii.exe -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen.A) -> Bösartig: (Explorer.exe,C:\Users\***\AppData\Roaming\Diablo_III.exe) Gut: (Explorer.exe) -> Keine Aktion durchgeführt.
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\***\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Keine Aktion durchgeführt.
 

(Ende)

Und hier das Log vom ESET online scanner

Code:

 SETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-31 03:01:17

# local_time=2012-05-31 05:01:17 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 35879439 90103512 0 0

# compatibility_mode=8192 67108863 100 0 237 237 0 0

# scanned=177761

# found=10

# cleaned=0

# scan_time=2815

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe        probably a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Users\***\ps_radio2014.exe        a variant of Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I

C:\Users\***\AppData\Local\Temp\6703799.Uninstall\Uninstall.exe        a variant of Win32/InstallCore.Q application (unable to clean)        00000000000000000000000000000000        I

C:\Users\***\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Users\***\AppData\Local\Temp\is87173921\MyBabylonTB.exe        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Users\***\AppData\Local\TempDIR\BetterInstaller.exe        a variant of Win32/Somoto.A application (unable to clean)        00000000000000000000000000000000        I

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

zu 1): Windows geht wieder aber der Desktop ist leer. wenn ich auf Computer, und dann auf Desktop klicke, kann ich die verlinkungen zum Desktop aber nutzen.

zu 2): Startmenü sieht normal aus. In alle Programme sind alle Ordner gefüllt.

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

habe es wie in der anleitung 2 mal versucht und auch einmal neugestartet. leider hat es nicht geklappt.

Gruß Falko

Geht das auch genauer beschribeen als "nicht geklappt"
Was klappt da genau nicht? :glaskugel:

Das Programm läuft, wie ich denke, normal durch, aber der Desktop ist weiterhin komplett leer.

Das Programm sagt unter anderem in einem ''finished-Fenster'': '' Your files should now be visible. If you are missing start menu items, please...

Ich poste mal das Log vom Unhide-Programm:

Code:

 hier Unhide by Lawrence Abrams (Grinler)

hxxp://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

  hxxp://www.bleepingcomputer.com/forums/topic405109.html
 

Program started at: 06/01/2012 02:03:13 PM

Windows Version: Windows 7
 

Please be patient while your files are made visible again.
 

Processing the C:\ drive

Finished processing the C:\ drive. 207208 files processed.
 

Processing the G:\ drive

Finished processing the G:\ drive. 0 files processed.
 

The C:\Users\FALKOV~1\AppData\Local\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: hxxp://www.bleepingcomputer.com/forums/topic405109.html
 

Searching for Windows Registry changes made by FakeHDD rogues.

 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

  * HideIcons was set to 1! It was set back to 0!
 

Restarting Explorer.exe in order to apply changes.
 

Program finished at: 06/01/2012 02:06:35 PM

Execution time: 0 hours(s), 3 minute(s), and 21 seconds(s)

Gruß und Danke bis hierhin Falko

Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

habe jetzt wieder alle Desktopsymbole da, musste nur auf ''symbole anzeigen'' klicken.
Sorry für meine Inkompetenz gerade.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hier das OTL-LOG:

Code:

OTL logfile created on: 01.06.2012 17:00:53 - Run 1

OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\***\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,80 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 63,98% Memory free

7,60 Gb Paging File | 6,23 Gb Available in Paging File | 81,91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 178,71 Gb Total Space | 32,77 Gb Free Space | 18,34% Space Free | Partition Type: NTFS

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.01 16:58:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.10.04 04:04:00 | 000,064,576 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

PRC - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe

PRC - [2011.08.11 20:04:14 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2011.07.12 19:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2011.07.12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe

PRC - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.10 18:38:29 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011.08.11 12:20:42 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)

SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)

SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)

SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012.05.13 08:58:56 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.10.04 04:04:00 | 000,175,168 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)

SRV - [2011.10.04 04:04:00 | 000,089,152 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)

SRV - [2011.08.17 12:04:36 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2011.07.12 17:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)

SRV - [2011.07.12 17:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)

SRV - [2011.07.12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)

SRV - [2011.07.12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2010.11.08 23:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.28 22:24:59 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)

DRV:64bit: - [2011.12.28 22:24:58 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2011.10.04 04:04:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)

DRV:64bit: - [2011.08.11 12:20:42 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.02.23 10:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)

DRV:64bit: - [2010.11.29 06:23:18 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)

DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2010.09.07 15:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)

DRV:64bit: - [2010.05.11 19:06:18 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)

DRV:64bit: - [2010.05.11 19:06:18 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2010.05.11 19:06:18 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)

DRV:64bit: - [2010.04.23 01:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010.03.23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV:64bit: - [2010.02.08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)

DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)

DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008.11.16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV:64bit: - [2007.12.06 05:43:22 | 000,353,152 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 F0 41 D6 62 E6 CC 01  [binary data]

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=0ae7025600000000000000ff054384d5

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb123/?search={searchTerms}&loc=IB_DS&a=6PQo0tVx9Q&i=26

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-501\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 0C C6 07 BA F7 CC 01  [binary data]

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-501\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

[2012.02.10 20:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

 

O1 HOSTS File: ([2012.05.31 15:03:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000..\Run: [9txXqR9p2lPiFxH] C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe File not found

O4 - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000..\Run: [Center Agent] C:\Program Files (x86)\X-TENSIONS Multimedia\HyperMediaCenter\DTVR\Scheduled.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Falko Vehling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EAB66AD-276D-418F-8E08-137EC3E96BA7}: NameServer = 193.189.244.225 193.189.244.206

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3A7832A-BD6A-4AA1-ACD7-CC1275B1F7BA}: DhcpNameServer = 10.0.0.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe) -  File not found

O20 - HKLM Winlogon: UserInit - (C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe) -  File not found

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000 Winlogon: Shell - (c:\users\falko vehling\appdata\roaming\diablo_iii.exe) -  File not found

O20 - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000 Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: {Gusfa7ep-lUCJ-Ed2r-Yvs8-fYwL6tnW7CxX} - 

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.31 16:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.05.31 14:54:03 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.05.31 11:43:09 | 000,000,000 | ---D | C] -- C:\Users\Falko Vehling\AppData\Roaming\Malwarebytes

[2012.05.31 11:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.31 11:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.05.31 11:41:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.05.31 11:41:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.05.30 20:43:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012.05.24 12:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012.05.24 12:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012.05.24 12:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012.05.10 17:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner

[2012.05.10 17:26:31 | 000,246,224 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys

[2012.05.10 17:26:31 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys

[2012.05.10 17:26:31 | 000,114,304 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbdev.sys

[2012.05.10 17:26:31 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys

[2012.05.10 17:26:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner

[2012.05.04 12:13:12 | 000,000,000 | ---D | C] -- C:\Users\Falko Vehling\AppData\Roaming\MathWorks

[2012.05.04 12:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB

[2012.05.04 12:04:04 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB

[2012.05.04 11:46:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client

[2012.05.04 11:46:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks

[2012.05.04 11:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.01 16:58:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.06.01 16:27:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.01 15:54:44 | 000,000,562 | ---- | M] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job

[2012.06.01 15:54:37 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.06.01 14:13:48 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.06.01 14:13:48 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.06.01 14:02:46 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.06.01 14:02:46 | 000,656,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.06.01 14:02:46 | 000,618,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.06.01 14:02:46 | 000,131,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.06.01 14:02:46 | 000,107,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.06.01 13:58:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.06.01 13:58:20 | 3061,223,424 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.31 15:03:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2012.05.31 11:41:39 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.24 18:14:41 | 000,007,605 | ---- | M] () -- C:\Users\Falko Vehling\AppData\Local\Resmon.ResmonCfg

[2012.05.13 08:35:28 | 000,298,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.05.10 17:26:33 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk

[2012.05.04 11:47:37 | 000,001,594 | ---- | M] () -- C:\Windows\VPNInstall.MIF

[2012.05.04 11:46:42 | 000,002,653 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

[2012.05.04 11:44:12 | 000,002,127 | ---- | M] () -- C:\Windows\epplauncher.mif

 
 ========== Files Created - No Company Name ==========

 

