Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/ATRAPS.Gen und TR/ATRAPS.Gen2 (https://www.trojaner-board.de/119606-tr-atraps-gen-tr-atraps-gen2.html)

wenjin 16.07.2012 07:38
TR/ATRAPS.Gen und TR/ATRAPS.Gen2
 
Hallo,

Avira zeigt mir die o.g. beiden Trojaner im Verzeichnis C:/Windows/Installer/{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\80000000.@ an. Ein Verschieben in Quarantäne oder Löschen bringt, wie erwartet, nichts. Ich habe mich an dieser Anleitung von Chris4You orientiert und einen Scan mit OTL gemacht (inkl. Minimale Ausgabe und. Heraus kam folgendes:

OTL.txt:
Code:
OTL logfile created on: 16.07.2012 08:24:53 - Run 2
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\username\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,97% Memory free
15,77 Gb Paging File | 13,98 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 61,26 Gb Free Space | 61,26% Space Free | Partition Type: NTFS
Drive D: | 348,67 Gb Total Space | 336,25 Gb Free Space | 96,44% Space Free | Partition Type: NTFS
Drive Q: | 15,62 Gb Total Space | 5,11 Gb Free Space | 32,68% Space Free | Partition Type: NTFS
 
Computer Name: username-THINK | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\username\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - D:\BACKUP\THUNDERBIRD\PROFILE\9jw7bddz.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (jhi_service) Intel(R) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 11:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.18 20:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 11:45:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.14 17:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions
[2012.07.09 08:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions
[2012.06.10 17:19:41 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012.06.08 10:31:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.15 10:06:08 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2012.06.10 17:26:36 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\rikaichan-jpde@polarcloud.com
[2012.05.11 07:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.09 08:32:35 | 000,028,993 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPM9XJXR.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
[2012.05.19 08:55:53 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPM9XJXR.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.06.25 11:45:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.25 11:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 11:45:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 11:45:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 11:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 11:45:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 11:45:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA55A89-71BB-43F3-8157-DAEDA2C7B1FA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0072BB-ADBE-4809-A9B3-1F3EC8E1389E}: DhcpNameServer = 172.168.111.2
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{42599f76-7a11-11e1-a739-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{42599f76-7a11-11e1-a739-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 23:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.16 07:53:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe
[2012.07.12 11:45:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 11:45:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 11:45:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 11:45:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 11:45:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 11:45:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 11:45:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 11:45:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 11:45:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 11:45:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 11:45:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 11:45:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 11:45:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 11:43:38 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.12 11:43:37 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.12 11:43:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 11:43:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 11:43:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.08 10:01:56 | 000,000,000 | ---D | C] -- C:\Users\username\.thumbnails
[2012.07.08 10:00:12 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\fontconfig
[2012.07.08 10:00:09 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\gegl-0.2
[2012.07.08 10:00:09 | 000,000,000 | ---D | C] -- C:\Users\username\.gimp-2.8
[2012.07.08 09:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.07.08 08:32:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.06 17:17:18 | 000,000,000 | ---D | C] -- C:\InterbankFX_1-Click
[2012.07.06 11:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.07.06 11:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2012.06.30 13:58:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.30 13:58:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.30 13:57:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.30 13:57:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.06.30 13:57:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.06.28 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Google
[2012.06.28 15:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.06.21 20:23:42 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 20:23:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 20:23:41 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 20:23:37 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 20:23:37 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 20:23:37 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 20:23:31 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 20:23:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.19 12:58:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.19 12:58:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.19 12:58:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.19 12:58:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.19 12:58:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.19 12:58:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.16 08:02:46 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 08:02:46 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 07:59:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.16 07:59:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.16 07:59:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.16 07:59:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.16 07:59:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.16 07:57:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.16 07:57:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.16 07:55:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 07:55:08 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 07:53:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe
[2012.07.16 07:50:55 | 000,000,000 | ---- | M] () -- C:\Users\username\defogger_reenable
[2012.07.16 07:50:27 | 000,050,477 | ---- | M] () -- C:\Users\username\Desktop\Defogger.exe
[2012.07.13 07:54:54 | 000,005,849 | ---- | M] () -- C:\Users\username\AppData\Local\recently-used.xbel
[2012.07.12 19:38:37 | 000,321,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 07:46:31 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.07.06 17:17:24 | 000,001,554 | ---- | M] () -- C:\Users\username\Desktop\Interbank FX Trader 4.lnk
[2012.07.06 11:09:27 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.06.25 17:29:47 | 000,001,413 | ---- | M] () -- C:\Users\username\Desktop\Free YouTube to MP3 Converter.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.16 08:25:20 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\80000000.@
[2012.07.16 08:16:47 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\800000cb.@
[2012.07.16 07:50:55 | 000,000,000 | ---- | C] () -- C:\Users\username\defogger_reenable
[2012.07.16 07:50:26 | 000,050,477 | ---- | C] () -- C:\Users\username\Desktop\Defogger.exe
[2012.07.13 09:56:29 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\00000001.@
[2012.07.13 07:54:54 | 000,005,849 | ---- | C] () -- C:\Users\username\AppData\Local\recently-used.xbel
[2012.07.12 07:46:31 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.07.08 09:57:17 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.07.06 11:09:27 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.03.30 14:34:08 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@
[2012.03.30 14:34:08 | 000,002,048 | -HS- | C] () -- C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@
[2012.03.30 14:18:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.03.30 04:54:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.30 04:54:02 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.30 04:54:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