[2012.05.31 11:41:39 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.05.24 18:14:41 | 000,007,605 | ---- | C] () -- C:\Users\Falko Vehling\AppData\Local\Resmon.ResmonCfg

[2012.05.10 17:26:33 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk

[2012.05.04 12:12:30 | 000,001,299 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2011b.lnk

[2012.05.04 12:12:23 | 000,000,562 | ---- | C] () -- C:\Windows\tasks\MATLAB R2011b Startup Accelerator.job

[2012.05.04 11:46:42 | 000,002,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

[2012.05.04 11:46:35 | 000,001,594 | ---- | C] () -- C:\Windows\VPNInstall.MIF

[2012.01.12 21:52:02 | 000,001,060 | ---- | C] () -- C:\Windows\TVAfaDrv.ini

[2012.01.08 22:02:44 | 000,445,952 | ---- | C] () -- C:\Windows\afaunist.exe

[2012.01.06 19:43:14 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.11.29 06:21:32 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2010.11.29 06:21:30 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010.11.29 06:21:30 | 000,105,408 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

 
 ========== LOP Check ==========

 

[2012.04.22 11:06:57 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\Babylon

[2012.01.07 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\BSW

[2012.02.10 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\eType

[2012.05.25 20:08:22 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\ICQ

[2012.01.08 16:23:50 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\LibreOffice

[2012.01.10 18:39:02 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\OpenOffice.org

[2011.12.25 21:56:23 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\Opera

[2012.01.11 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\PwrMgr

[2011.12.28 22:34:09 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\Ubisoft

[2012.01.08 22:05:38 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\X-TENSIONS Multimedia

[2012.05.27 07:12:40 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Notepad++

[2012.03.01 16:39:38 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera

[2012.03.01 16:47:02 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\PwrMgr

[2012.06.01 15:54:44 | 000,000,562 | ---- | M] () -- C:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job

[2012.05.20 10:20:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.01.08 22:27:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe

[2012.02.01 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer

[2012.04.22 11:06:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon

[2012.01.07 16:51:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BSW

[2012.02.10 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eType

[2012.05.25 20:08:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ

[2011.12.25 16:27:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities

[2012.01.08 16:23:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice

[2011.12.25 23:14:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia

[2012.05.31 11:43:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012.05.04 12:13:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MathWorks

[2011.04.12 09:54:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs

[2012.05.04 12:12:20 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft

[2012.01.10 18:39:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2011.12.25 21:56:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera

[2012.01.11 17:38:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PwrMgr

[2011.12.28 22:34:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft

[2012.01.08 22:05:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\X-TENSIONS Multimedia

 
 < %APPDATA%\*.exe /s >

[2011.12.11 10:43:00 | 000,281,960 | ---- | M] (DSNR Labs) -- C:\Users\***\AppData\Roaming\eType\eTypeUninstall.exe

[2010.09.19 15:13:22 | 000,083,968 | ---- | M] () -- C:\Users\***\AppData\Roaming\eType\lzma.exe

[2012.01.09 16:57:12 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}\ARPPRODUCTICON.exe

[2012.01.09 16:57:14 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2010.01.27 00:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2011b\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

[/code]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 F0 41 D6 62 E6 CC 01  [binary data]

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&babsrc=SP_ss&mntrId=0ae7025600000000000000ff054384d5

IE - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb123/?search={searchTerms}&loc=IB_DS&a=6PQo0tVx9Q&i=26

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O4 - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000..\Run: [9txXqR9p2lPiFxH] C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe File not found

O4 - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000..\Run: [Center Agent] C:\Program Files (x86)\X-TENSIONS Multimedia\HyperMediaCenter\DTVR\Scheduled.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O20 - HKLM Winlogon: Shell - (C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe) -  File not found

O20 - HKLM Winlogon: UserInit - (C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe) -  File not found

O20 - HKU\S-1-5-21-2287375651-2092066529-4048752788-1000 Winlogon: Shell - (c:\users\falko vehling\appdata\roaming\diablo_iii.exe) -  File not found

[2012.04.22 11:06:57 | 000,000,000 | ---D | M] -- C:\Users\Falko Vehling\AppData\Roaming\Babylon

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Hier das Log nach dem OTL-Fix

Code:

 All processes killed

========== OTL ==========

HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKU\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2287375651-2092066529-4048752788-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2287375651-2092066529-4048752788-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.

C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.

HKEY_USERS\S-1-5-21-2287375651-2092066529-4048752788-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2287375651-2092066529-4048752788-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_USERS\S-1-5-21-2287375651-2092066529-4048752788-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-2287375651-2092066529-4048752788-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.

File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-2287375651-2092066529-4048752788-1000\Software\Microsoft\Windows\CurrentVersion\Run\\9txXqR9p2lPiFxH deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2287375651-2092066529-4048752788-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Center Agent deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\Falko Vehling\AppData\Roaming\Diablo_III.exe deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2287375651-2092066529-4048752788-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:c:\users\falko vehling\appdata\roaming\diablo_iii.exe deleted successfully.

C:\Users\Falko Vehling\AppData\Roaming\Babylon folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Falko Vehling

->Temp folder emptied: 645697455 bytes

->Temporary Internet Files folder emptied: 68609196 bytes

->Java cache emptied: 36928163 bytes

->Opera cache emptied: 4747080 bytes

->Flash cache emptied: 487 bytes

 

User: Gast

->Temp folder emptied: 56585 bytes

->Temporary Internet Files folder emptied: 462699 bytes

->Opera cache emptied: 3039516 bytes

->Flash cache emptied: 470 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 187393382 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes

RecycleBin emptied: 257255 bytes

 

Total Files Cleaned = 903,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default

 

User: Default User

 

User: Falko Vehling

->Flash cache emptied: 0 bytes

 

User: Gast

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.44.0 log created on 06022012_081933
 

Files\Folders moved on Reboot...

C:\Users\Falko Vehling\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hier das LOG vom TDSS-Killer;

Code:

 10:31:50.0449 3980        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

10:31:50.0605 3980        ============================================================

10:31:50.0605 3980        Current date / time: 2012/06/02 10:31:50.0605

10:31:50.0605 3980        SystemInfo:

10:31:50.0605 3980        

10:31:50.0605 3980        OS Version: 6.1.7601 ServicePack: 1.0

10:31:50.0605 3980        Product type: Workstation

10:31:50.0605 3980        ComputerName: FALKOVEHLING-PC

10:31:50.0605 3980        UserName: Falko Vehling

10:31:50.0605 3980        Windows directory: C:\Windows

10:31:50.0605 3980        System windows directory: C:\Windows

10:31:50.0605 3980        Running under WOW64

10:31:50.0605 3980        Processor architecture: Intel x64

10:31:50.0605 3980        Number of processors: 2

10:31:50.0605 3980        Page size: 0x1000

10:31:50.0605 3980        Boot type: Normal boot

10:31:50.0605 3980        ============================================================

10:31:51.0837 3980        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:31:51.0853 3980        ============================================================

10:31:51.0853 3980        \Device\Harddisk0\DR0:

10:31:51.0868 3980        MBR partitions:

10:31:51.0931 3980        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xEE8E800, BlocksNum 0x32000

10:31:51.0931 3980        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xEEC0800, BlocksNum 0x1656D800

10:31:51.0931 3980        ============================================================

10:31:51.0978 3980        C: <-> \Device\Harddisk0\DR0\Partition1

10:31:51.0978 3980        ============================================================

10:31:51.0978 3980        Initialize success

10:31:51.0978 3980        ============================================================

10:36:15.0015 2144        ============================================================

10:36:15.0015 2144        Scan started

10:36:15.0015 2144        Mode: Manual; SigCheck; TDLFS; 

10:36:15.0015 2144        ============================================================

10:36:15.0202 2144        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:36:15.0265 2144        1394ohci - ok

10:36:15.0280 2144        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:36:15.0296 2144        ACPI - ok

10:36:15.0311 2144        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:36:15.0327 2144        AcpiPmi - ok

10:36:15.0421 2144        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:36:15.0436 2144        AdobeARMservice - ok

10:36:15.0545 2144        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:36:15.0576 2144        AdobeFlashPlayerUpdateSvc - ok

10:36:15.0623 2144        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

10:36:15.0654 2144        adp94xx - ok

10:36:15.0685 2144        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

10:36:15.0701 2144        adpahci - ok

10:36:15.0716 2144        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

10:36:15.0716 2144        adpu320 - ok

10:36:15.0748 2144        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:36:15.0794 2144        AeLookupSvc - ok

10:36:15.0857 2144        AF15BDA         (75b4b4bb3e1f85bb5da633033a760be5) C:\Windows\system32\DRIVERS\AF15BDA.sys

10:36:15.0904 2144        AF15BDA - ok

10:36:15.0966 2144        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:36:16.0013 2144        AFD - ok

10:36:16.0044 2144        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:36:16.0060 2144        agp440 - ok

10:36:16.0075 2144        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:36:16.0091 2144        ALG - ok

10:36:16.0106 2144        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:36:16.0122 2144        aliide - ok

10:36:16.0138 2144        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:36:16.0138 2144        amdide - ok

10:36:16.0153 2144        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

10:36:16.0169 2144        AmdK8 - ok

10:36:16.0169 2144        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

10:36:16.0184 2144        AmdPPM - ok

10:36:16.0200 2144        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:36:16.0216 2144        amdsata - ok

10:36:16.0231 2144        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

10:36:16.0247 2144        amdsbs - ok

10:36:16.0262 2144        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:36:16.0278 2144        amdxata - ok

10:36:16.0294 2144        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:36:16.0340 2144        AppID - ok

10:36:16.0356 2144        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:36:16.0403 2144        AppIDSvc - ok

10:36:16.0418 2144        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:36:16.0465 2144        Appinfo - ok

10:36:16.0543 2144        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:36:16.0559 2144        Apple Mobile Device - ok

10:36:16.0606 2144        AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

10:36:16.0621 2144        AppMgmt - ok

10:36:16.0637 2144        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

10:36:16.0652 2144        arc - ok

10:36:16.0668 2144        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

10:36:16.0668 2144        arcsas - ok

10:36:16.0684 2144        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:36:16.0715 2144        AsyncMac - ok

10:36:16.0730 2144        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:36:16.0746 2144        atapi - ok

10:36:16.0777 2144        atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys

10:36:16.0886 2144        atksgt - ok

10:36:16.0933 2144        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:36:16.0996 2144        AudioEndpointBuilder - ok

10:36:16.0996 2144        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:36:17.0042 2144        AudioSrv - ok

10:36:17.0058 2144        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:36:17.0089 2144        AxInstSV - ok

10:36:17.0120 2144        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

10:36:17.0136 2144        b06bdrv - ok

10:36:17.0183 2144        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:36:17.0198 2144        b57nd60a - ok

10:36:17.0214 2144        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:36:17.0230 2144        BDESVC - ok

10:36:17.0245 2144        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:36:17.0292 2144        Beep - ok

10:36:17.0354 2144        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

10:36:17.0401 2144        BFE - ok

10:36:17.0464 2144        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

10:36:17.0526 2144        BITS - ok

10:36:17.0573 2144        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:36:17.0588 2144        blbdrive - ok

10:36:17.0698 2144        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

10:36:17.0729 2144        Bonjour Service - ok

10:36:17.0760 2144        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:36:17.0776 2144        bowser - ok

10:36:17.0776 2144        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

10:36:17.0791 2144        BrFiltLo - ok

10:36:17.0807 2144        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

10:36:17.0822 2144        BrFiltUp - ok

10:36:17.0854 2144        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:36:17.0900 2144        Browser - ok

10:36:17.0932 2144        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:36:17.0947 2144        Brserid - ok

10:36:17.0947 2144        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:36:17.0978 2144        BrSerWdm - ok

10:36:17.0978 2144        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:36:17.0994 2144        BrUsbMdm - ok

10:36:18.0010 2144        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:36:18.0010 2144        BrUsbSer - ok

10:36:18.0041 2144        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

10:36:18.0056 2144        BthEnum - ok

10:36:18.0072 2144        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

10:36:18.0103 2144        BTHMODEM - ok

10:36:18.0134 2144        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

10:36:18.0150 2144        BthPan - ok

10:36:18.0197 2144        BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

10:36:18.0228 2144        BTHPORT - ok

10:36:18.0244 2144        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:36:18.0290 2144        bthserv - ok

10:36:18.0290 2144        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

10:36:18.0306 2144        BTHUSB - ok

10:36:18.0337 2144        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:36:18.0384 2144        cdfs - ok

10:36:18.0400 2144        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

10:36:18.0415 2144        cdrom - ok

10:36:18.0431 2144        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:36:18.0478 2144        CertPropSvc - ok

10:36:18.0493 2144        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

10:36:18.0500 2144        circlass - ok

10:36:18.0531 2144        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:36:18.0547 2144        CLFS - ok

10:36:18.0625 2144        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:36:18.0656 2144        clr_optimization_v2.0.50727_32 - ok

10:36:18.0703 2144        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:36:18.0718 2144        clr_optimization_v2.0.50727_64 - ok

10:36:18.0781 2144        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:36:18.0796 2144        clr_optimization_v4.0.30319_32 - ok

10:36:18.0828 2144        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:36:18.0843 2144        clr_optimization_v4.0.30319_64 - ok

10:36:18.0859 2144        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:36:18.0874 2144        CmBatt - ok

10:36:18.0890 2144        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:36:18.0906 2144        cmdide - ok

10:36:18.0968 2144        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:36:18.0999 2144        CNG - ok

10:36:19.0015 2144        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:36:19.0030 2144        Compbatt - ok

10:36:19.0046 2144        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

10:36:19.0062 2144        CompositeBus - ok

10:36:19.0062 2144        COMSysApp - ok

10:36:19.0077 2144        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

10:36:19.0093 2144        crcdisk - ok

10:36:19.0124 2144        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

10:36:19.0171 2144        CryptSvc - ok

10:36:19.0233 2144        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

10:36:19.0264 2144        CSC - ok

10:36:19.0311 2144        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

10:36:19.0342 2144        CscService - ok

10:36:19.0389 2144        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys

10:36:19.0389 2144        CVirtA - ok

10:36:19.0576 2144        CVPND           (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

10:36:19.0623 2144        CVPND - ok

10:36:19.0764 2144        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys

10:36:19.0779 2144        CVPNDRVA - ok

10:36:19.0842 2144        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:36:19.0904 2144        DcomLaunch - ok

10:36:19.0935 2144        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

10:36:19.0982 2144        defragsvc - ok

10:36:20.0013 2144        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:36:20.0060 2144        DfsC - ok

10:36:20.0091 2144        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

10:36:20.0138 2144        Dhcp - ok

10:36:20.0154 2144        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:36:20.0185 2144        discache - ok

10:36:20.0200 2144        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

10:36:20.0216 2144        Disk - ok

10:36:20.0247 2144        dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

10:36:20.0263 2144        dmvsc - ok

10:36:20.0310 2144        DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys

10:36:20.0341 2144        DNE - ok

10:36:20.0372 2144        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

10:36:20.0403 2144        Dnscache - ok

10:36:20.0434 2144        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

10:36:20.0497 2144        dot3svc - ok

10:36:20.0512 2144        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

10:36:20.0544 2144        DPS - ok

10:36:20.0575 2144        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:36:20.0590 2144        drmkaud - ok

10:36:20.0653 2144        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:36:20.0684 2144        DXGKrnl - ok

10:36:20.0700 2144        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

10:36:20.0746 2144        EapHost - ok

10:36:20.0934 2144        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

10:36:20.0996 2144        ebdrv - ok

10:36:21.0105 2144        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

10:36:21.0136 2144        EFS - ok

10:36:21.0214 2144        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

10:36:21.0246 2144        ehRecvr - ok

10:36:21.0261 2144        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

10:36:21.0277 2144        ehSched - ok

10:36:21.0339 2144        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

10:36:21.0370 2144        elxstor - ok

10:36:21.0386 2144        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:36:21.0402 2144        ErrDev - ok

10:36:21.0448 2144        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

10:36:21.0507 2144        EventSystem - ok

10:36:21.0551 2144        ewusbnet        (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys

10:36:21.0566 2144        ewusbnet - ok

10:36:21.0582 2144        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:36:21.0629 2144        exfat - ok