< End of report >
Extras.txt:
Code:
OTL Extras logfile created on: 16.07.2012 08:24:53 - Run 2
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\username\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,97% Memory free
15,77 Gb Paging File | 13,98 Gb Available in Paging File | 88,65% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 61,26 Gb Free Space | 61,26% Space Free | Partition Type: NTFS
Drive D: | 348,67 Gb Total Space | 336,25 Gb Free Space | 96,44% Space Free | Partition Type: NTFS
Drive Q: | 15,62 Gb Total Space | 5,11 Gb Free Space | 32,68% Space Free | Partition Type: NTFS
 
Computer Name: username-THINK | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.71
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows-Treiberpaket - Intel USB  (12/21/2010 9.2.0.1021)
"43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows-Treiberpaket - Intel System  (11/20/2010 9.2.0.1016)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
"8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"GIMP-2_is1" = GIMP 2.8.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"KaloMa_is1" = KaloMa 4.93
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless
"Winamp" = Winamp
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.07.2012 01:22:02 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 02.07.2012 04:38:07 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 02.07.2012 04:38:55 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashUtil32_11_3_300_257_Plugin.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82130  Name des fehlerhaften Moduls: fpb.tmp,
 Version: 11.3.300.257, Zeitstempel: 0x4fc81fa5  Ausnahmecode: 0x40000015  Fehleroffset:
 0x0001224e  ID des fehlerhaften Prozesses: 0xe40  Startzeit der fehlerhaften Anwendung:
 0x01cd582e1b06e54f  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe
Pfad
 des fehlerhaften Moduls: C:\Users\username\AppData\Local\Temp\{DB818F7F-26A7-4DDC-AB39-BED7A53CA9BB}\fpb.tmp
Berichtskennung:
 5b5776fd-c421-11e1-b273-f0def1dce4ed
 
Error - 02.07.2012 04:45:49 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 13.0.1.4548,
 Zeitstempel: 0x4fda86dd  Name des fehlerhaften Moduls: xul.dll, Version: 13.0.1.4548,
 Zeitstempel: 0x4fda862b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x008e7d5e  ID des fehlerhaften
 Prozesses: 0x1390  Startzeit der fehlerhaften Anwendung: 0x01cd582e213f5de6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Thunderbird\xul.dll  Berichtskennung:
 52126acc-c422-11e1-b273-f0def1dce4ed
 