10:36:21.0660 2144        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:36:21.0707 2144        fastfat - ok

10:36:21.0769 2144        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

10:36:21.0800 2144        Fax - ok

10:36:21.0800 2144        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

10:36:21.0816 2144        fdc - ok

10:36:21.0832 2144        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

10:36:21.0894 2144        fdPHost - ok

10:36:21.0910 2144        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

10:36:21.0956 2144        FDResPub - ok

10:36:21.0988 2144        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:36:22.0003 2144        FileInfo - ok

10:36:22.0003 2144        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:36:22.0050 2144        Filetrace - ok

10:36:22.0066 2144        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

10:36:22.0081 2144        flpydisk - ok

10:36:22.0112 2144        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:36:22.0128 2144        FltMgr - ok

10:36:22.0206 2144        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

10:36:22.0253 2144        FontCache - ok

10:36:22.0315 2144        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:36:22.0331 2144        FontCache3.0.0.0 - ok

10:36:22.0362 2144        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:36:22.0393 2144        FsDepends - ok

10:36:22.0424 2144        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

10:36:22.0440 2144        Fs_Rec - ok

10:36:22.0471 2144        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:36:22.0487 2144        fvevol - ok

10:36:22.0502 2144        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

10:36:22.0518 2144        gagp30kx - ok

10:36:22.0549 2144        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:36:22.0565 2144        GEARAspiWDM - ok

10:36:22.0627 2144        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

10:36:22.0674 2144        gpsvc - ok

10:36:22.0721 2144        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:36:22.0736 2144        gupdate - ok

10:36:22.0736 2144        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:36:22.0752 2144        gupdatem - ok

10:36:22.0783 2144        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:36:22.0783 2144        hcw85cir - ok

10:36:22.0830 2144        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

10:36:22.0861 2144        HdAudAddService - ok

10:36:22.0892 2144        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:36:22.0908 2144        HDAudBus - ok

10:36:22.0939 2144        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

10:36:22.0939 2144        HECIx64 - ok

10:36:22.0955 2144        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

10:36:22.0955 2144        HidBatt - ok

10:36:22.0970 2144        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

10:36:22.0986 2144        HidBth - ok

10:36:23.0002 2144        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

10:36:23.0017 2144        HidIr - ok

10:36:23.0033 2144        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

10:36:23.0080 2144        hidserv - ok

10:36:23.0111 2144        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:36:23.0126 2144        HidUsb - ok

10:36:23.0158 2144        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

10:36:23.0220 2144        hkmsvc - ok

10:36:23.0236 2144        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

10:36:23.0251 2144        HomeGroupListener - ok

10:36:23.0298 2144        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

10:36:23.0314 2144        HomeGroupProvider - ok

10:36:23.0329 2144        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:36:23.0345 2144        HpSAMD - ok

10:36:23.0407 2144        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:36:23.0454 2144        HTTP - ok

10:36:23.0501 2144        hwdatacard      (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys

10:36:23.0532 2144        hwdatacard - ok

10:36:23.0563 2144        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:36:23.0563 2144        hwpolicy - ok

10:36:23.0610 2144        hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys

10:36:23.0641 2144        hwusbdev - ok

10:36:23.0657 2144        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

10:36:23.0672 2144        i8042prt - ok

10:36:23.0719 2144        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:36:23.0750 2144        iaStorV - ok

10:36:23.0766 2144        IBMPMDRV        (2151176db657aeff9b873d23380c3f5b) C:\Windows\system32\DRIVERS\ibmpmdrv.sys

10:36:23.0766 2144        IBMPMDRV - ok

10:36:23.0797 2144        IBMPMSVC        (c76a67aed080538d420550c903696788) C:\Windows\system32\ibmpmsvc.exe

10:36:23.0797 2144        IBMPMSVC - ok

10:36:23.0875 2144        ICQ Service     (58bd7551b0445f3673d96ca380f21822) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe

10:36:23.0906 2144        ICQ Service - ok

10:36:24.0031 2144        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:36:24.0047 2144        idsvc - ok

10:36:24.0897 2144        igfx            (0ac9e321d604be48a0d72b69ba484bdc) C:\Windows\system32\DRIVERS\igdkmd64.sys

10:36:25.0053 2144        igfx - ok

10:36:25.0194 2144        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

10:36:25.0209 2144        iirsp - ok

10:36:25.0272 2144        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

10:36:25.0334 2144        IKEEXT - ok

10:36:25.0350 2144        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:36:25.0365 2144        intelide - ok

10:36:25.0365 2144        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:36:25.0397 2144        intelppm - ok

10:36:25.0412 2144        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

10:36:25.0459 2144        IPBusEnum - ok

10:36:25.0475 2144        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:36:25.0521 2144        IpFilterDriver - ok

10:36:25.0568 2144        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

10:36:25.0631 2144        iphlpsvc - ok

10:36:25.0646 2144        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:36:25.0662 2144        IPMIDRV - ok

10:36:25.0662 2144        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:36:25.0709 2144        IPNAT - ok

10:36:25.0802 2144        iPod Service    (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe

10:36:25.0849 2144        iPod Service - ok

10:36:25.0865 2144        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:36:25.0896 2144        IRENUM - ok

10:36:25.0911 2144        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:36:25.0911 2144        isapnp - ok

10:36:25.0943 2144        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:36:25.0958 2144        iScsiPrt - ok

10:36:25.0989 2144        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

10:36:25.0989 2144        kbdclass - ok

10:36:26.0021 2144        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:36:26.0021 2144        kbdhid - ok

10:36:26.0067 2144        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:36:26.0083 2144        KeyIso - ok

10:36:26.0099 2144        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:36:26.0114 2144        KSecDD - ok

10:36:26.0130 2144        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:36:26.0145 2144        KSecPkg - ok

10:36:26.0177 2144        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:36:26.0223 2144        ksthunk - ok

10:36:26.0270 2144        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

10:36:26.0317 2144        KtmRm - ok

10:36:26.0348 2144        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

10:36:26.0395 2144        LanmanServer - ok

10:36:26.0426 2144        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

10:36:26.0457 2144        LanmanWorkstation - ok

10:36:26.0535 2144        LENOVO.MICMUTE  (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

10:36:26.0567 2144        LENOVO.MICMUTE - ok

10:36:26.0567 2144        lenovo.smi      (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys

10:36:26.0582 2144        lenovo.smi - ok

10:36:26.0598 2144        Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

10:36:26.0613 2144        Lenovo.VIRTSCRLSVC - ok

10:36:26.0629 2144        lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys

10:36:26.0645 2144        lirsgt - ok

10:36:26.0645 2144        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:36:26.0691 2144        lltdio - ok

10:36:26.0738 2144        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

10:36:26.0801 2144        lltdsvc - ok

10:36:26.0816 2144        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

10:36:26.0847 2144        lmhosts - ok

10:36:26.0879 2144        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

10:36:26.0894 2144        LSI_FC - ok

10:36:26.0910 2144        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

10:36:26.0925 2144        LSI_SAS - ok

10:36:26.0925 2144        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

10:36:26.0941 2144        LSI_SAS2 - ok

10:36:26.0941 2144        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

10:36:26.0957 2144        LSI_SCSI - ok

10:36:26.0988 2144        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:36:27.0019 2144        luafv - ok

10:36:27.0050 2144        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

10:36:27.0050 2144        Mcx2Svc - ok

10:36:27.0066 2144        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

10:36:27.0066 2144        megasas - ok

10:36:27.0081 2144        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

10:36:27.0097 2144        MegaSR - ok

10:36:27.0128 2144        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:36:27.0159 2144        MMCSS - ok

10:36:27.0175 2144        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:36:27.0222 2144        Modem - ok

10:36:27.0237 2144        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:36:27.0253 2144        monitor - ok

10:36:27.0269 2144        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:36:27.0284 2144        mouclass - ok

10:36:27.0284 2144        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:36:27.0300 2144        mouhid - ok

10:36:27.0331 2144        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:36:27.0347 2144        mountmgr - ok

10:36:27.0393 2144        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

10:36:27.0409 2144        MpFilter - ok

10:36:27.0425 2144        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:36:27.0440 2144        mpio - ok

10:36:27.0456 2144        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:36:27.0512 2144        mpsdrv - ok

10:36:27.0573 2144        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

10:36:27.0666 2144        MpsSvc - ok

10:36:27.0666 2144        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:36:27.0697 2144        MRxDAV - ok

10:36:27.0729 2144        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:36:27.0744 2144        mrxsmb - ok

10:36:27.0791 2144        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:36:27.0822 2144        mrxsmb10 - ok

10:36:27.0838 2144        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:36:27.0853 2144        mrxsmb20 - ok

10:36:27.0885 2144        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:36:27.0900 2144        msahci - ok

10:36:27.0916 2144        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:36:27.0931 2144        msdsm - ok

10:36:27.0963 2144        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

10:36:27.0978 2144        MSDTC - ok

10:36:27.0994 2144        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:36:28.0056 2144        Msfs - ok

10:36:28.0056 2144        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:36:28.0103 2144        mshidkmdf - ok

10:36:28.0119 2144        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:36:28.0119 2144        msisadrv - ok

10:36:28.0165 2144        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

10:36:28.0243 2144        MSiSCSI - ok

10:36:28.0243 2144        msiserver - ok

10:36:28.0275 2144        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:36:28.0321 2144        MSKSSRV - ok

10:36:28.0384 2144        MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

10:36:28.0399 2144        MsMpSvc - ok

10:36:28.0399 2144        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:36:28.0462 2144        MSPCLOCK - ok

10:36:28.0477 2144        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:36:28.0509 2144        MSPQM - ok

10:36:28.0540 2144        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:36:28.0571 2144        MsRPC - ok

10:36:28.0587 2144        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

10:36:28.0587 2144        mssmbios - ok

10:36:28.0587 2144        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:36:28.0634 2144        MSTEE - ok

10:36:28.0634 2144        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

10:36:28.0649 2144        MTConfig - ok

10:36:28.0665 2144        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:36:28.0680 2144        Mup - ok

10:36:28.0727 2144        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

10:36:28.0805 2144        napagent - ok

10:36:28.0836 2144        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:36:28.0868 2144        NativeWifiP - ok

10:36:28.0946 2144        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:36:28.0977 2144        NDIS - ok

10:36:28.0992 2144        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:36:29.0039 2144        NdisCap - ok

10:36:29.0055 2144        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:36:29.0086 2144        NdisTapi - ok

10:36:29.0102 2144        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:36:29.0148 2144        Ndisuio - ok

10:36:29.0164 2144        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:36:29.0226 2144        NdisWan - ok

10:36:29.0242 2144        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:36:29.0289 2144        NDProxy - ok

10:36:29.0304 2144        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:36:29.0351 2144        NetBIOS - ok

10:36:29.0570 2144        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:36:29.0616 2144        NetBT - ok

10:36:29.0663 2144        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:36:29.0694 2144        Netlogon - ok

10:36:29.0741 2144        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

10:36:29.0788 2144        Netman - ok

10:36:29.0819 2144        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

10:36:29.0866 2144        netprofm - ok

10:36:29.0944 2144        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:36:29.0960 2144        NetTcpPortSharing - ok

10:36:29.0991 2144        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

10:36:29.0991 2144        nfrd960 - ok

10:36:30.0038 2144        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

10:36:30.0053 2144        NisDrv - ok

10:36:30.0131 2144        NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

10:36:30.0162 2144        NisSrv - ok

10:36:30.0209 2144        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

10:36:30.0287 2144        NlaSvc - ok

10:36:30.0303 2144        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:36:30.0350 2144        Npfs - ok

10:36:30.0365 2144        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

10:36:30.0412 2144        nsi - ok

10:36:30.0428 2144        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:36:30.0459 2144        nsiproxy - ok

10:36:30.0591 2144        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:36:30.0637 2144        Ntfs - ok

10:36:30.0747 2144        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:36:30.0793 2144        Null - ok

10:36:30.0825 2144        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:36:30.0840 2144        nvraid - ok

10:36:30.0856 2144        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:36:30.0871 2144        nvstor - ok

10:36:30.0903 2144        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:36:30.0903 2144        nv_agp - ok

10:36:30.0918 2144        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:36:30.0934 2144        ohci1394 - ok

10:36:31.0012 2144        OpenVPNService  (447d71ffcefad01d6787422a6286a182) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe

10:36:31.0012 2144        OpenVPNService ( UnsignedFile.Multi.Generic ) - warning

10:36:31.0012 2144        OpenVPNService - detected UnsignedFile.Multi.Generic (1)

10:36:31.0059 2144        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:36:31.0090 2144        p2pimsvc - ok

10:36:31.0121 2144        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

10:36:31.0137 2144        p2psvc - ok

10:36:31.0152 2144        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

10:36:31.0168 2144        Parport - ok

10:36:31.0215 2144        partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

10:36:31.0215 2144        partmgr - ok

10:36:31.0246 2144        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

10:36:31.0277 2144        PcaSvc - ok

10:36:31.0308 2144        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:36:31.0324 2144        pci - ok

10:36:31.0339 2144        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:36:31.0339 2144        pciide - ok

10:36:31.0371 2144        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

10:36:31.0386 2144        pcmcia - ok

10:36:31.0402 2144        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:36:31.0417 2144        pcw - ok

10:36:31.0464 2144        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:36:31.0527 2144        PEAUTH - ok

10:36:31.0605 2144        PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

10:36:31.0651 2144        PeerDistSvc - ok

10:36:31.0714 2144        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

10:36:31.0729 2144        PerfHost - ok

10:36:31.0885 2144        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

10:36:31.0979 2144        pla - ok

10:36:32.0026 2144        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

10:36:32.0057 2144        PlugPlay - ok

10:36:32.0073 2144        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

10:36:32.0088 2144        PNRPAutoReg - ok

10:36:32.0104 2144        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:36:32.0135 2144        PNRPsvc - ok

10:36:32.0182 2144        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

10:36:32.0244 2144        PolicyAgent - ok

10:36:32.0275 2144        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

10:36:32.0322 2144        Power - ok

10:36:32.0385 2144        Power Manager DBC Service (836fe79de8767d77136b6491a3d61089) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

10:36:32.0416 2144        Power Manager DBC Service - ok

10:36:32.0463 2144        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:36:32.0525 2144        PptpMiniport - ok

10:36:32.0541 2144        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

10:36:32.0556 2144        Processor - ok

10:36:32.0572 2144        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

10:36:32.0619 2144        ProfSvc - ok

10:36:32.0665 2144        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:36:32.0681 2144        ProtectedStorage - ok

10:36:32.0697 2144        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:36:32.0759 2144        Psched - ok

10:36:32.0806 2144        PwmEWSvc        (576444157f1cb25ae2057eed586d4889) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE

10:36:32.0806 2144        PwmEWSvc - ok

10:36:32.0915 2144        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

10:36:32.0962 2144        ql2300 - ok

10:36:33.0071 2144        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

10:36:33.0087 2144        ql40xx - ok

10:36:33.0118 2144        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

10:36:33.0149 2144        QWAVE - ok

10:36:33.0165 2144        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:36:33.0180 2144        QWAVEdrv - ok

10:36:33.0196 2144        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:36:33.0243 2144        RasAcd - ok

10:36:33.0274 2144        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:36:33.0305 2144        RasAgileVpn - ok

10:36:33.0321 2144        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

10:36:33.0383 2144        RasAuto - ok

10:36:33.0399 2144        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:36:33.0445 2144        Rasl2tp - ok

10:36:33.0497 2144        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

10:36:33.0552 2144        RasMan - ok

10:36:33.0570 2144        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:36:33.0608 2144        RasPppoe - ok

10:36:33.0623 2144        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:36:33.0686 2144        RasSstp - ok

10:36:33.0717 2144        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:36:33.0748 2144        rdbss - ok

10:36:33.0764 2144        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:36:33.0779 2144        rdpbus - ok

10:36:33.0795 2144        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:36:33.0826 2144        RDPCDD - ok

10:36:33.0857 2144        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

10:36:33.0873 2144        RDPDR - ok

10:36:33.0889 2144        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:36:33.0935 2144        RDPENCDD - ok

10:36:33.0951 2144        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:36:33.0982 2144        RDPREFMP - ok