Error - 02.07.2012 04:52:30 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d4a67  ID des fehlerhaften Prozesses: 0x1424  Startzeit der fehlerhaften Anwendung:
 0x01cd5830025a7f98  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 415e98d8-c423-11e1-b273-f0def1dce4ed
 
Error - 02.07.2012 05:55:30 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Lenovo
 Solution Center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.07.2012 05:57:33 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\lenovo
 solution center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.07.2012 14:34:02 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 05.07.2012 01:20:51 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 05.07.2012 05:07:13 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 14.04.2012 09:38:57 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 14.04.2012 15:45:33 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 15.04.2012 02:50:46 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 15.04.2012 06:52:45 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
[ System Events ]
Error - 16.04.2012 14:08:18 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description =
 
Error - 16.04.2012 14:08:48 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description =
 
Error - 16.04.2012 14:09:18 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description =
 
Error - 16.04.2012 14:09:48 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description =
 
Error - 19.05.2012 14:14:16 | Computer Name = username-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.05.2012 14:14:18 | Computer Name = username-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 11.06.2012 07:07:36 | Computer Name = username-THINK | Source = DCOM | ID = 10010
Description =
 
Error - 11.06.2012 07:09:20 | Computer Name = username-THINK | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
 
Error - 11.06.2012 07:12:28 | Computer Name = username-THINK | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 18.06.2012 14:00:11 | Computer Name = username-THINK | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?06.?2012 um 19:58:15 unerwartet heruntergefahren.
 
 
< End of report >
Hier noch der TDSS-Report:

Code:
08:41:33.0562 5776        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
08:41:33.0862 5776        ============================================================
08:41:33.0872 5776        Current date / time: 2012/07/16 08:41:33.0862
08:41:33.0872 5776        SystemInfo:
08:41:33.0872 5776       
08:41:33.0872 5776        OS Version: 6.1.7601 ServicePack: 1.0
08:41:33.0872 5776        Product type: Workstation
08:41:33.0872 5776        ComputerName: username-THINK
08:41:33.0872 5776        UserName: username
08:41:33.0872 5776        Windows directory: C:\Windows
08:41:33.0872 5776        System windows directory: C:\Windows
08:41:33.0872 5776        Running under WOW64
08:41:33.0872 5776        Processor architecture: Intel x64
08:41:33.0872 5776        Number of processors: 8
08:41:33.0872 5776        Page size: 0x1000
08:41:33.0872 5776        Boot type: Normal boot
08:41:33.0872 5776        ============================================================
08:41:34.0672 5776        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:41:34.0682 5776        Drive \Device\Harddisk1\DR2 - Size: 0x3D780000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:41:34.0682 5776        ============================================================
08:41:34.0682 5776        \Device\Harddisk0\DR0:
08:41:34.0682 5776        MBR partitions:
08:41:34.0682 5776        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
08:41:34.0682 5776        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xC800000
08:41:34.0702 5776        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCAEF000, BlocksNum 0x2B956800
08:41:34.0702 5776        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38445800, BlocksNum 0x1F40000
08:41:34.0702 5776        \Device\Harddisk1\DR2:
08:41:34.0702 5776        MBR partitions:
08:41:34.0702 5776        \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x1EBBE0
08:41:34.0702 5776        ============================================================
08:41:34.0732 5776        C: <-> \Device\Harddisk0\DR0\Partition1
08:41:34.0782 5776        Q: <-> \Device\Harddisk0\DR0\Partition3
08:41:34.0812 5776        D: <-> \Device\Harddisk0\DR0\Partition2
08:41:34.0812 5776        ============================================================
08:41:34.0812 5776        Initialize success
08:41:34.0812 5776        ============================================================
08:42:03.0002 6008        ============================================================
08:42:03.0002 6008        Scan started
08:42:03.0002 6008        Mode: Manual; SigCheck; TDLFS;
08:42:03.0002 6008        ============================================================
08:42:03.0682 6008        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
08:42:03.0822 6008        1394ohci - ok
08:42:03.0882 6008        5U877          (f4af97702bad85bfef64b9a557f11b6f) C:\Windows\system32\DRIVERS\5U877.sys
08:42:03.0932 6008        5U877 - ok
08:42:03.0992 6008        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:42:04.0032 6008        ACPI - ok
08:42:04.0062 6008        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:42:04.0112 6008        AcpiPmi - ok
08:42:04.0182 6008        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:42:04.0232 6008        adp94xx - ok
08:42:04.0312 6008        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:42:04.0352 6008        adpahci - ok
08:42:04.0382 6008        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:42:04.0412 6008        adpu320 - ok
08:42:04.0452 6008        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:42:04.0542 6008        AeLookupSvc - ok
08:42:04.0602 6008        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:42:04.0662 6008        AFD - ok
08:42:04.0692 6008        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:42:04.0722 6008        agp440 - ok
08:42:04.0762 6008        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:42:04.0792 6008        ALG - ok
08:42:04.0822 6008        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:42:04.0842 6008        aliide - ok
08:42:04.0862 6008        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:42:04.0892 6008        amdide - ok
08:42:04.0912 6008        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:42:04.0942 6008        AmdK8 - ok
08:42:04.0962 6008        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:42:05.0002 6008        AmdPPM - ok
08:42:05.0042 6008        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:42:05.0072 6008        amdsata - ok
08:42:05.0102 6008        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:42:05.0132 6008        amdsbs - ok
08:42:05.0152 6008        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:42:05.0172 6008        amdxata - ok
08:42:05.0262 6008        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:42:05.0292 6008        AntiVirSchedulerService - ok
08:42:05.0342 6008        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:42:05.0362 6008        AntiVirService - ok
08:42:05.0402 6008        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:42:05.0492 6008        AppID - ok
08:42:05.0512 6008        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:42:05.0592 6008        AppIDSvc - ok
08:42:05.0612 6008        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:42:05.0692 6008        Appinfo - ok
08:42:05.0732 6008        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:42:05.0772 6008        AppMgmt - ok
08:42:05.0842 6008        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:42:05.0862 6008        arc - ok