10:36:34.0013 2144        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

10:36:34.0029 2144        RDPWD - ok

10:36:34.0060 2144        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:36:34.0076 2144        rdyboost - ok

10:36:34.0091 2144        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

10:36:34.0138 2144        RemoteAccess - ok

10:36:34.0185 2144        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

10:36:34.0232 2144        RemoteRegistry - ok

10:36:34.0342 2144        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

10:36:34.0389 2144        RFCOMM - ok

10:36:34.0407 2144        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

10:36:34.0447 2144        RpcEptMapper - ok

10:36:34.0469 2144        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

10:36:34.0482 2144        RpcLocator - ok

10:36:34.0524 2144        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:36:34.0577 2144        RpcSs - ok

10:36:34.0597 2144        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:36:34.0644 2144        rspndr - ok

10:36:34.0690 2144        RTL8167         (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys

10:36:34.0706 2144        RTL8167 - ok

10:36:34.0800 2144        RTL8192Ce       (fa088015155c4c6dab5d1d9e68eb9d6b) C:\Windows\system32\DRIVERS\rtl8192Ce.sys

10:36:34.0831 2144        RTL8192Ce - ok

10:36:34.0862 2144        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

10:36:34.0878 2144        s3cap - ok

10:36:34.0924 2144        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:36:34.0924 2144        SamSs - ok

10:36:34.0940 2144        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:36:34.0956 2144        sbp2port - ok

10:36:34.0987 2144        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

10:36:35.0034 2144        SCardSvr - ok

10:36:35.0065 2144        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:36:35.0096 2144        scfilter - ok

10:36:35.0174 2144        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

10:36:35.0236 2144        Schedule - ok

10:36:35.0268 2144        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:36:35.0299 2144        SCPolicySvc - ok

10:36:35.0314 2144        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

10:36:35.0330 2144        SDRSVC - ok

10:36:35.0361 2144        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:36:35.0408 2144        secdrv - ok

10:36:35.0424 2144        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

10:36:35.0470 2144        seclogon - ok

10:36:35.0486 2144        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

10:36:35.0533 2144        SENS - ok

10:36:35.0533 2144        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

10:36:35.0548 2144        SensrSvc - ok

10:36:35.0564 2144        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys

10:36:35.0580 2144        Serenum - ok

10:36:35.0611 2144        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys

10:36:35.0626 2144        Serial - ok

10:36:35.0642 2144        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

10:36:35.0658 2144        sermouse - ok

10:36:35.0673 2144        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

10:36:35.0720 2144        SessionEnv - ok

10:36:35.0720 2144        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:36:35.0736 2144        sffdisk - ok

10:36:35.0736 2144        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:36:35.0751 2144        sffp_mmc - ok

10:36:35.0751 2144        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:36:35.0782 2144        sffp_sd - ok

10:36:35.0798 2144        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

10:36:35.0798 2144        sfloppy - ok

10:36:35.0845 2144        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

10:36:35.0907 2144        SharedAccess - ok

10:36:35.0954 2144        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

10:36:36.0016 2144        ShellHWDetection - ok

10:36:36.0016 2144        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

10:36:36.0032 2144        SiSRaid2 - ok

10:36:36.0032 2144        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

10:36:36.0048 2144        SiSRaid4 - ok

10:36:36.0048 2144        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:36:36.0094 2144        Smb - ok

10:36:36.0110 2144        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

10:36:36.0126 2144        SNMPTRAP - ok

10:36:36.0141 2144        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:36:36.0141 2144        spldr - ok

10:36:36.0188 2144        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

10:36:36.0235 2144        Spooler - ok

10:36:36.0453 2144        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

10:36:36.0547 2144        sppsvc - ok

10:36:36.0634 2144        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

10:36:36.0697 2144        sppuinotify - ok

10:36:36.0743 2144        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:36:36.0775 2144        srv - ok

10:36:36.0806 2144        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:36:36.0837 2144        srv2 - ok

10:36:36.0868 2144        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:36:36.0884 2144        srvnet - ok

10:36:36.0899 2144        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

10:36:36.0946 2144        SSDPSRV - ok

10:36:36.0962 2144        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

10:36:36.0993 2144        SstpSvc - ok

10:36:37.0024 2144        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

10:36:37.0024 2144        stexstor - ok

10:36:37.0087 2144        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

10:36:37.0102 2144        stisvc - ok

10:36:37.0133 2144        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

10:36:37.0149 2144        storflt - ok

10:36:37.0165 2144        StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

10:36:37.0180 2144        StorSvc - ok

10:36:37.0196 2144        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

10:36:37.0211 2144        storvsc - ok

10:36:37.0227 2144        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

10:36:37.0243 2144        swenum - ok

10:36:37.0289 2144        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

10:36:37.0352 2144        swprv - ok

10:36:37.0399 2144        SynTP           (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys

10:36:37.0414 2144        SynTP - ok

10:36:37.0523 2144        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

10:36:37.0570 2144        SysMain - ok

10:36:37.0664 2144        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

10:36:37.0695 2144        TabletInputService - ok

10:36:37.0757 2144        tap0901         (3b73c849b41fb20d77b0e553214061a5) C:\Windows\system32\DRIVERS\tap0901.sys

10:36:37.0773 2144        tap0901 - ok

10:36:37.0804 2144        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

10:36:37.0867 2144        TapiSrv - ok

10:36:37.0882 2144        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

10:36:37.0929 2144        TBS - ok

10:36:38.0069 2144        Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

10:36:38.0132 2144        Tcpip - ok

10:36:38.0319 2144        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

10:36:38.0381 2144        TCPIP6 - ok

10:36:38.0444 2144        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:36:38.0506 2144        tcpipreg - ok

10:36:38.0522 2144        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:36:38.0522 2144        TDPIPE - ok

10:36:38.0553 2144        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

10:36:38.0569 2144        TDTCP - ok

10:36:38.0584 2144        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:36:38.0631 2144        tdx - ok

10:36:38.0631 2144        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

10:36:38.0647 2144        TermDD - ok

10:36:38.0709 2144        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

10:36:38.0771 2144        TermService - ok

10:36:38.0787 2144        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

10:36:38.0803 2144        Themes - ok

10:36:38.0896 2144        ThinkVantage Registry Monitor Service (9626746a9b120d2ed537dd8d76278405) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe

10:36:38.0927 2144        ThinkVantage Registry Monitor Service - ok

10:36:38.0959 2144        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:36:38.0990 2144        THREADORDER - ok

10:36:39.0037 2144        TPHKLOAD        (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

10:36:39.0052 2144        TPHKLOAD - ok

10:36:39.0068 2144        TPHKSVC         (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

10:36:39.0083 2144        TPHKSVC - ok

10:36:39.0130 2144        TPPWRIF         (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys

10:36:39.0146 2144        TPPWRIF - ok

10:36:39.0177 2144        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

10:36:39.0239 2144        TrkWks - ok

10:36:39.0286 2144        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

10:36:39.0333 2144        TrustedInstaller - ok

10:36:39.0364 2144        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:36:39.0395 2144        tssecsrv - ok

10:36:39.0411 2144        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:36:39.0427 2144        TsUsbFlt - ok

10:36:39.0427 2144        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

10:36:39.0442 2144        TsUsbGD - ok

10:36:39.0458 2144        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:36:39.0530 2144        tunnel - ok

10:36:39.0638 2144        TVT Scheduler   (e9ea448f1174be4052416b62263ea4ee) C:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe

10:36:39.0669 2144        TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning

10:36:39.0669 2144        TVT Scheduler - detected UnsignedFile.Multi.Generic (1)

10:36:39.0669 2144        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

10:36:39.0684 2144        uagp35 - ok

10:36:39.0716 2144        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:36:39.0747 2144        udfs - ok

10:36:39.0794 2144        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

10:36:39.0809 2144        UI0Detect - ok

10:36:39.0825 2144        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:36:39.0825 2144        uliagpkx - ok

10:36:39.0856 2144        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

10:36:39.0872 2144        umbus - ok

10:36:39.0872 2144        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

10:36:39.0887 2144        UmPass - ok

10:36:39.0918 2144        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

10:36:39.0934 2144        UmRdpService - ok

10:36:39.0965 2144        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

10:36:40.0012 2144        upnphost - ok

10:36:40.0043 2144        USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