08:42:05.0902 6008        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:42:05.0932 6008        arcsas - ok
08:42:05.0962 6008        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:42:06.0052 6008        AsyncMac - ok
08:42:06.0102 6008        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:42:06.0122 6008        atapi - ok
08:42:06.0222 6008        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:42:06.0332 6008        AudioEndpointBuilder - ok
08:42:06.0342 6008        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:42:06.0452 6008        AudioSrv - ok
08:42:06.0492 6008        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
08:42:06.0532 6008        avgntflt - ok
08:42:06.0562 6008        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
08:42:06.0592 6008        avipbb - ok
08:42:06.0622 6008        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:42:06.0652 6008        avkmgr - ok
08:42:06.0692 6008        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:42:06.0742 6008        AxInstSV - ok
08:42:06.0812 6008        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:42:06.0852 6008        b06bdrv - ok
08:42:06.0912 6008        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:42:06.0952 6008        b57nd60a - ok
08:42:06.0982 6008        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:42:07.0022 6008        BDESVC - ok
08:42:07.0032 6008        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:42:07.0132 6008        Beep - ok
08:42:07.0232 6008        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:42:07.0362 6008        BITS - ok
08:42:07.0402 6008        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:42:07.0442 6008        blbdrive - ok
08:42:07.0482 6008        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:42:07.0522 6008        bowser - ok
08:42:07.0552 6008        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:42:07.0602 6008        BrFiltLo - ok
08:42:07.0612 6008        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:42:07.0642 6008        BrFiltUp - ok
08:42:07.0672 6008        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:42:07.0772 6008        Browser - ok
08:42:07.0812 6008        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:42:07.0862 6008        Brserid - ok
08:42:07.0882 6008        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:42:07.0922 6008        BrSerWdm - ok
08:42:07.0942 6008        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:42:07.0992 6008        BrUsbMdm - ok
08:42:08.0012 6008        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:42:08.0052 6008        BrUsbSer - ok
08:42:08.0082 6008        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
08:42:08.0122 6008        BthEnum - ok
08:42:08.0152 6008        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:42:08.0202 6008        BTHMODEM - ok
08:42:08.0242 6008        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:42:08.0292 6008        BthPan - ok
08:42:08.0352 6008        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
08:42:08.0392 6008        BTHPORT - ok
08:42:08.0442 6008        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:42:08.0532 6008        bthserv - ok
08:42:08.0542 6008        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
08:42:08.0582 6008        BTHUSB - ok
08:42:08.0662 6008        BTWAMPFL        (8834f87a6a745872894df8223201a6c3) C:\Windows\system32\DRIVERS\btwampfl.sys
08:42:08.0702 6008        BTWAMPFL - ok
08:42:08.0722 6008        btwaudio        (9863d82ecbec6106d377ed73680d99d8) C:\Windows\system32\drivers\btwaudio.sys
08:42:08.0752 6008        btwaudio - ok
08:42:08.0782 6008        btwavdt        (3432dd66ae75ab2de6d0527ad78dbfc7) C:\Windows\system32\drivers\btwavdt.sys
08:42:08.0812 6008        btwavdt - ok
08:42:08.0942 6008        btwdins        (eb4afe08fb39bb444f221d7d501e0915) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
08:42:09.0002 6008        btwdins - ok
08:42:09.0032 6008        btwl2cap        (382dc5a631ced0462ea09b7eb898bdbf) C:\Windows\system32\DRIVERS\btwl2cap.sys
08:42:09.0052 6008        btwl2cap - ok
08:42:09.0062 6008        btwrchid        (13a9c2cedd44c175e6ca39a536795ca6) C:\Windows\system32\DRIVERS\btwrchid.sys
08:42:09.0082 6008        btwrchid - ok
08:42:09.0122 6008        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:42:09.0222 6008        cdfs - ok
08:42:09.0272 6008        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:42:09.0312 6008        cdrom - ok
08:42:09.0352 6008        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:42:09.0442 6008        CertPropSvc - ok
08:42:09.0472 6008        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:42:09.0512 6008        circlass - ok
08:42:09.0582 6008        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:42:09.0622 6008        CLFS - ok
08:42:09.0682 6008        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:42:09.0712 6008        clr_optimization_v2.0.50727_32 - ok
08:42:09.0742 6008        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:42:09.0772 6008        clr_optimization_v2.0.50727_64 - ok
08:42:09.0842 6008        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:42:09.0862 6008        clr_optimization_v4.0.30319_32 - ok
08:42:09.0902 6008        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:42:09.0922 6008        clr_optimization_v4.0.30319_64 - ok
08:42:09.0952 6008        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:42:09.0992 6008        CmBatt - ok