10:36:40.0043 2144        USBAAPL64 - ok

10:36:40.0074 2144        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:36:40.0090 2144        usbccgp - ok

10:36:40.0090 2144        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:36:40.0106 2144        usbcir - ok

10:36:40.0121 2144        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:36:40.0137 2144        usbehci - ok

10:36:40.0168 2144        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:36:40.0184 2144        usbhub - ok

10:36:40.0184 2144        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

10:36:40.0215 2144        usbohci - ok

10:36:40.0230 2144        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

10:36:40.0262 2144        usbprint - ok

10:36:40.0277 2144        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:36:40.0293 2144        USBSTOR - ok

10:36:40.0308 2144        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

10:36:40.0324 2144        usbuhci - ok

10:36:40.0355 2144        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

10:36:40.0386 2144        usbvideo - ok

10:36:40.0402 2144        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

10:36:40.0464 2144        UxSms - ok

10:36:40.0496 2144        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:36:40.0527 2144        VaultSvc - ok

10:36:40.0558 2144        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:36:40.0574 2144        vdrvroot - ok

10:36:40.0605 2144        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

10:36:40.0667 2144        vds - ok

10:36:40.0683 2144        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:36:40.0698 2144        vga - ok

10:36:40.0698 2144        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:36:40.0745 2144        VgaSave - ok

10:36:40.0761 2144        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:36:40.0776 2144        vhdmp - ok

10:36:40.0792 2144        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:36:40.0792 2144        viaide - ok

10:36:40.0839 2144        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

10:36:40.0839 2144        vmbus - ok

10:36:40.0870 2144        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

10:36:40.0870 2144        VMBusHID - ok

10:36:40.0886 2144        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:36:40.0901 2144        volmgr - ok

10:36:40.0932 2144        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:36:40.0948 2144        volmgrx - ok

10:36:40.0979 2144        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:36:40.0995 2144        volsnap - ok

10:36:41.0010 2144        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

10:36:41.0026 2144        vsmraid - ok

10:36:41.0135 2144        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

10:36:41.0198 2144        VSS - ok

10:36:41.0307 2144        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

10:36:41.0338 2144        vwifibus - ok

10:36:41.0354 2144        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

10:36:41.0385 2144        vwififlt - ok

10:36:41.0416 2144        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

10:36:41.0463 2144        W32Time - ok

10:36:41.0494 2144        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

10:36:41.0510 2144        WacomPen - ok

10:36:41.0525 2144        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:36:41.0588 2144        WANARP - ok

10:36:41.0588 2144        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:36:41.0619 2144        Wanarpv6 - ok

10:36:41.0738 2144        WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

10:36:41.0778 2144        WatAdminSvc - ok

10:36:41.0883 2144        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

10:36:41.0924 2144        wbengine - ok

10:36:42.0017 2144        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

10:36:42.0033 2144        WbioSrvc - ok

10:36:42.0064 2144        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

10:36:42.0095 2144        wcncsvc - ok

10:36:42.0111 2144        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

10:36:42.0111 2144        WcsPlugInService - ok

10:36:42.0158 2144        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

10:36:42.0173 2144        Wd - ok

10:36:42.0220 2144        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:36:42.0236 2144        Wdf01000 - ok

10:36:42.0267 2144        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:36:42.0283 2144        WdiServiceHost - ok

10:36:42.0298 2144        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:36:42.0314 2144        WdiSystemHost - ok

10:36:42.0345 2144        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

10:36:42.0361 2144        WebClient - ok

10:36:42.0392 2144        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

10:36:42.0454 2144        Wecsvc - ok

10:36:42.0470 2144        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

10:36:42.0519 2144        wercplsupport - ok

10:36:42.0534 2144        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

10:36:42.0579 2144        WerSvc - ok

10:36:42.0627 2144        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:36:42.0667 2144        WfpLwf - ok

10:36:42.0698 2144        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:36:42.0698 2144        WIMMount - ok

10:36:42.0729 2144        WinDefend - ok

10:36:42.0745 2144        WinHttpAutoProxySvc - ok

10:36:42.0807 2144        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

10:36:42.0869 2144        Winmgmt - ok

10:36:43.0010 2144        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

10:36:43.0072 2144        WinRM - ok

10:36:43.0197 2144        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

10:36:43.0244 2144        Wlansvc - ok

10:36:43.0275 2144        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

10:36:43.0306 2144        WmiAcpi - ok

10:36:43.0369 2144        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

10:36:43.0400 2144        wmiApSrv - ok

10:36:43.0431 2144        WMPNetworkSvc - ok

10:36:43.0447 2144        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

10:36:43.0462 2144        WPCSvc - ok

10:36:43.0478 2144        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

10:36:43.0493 2144        WPDBusEnum - ok

10:36:43.0509 2144        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:36:43.0556 2144        ws2ifsl - ok

10:36:43.0587 2144        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

10:36:43.0603 2144        wscsvc - ok

10:36:43.0603 2144        WSearch - ok

10:36:43.0759 2144        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

10:36:43.0821 2144        wuauserv - ok

10:36:43.0930 2144        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:36:43.0993 2144        WudfPf - ok

10:36:44.0008 2144        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:36:44.0039 2144        WUDFRd - ok

10:36:44.0071 2144        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

10:36:44.0117 2144        wudfsvc - ok

10:36:44.0133 2144        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

10:36:44.0149 2144        WwanSvc - ok

10:36:44.0195 2144        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:36:45.0303 2144        \Device\Harddisk0\DR0 - ok

10:36:45.0397 2144        Boot (0x1200)   (e92cf70d94d1ac0fef0412d1b620090d) \Device\Harddisk0\DR0\Partition0

10:36:45.0397 2144        \Device\Harddisk0\DR0\Partition0 - ok

10:36:45.0412 2144        Boot (0x1200)   (d16caab34d4ef09c188366fff287efd5) \Device\Harddisk0\DR0\Partition1

10:36:45.0412 2144        \Device\Harddisk0\DR0\Partition1 - ok

10:36:45.0412 2144        ============================================================

10:36:45.0412 2144        Scan finished

10:36:45.0412 2144        ============================================================

10:36:45.0428 0732        Detected object count: 2

10:36:45.0428 0732        Actual detected object count: 2

10:38:45.0953 0732        OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user

10:38:45.0953 0732        OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:38:45.0953 0732        TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user

10:38:45.0953 0732        TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier das LOG von ComboFix:

Code:

ComboFix 12-06-01.02 - Falko Vehling 02.06.2012  11:14:45.1.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3893.2663 [GMT 2:00]

ausgeführt von:: c:\users\Falko Vehling\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk

c:\users\Falko Vehling\51.pdf

c:\users\Falko Vehling\AppData\Local\TempDIR

c:\users\Falko Vehling\AppData\Local\TempDIR\BetterInstaller.exe

c:\users\Falko Vehling\daemon333.exe

c:\users\Falko Vehling\iTunesSetup.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-02 bis 2012-06-02  ))))))))))))))))))))))))))))))

.

.