08:42:10.0002 6008        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:42:10.0032 6008        cmdide - ok
08:42:10.0092 6008        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
08:42:10.0162 6008        CNG - ok
08:42:10.0352 6008        CnxtHdAudService (8de541b4cfa281a204baa3ea2109809e) C:\Windows\system32\drivers\CHDRT64.sys
08:42:10.0432 6008        CnxtHdAudService - ok
08:42:10.0572 6008        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:42:10.0592 6008        Compbatt - ok
08:42:10.0622 6008        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:42:10.0672 6008        CompositeBus - ok
08:42:10.0682 6008        COMSysApp - ok
08:42:10.0702 6008        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:42:10.0722 6008        crcdisk - ok
08:42:10.0772 6008        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:42:10.0812 6008        CryptSvc - ok
08:42:10.0872 6008        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:42:10.0932 6008        CSC - ok
08:42:11.0022 6008        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:42:11.0082 6008        CscService - ok
08:42:11.0132 6008        CxAudMsg        (9d0d050170d47e778b624a28c90f23de) C:\Windows\system32\CxAudMsg64.exe
08:42:11.0152 6008        CxAudMsg - ok
08:42:11.0232 6008        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:42:11.0352 6008        DcomLaunch - ok
08:42:11.0402 6008        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:42:11.0512 6008        defragsvc - ok
08:42:11.0572 6008        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:42:11.0662 6008        DfsC - ok
08:42:11.0732 6008        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:42:11.0832 6008        Dhcp - ok
08:42:11.0852 6008        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:42:11.0952 6008        discache - ok
08:42:11.0992 6008        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:42:12.0012 6008        Disk - ok
08:42:12.0032 6008        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
08:42:12.0062 6008        dmvsc - ok
08:42:12.0112 6008        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:42:12.0162 6008        Dnscache - ok
08:42:12.0212 6008        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:42:12.0312 6008        dot3svc - ok
08:42:12.0412 6008        DozeSvc        (277247b79da2230d0c3aeb83e6cd8ca7) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
08:42:12.0452 6008        DozeSvc - ok
08:42:12.0492 6008        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:42:12.0592 6008        DPS - ok
08:42:12.0622 6008        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:42:12.0662 6008        drmkaud - ok
08:42:12.0762 6008        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:42:12.0832 6008        DXGKrnl - ok
08:42:12.0862 6008        DzHDD64        (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
08:42:12.0882 6008        DzHDD64 - ok
08:42:12.0942 6008        e1cexpress      (dc1776d086aa9733b1929a3d979d9fdd) C:\Windows\system32\DRIVERS\e1c62x64.sys
08:42:12.0972 6008        e1cexpress - ok
08:42:13.0012 6008        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:42:13.0112 6008        EapHost - ok
08:42:13.0442 6008        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:42:13.0582 6008        ebdrv - ok
08:42:13.0712 6008        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:42:13.0762 6008        EFS - ok
08:42:13.0852 6008        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:42:13.0902 6008        elxstor - ok
08:42:13.0912 6008        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:42:13.0952 6008        ErrDev - ok
08:42:14.0032 6008        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:42:14.0142 6008        EventSystem - ok
08:42:14.0342 6008        EvtEng          (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:42:14.0422 6008        EvtEng - ok
08:42:14.0572 6008        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:42:14.0672 6008        exfat - ok
08:42:14.0712 6008        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:42:14.0812 6008        fastfat - ok
08:42:14.0902 6008        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:42:14.0962 6008        Fax - ok
08:42:14.0982 6008        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:42:15.0022 6008        fdc - ok
08:42:15.0052 6008        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:42:15.0142 6008        fdPHost - ok
08:42:15.0152 6008        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:42:15.0242 6008        FDResPub - ok
08:42:15.0282 6008        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:42:15.0302 6008        FileInfo - ok
08:42:15.0322 6008        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:42:15.0412 6008        Filetrace - ok
08:42:15.0432 6008        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:42:15.0462 6008        flpydisk - ok
08:42:15.0502 6008        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:42:15.0542 6008        FltMgr - ok
08:42:15.0642 6008        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:42:15.0722 6008        FontCache - ok
08:42:15.0782 6008        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:42:15.0802 6008        FontCache3.0.0.0 - ok
08:42:15.0852 6008        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:42:15.0872 6008        FsDepends - ok
08:42:15.0902 6008        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:42:15.0922 6008        Fs_Rec - ok