2012-06-01 13:08 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AD2AB58-5226-4997-B858-3A41C086253F}\mpengine.dll

2012-05-31 15:39 . 2012-05-08 17:02        8955792        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-31 14:10 . 2012-05-31 14:10        --------        d-----w-        c:\program files (x86)\ESET

2012-05-31 12:54 . 2012-05-31 07:43        --------        d-----w-        C:\_OTL

2012-05-31 09:43 . 2012-05-31 09:43        --------        d-----w-        c:\users\Falko Vehling\AppData\Roaming\Malwarebytes

2012-05-31 09:41 . 2012-05-31 09:41        --------        d-----w-        c:\programdata\Malwarebytes

2012-05-31 09:41 . 2012-05-31 09:41        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-31 09:41 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-05-31 07:32 . 2012-05-31 07:32        163048        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-27 05:12 . 2012-05-27 05:12        --------        d-----w-        c:\users\Gast\AppData\Roaming\Notepad++

2012-05-24 10:21 . 2012-05-24 10:21        --------        d-----w-        c:\program files\Microsoft Silverlight

2012-05-24 10:21 . 2012-05-24 10:21        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight

2012-05-12 20:27 . 2012-03-31 06:05        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-05-12 20:27 . 2012-03-31 03:10        3146240        ----a-w-        c:\windows\system32\win32k.sys

2012-05-12 20:27 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2012-05-12 20:27 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2012-05-12 20:27 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll

2012-05-12 20:27 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll

2012-05-11 09:10 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys

2012-05-11 08:48 . 2012-03-30 11:35        1918320        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-05-11 08:46 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL

2012-05-11 08:46 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 08:46 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll

2012-05-11 08:46 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll

2012-05-11 08:46 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 15:26 . 2010-05-11 17:06        29696        ----a-w-        c:\windows\system32\drivers\ewdcsc.sys

2012-05-10 15:26 . 2010-05-11 17:06        246224        ----a-w-        c:\windows\system32\drivers\ewusbnet.sys

2012-05-10 15:26 . 2010-05-11 17:06        117504        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys

2012-05-10 15:26 . 2010-05-11 17:06        114304        ----a-w-        c:\windows\system32\drivers\ewusbdev.sys

2012-05-10 15:26 . 2012-05-10 15:26        --------        d-----w-        c:\program files (x86)\Mobile Partner

2012-05-04 10:13 . 2012-05-04 10:13        --------        d-----w-        c:\users\Falko Vehling\AppData\Roaming\MathWorks

2012-05-04 10:04 . 2012-05-04 10:04        --------        d-----w-        c:\program files\MATLAB

2012-05-04 09:46 . 2012-05-04 09:46        --------        d-----w-        c:\program files\Common Files\Deterministic Networks

2012-05-04 09:46 . 2012-05-04 09:46        --------        d-----w-        c:\program files (x86)\Cisco Systems

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-13 06:58 . 2012-03-30 12:23        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-13 06:58 . 2011-12-25 21:13        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-13 06:58 . 2012-03-30 12:58        8744608        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-05-12 20:39 . 2012-01-15 18:00        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-05-12 20:28 . 2012-01-15 18:00        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-05-12 20:28 . 2012-01-12 19:38        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-04-16 06:19 . 2012-01-12 19:38        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-04-16 06:19 . 2012-01-12 19:38        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-04-10 12:55 . 2012-03-09 20:03        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-03-20 18:44 . 2011-04-27 14:25        98688        ----a-w-        c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-20 18:44 . 2011-04-18 12:18        203888        ----a-w-        c:\windows\system32\drivers\MpFilter.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"TVT Scheduler Proxy"="c:\program files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-10-04 1631296]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\users\Falko Vehling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 257696]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 136176]

R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-10-04 89152]

R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-10-04 175168]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]

S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]

S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]

S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 54573634

*Deregistered* - 54573634

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 06:58]

.

2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 22:11]

.

2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07 22:11]

.

2012-06-02 c:\windows\Tasks\MATLAB R2011b Startup Accelerator.job

- c:\program files\MATLAB\R2011b\bin\win64\MATLABStartupAccelerator.exe [2012-05-04 14:34]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-11-29 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-11-29 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-11-29 417304]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe

TCP: DhcpNameServer = 10.0.0.1

TCP: Interfaces\{2EAB66AD-276D-418F-8E08-137EC3E96BA7}: NameServer = 193.189.244.225 193.189.244.206

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-06-02  11:20:42

ComboFix-quarantined-files.txt  2012-06-02 09:20

.

Vor Suchlauf: 12 Verzeichnis(se), 36.038.369.280 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 35.392.012.288 Bytes frei

.

- - End Of File - - E5DB12CBC984D9C91570EBAE59E46734

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hier das LOG vom aswMBR;

Code:

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-06-03 15:06:04

-----------------------------

15:06:04.692    OS Version: Windows x64 6.1.7601 Service Pack 1

15:06:04.692    Number of processors: 2 586 0x2505

15:06:04.695    ComputerName: ***-PC  UserName: ***

15:06:05.350    Initialize success

15:08:21.650    AVAST engine defs: 12060200

15:08:41.435    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

15:08:41.440    Disk 0 Vendor: TOSHIBA_MK3261GSY MC102E Size: 305245MB BusType: 11

15:08:41.465    Disk 0 MBR read successfully

15:08:41.470    Disk 0 MBR scan

15:08:41.477    Disk 0 Windows 7 default MBR code

15:08:41.487    Disk 0 Partition 1 00     83        Linux             19141 MB offset 2048

15:08:41.497    Disk 0 Partition - 00     05     Extended            102997 MB offset 39204862

15:08:41.520    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 250144768

15:08:41.540    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       183003 MB offset 250349568

15:08:41.562    Disk 0 Partition 4 00     83        Linux             95367 MB offset 39204864

15:08:41.572    Disk 0 Partition - 00     05     Extended              7630 MB offset 234516870

15:08:41.625    Disk 0 scanning C:\Windows\system32\drivers

15:08:49.404    Service scanning

15:09:11.169    Modules scanning

15:09:11.189    Disk 0 trace - called modules:

15:09:11.231    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

15:09:11.241    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b51060]

15:09:11.251    3 CLASSPNP.SYS[fffff880019ae43f] -> nt!IofCallDriver -> [0xfffffa800498e520]

15:09:11.260    5 ACPI.sys[fffff88000f3f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800498b680]

15:09:12.010    AVAST engine scan C:\Windows

15:09:14.175    AVAST engine scan C:\Windows\system32

15:11:24.895    AVAST engine scan C:\Windows\system32\drivers

15:11:33.760    AVAST engine scan C:\Users\***

15:14:44.477    AVAST engine scan C:\ProgramData

15:15:04.518    Scan finished successfully

15:16:18.809    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"

15:16:18.814    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

zuerst das Log von Malwarebytes:

Code:

 Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.02.05
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

*** :: ***-PC [Administrator]
 

03.06.2012 17:00:01

mbam-log-2012-06-03 (17-27-57).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 395956

Laufzeit: 27 Minute(n), 32 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Qoobox\Quarantine\C\Users\***\AppData\Local\TempDIR\BetterInstaller.exe.vir (PUP.BundleInstaller.Somoto) -> Keine Aktion durchgeführt.
 

(Ende)

Das LOG von SASW:

Code:

 SUPERAntiSpyware Scann-Protokoll

hxxp://www.superantispyware.com
 

Generiert 06/03/2012 bei 05:58 PM
 

Version der Applikation : 5.0.1150
 

Version der Kern-Datenbank : 8675

Version der Spur-Datenbank : 6487
 

Scan Art       : kompletter Scann

Totale Scann-Zeit : 00:29:03
 

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Gescannte Speicherelemente  : 566

Erfasste Speicher-Bedrohungen  : 0

Gescannte Register-Elemente  : 64605

Erfasste Register-Bedrohungen  : 0

Gescannte Datei-Elemente     : 84342

Erfasste Datei-Elemente   : 0

Nur ein Überrest in der Q von Combofix.
Rechner wieder in Ordnung oder gibts noch Probleme?

Computer läuft wieder einwandfrei, habe noch zwei Trojaner in der Quarantäne von Microsoft Security Essentials, die sollte ich wohl löschen oder ?

Überleg doch mal was eine Quarantäne ist. Ob da die schädliche Datei drinbleibt oder nicht, das hat keine Auswirkungen. Schädlinge in der Quarantäne können nichts mehr anrichten, sie sind dort isoliert. Du solltest grundsätzlich mit der Quarantäne arbeiten, denn falls der Virenscanner durch einen Fehlalarm was wichtiges löscht, kannst Du notfalls noch über die Quarantäne an die Datei ran.

Erstmal ein großes Dankeschön an dich. :dankeschoen:
Ist Online-banking auf diesem System wieder sicher?

Da ich dummerweise vergessen habe meinen Benutzernamen zu versternen, würde ich mich darüber freuen, wenn man und/oder ich nachträglich den Namen versternen könnte oder das Thema irgendwann gelöscht wird, wenn es nicht mehr von Interesse ist.

Gruß Falko

Naja, Onlinebanking ist immer so eine Sache. Auf eigenes Risiko.
Wenn du dem aus dem Weg gehen willst, machst du das mit einem Linux. Parallel installiert oder per Live-CD wie zB Bankix