08:42:15.0962 6008        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:42:16.0002 6008        fvevol - ok
08:42:16.0062 6008        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:42:16.0082 6008        gagp30kx - ok
08:42:16.0182 6008        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:42:16.0282 6008        gpsvc - ok
08:42:16.0312 6008        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:42:16.0342 6008        hcw85cir - ok
08:42:16.0412 6008        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:42:16.0472 6008        HdAudAddService - ok
08:42:16.0502 6008        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:42:16.0552 6008        HDAudBus - ok
08:42:16.0562 6008        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:42:16.0602 6008        HidBatt - ok
08:42:16.0642 6008        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:42:16.0682 6008        HidBth - ok
08:42:16.0702 6008        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:42:16.0742 6008        HidIr - ok
08:42:16.0762 6008        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:42:16.0862 6008        hidserv - ok
08:42:16.0912 6008        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:42:16.0932 6008        HidUsb - ok
08:42:16.0962 6008        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:42:17.0062 6008        hkmsvc - ok
08:42:17.0102 6008        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:42:17.0142 6008        HomeGroupListener - ok
08:42:17.0172 6008        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:42:17.0222 6008        HomeGroupProvider - ok
08:42:17.0252 6008        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:42:17.0282 6008        HpSAMD - ok
08:42:17.0382 6008        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:42:17.0492 6008        HTTP - ok
08:42:17.0512 6008        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:42:17.0542 6008        hwpolicy - ok
08:42:17.0642 6008        HyperW7Svc      (e935c8099f9196bf19224d9ee4808612) C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
08:42:17.0662 6008        HyperW7Svc - ok
08:42:17.0712 6008        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
08:42:17.0742 6008        i8042prt - ok
08:42:17.0812 6008        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
08:42:17.0852 6008        iaStor - ok
08:42:17.0912 6008        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:42:17.0952 6008        iaStorV - ok
08:42:17.0972 6008        IBMPMDRV        (29ed470689b7c597a9701d6a4c57a578) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
08:42:17.0992 6008        IBMPMDRV - ok
08:42:18.0012 6008        IBMPMSVC        (bc7af43eec24e995d770ec92a441d5d8) C:\Windows\system32\ibmpmsvc.exe
08:42:18.0032 6008        IBMPMSVC - ok
08:42:18.0162 6008        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:42:18.0212 6008        idsvc - ok
08:42:19.0182 6008        igfx            (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:42:19.0772 6008        igfx - ok
08:42:19.0902 6008        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:42:19.0932 6008        iirsp - ok
08:42:20.0022 6008        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:42:20.0142 6008        IKEEXT - ok
08:42:20.0172 6008        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:42:20.0192 6008        intelide - ok
08:42:20.0222 6008        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:42:20.0262 6008        intelppm - ok
08:42:20.0302 6008        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:42:20.0392 6008        IPBusEnum - ok
08:42:20.0412 6008        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:42:20.0512 6008        IpFilterDriver - ok
08:42:20.0532 6008        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:42:20.0562 6008        IPMIDRV - ok
08:42:20.0602 6008        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:42:20.0702 6008        IPNAT - ok
08:42:20.0732 6008        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:42:20.0782 6008        IRENUM - ok
08:42:20.0802 6008        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:42:20.0832 6008        isapnp - ok
08:42:20.0872 6008        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:42:20.0902 6008        iScsiPrt - ok
08:42:21.0012 6008        jhi_service    (6c85719a21b3f62c2c76280f4bd36c7b) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
08:42:21.0042 6008        jhi_service - ok
08:42:21.0072 6008        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:42:21.0102 6008        kbdclass - ok
08:42:21.0142 6008        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:42:21.0172 6008        kbdhid - ok
08:42:21.0202 6008        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:21.0232 6008        KeyIso - ok
08:42:21.0272 6008        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
08:42:21.0292 6008        KSecDD - ok
08:42:21.0322 6008        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
08:42:21.0352 6008        KSecPkg - ok
08:42:21.0372 6008        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:42:21.0462 6008        ksthunk - ok
08:42:21.0542 6008        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:42:21.0642 6008        KtmRm - ok
08:42:21.0692 6008        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:42:21.0792 6008        LanmanServer - ok
08:42:21.0832 6008        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:42:21.0932 6008        LanmanWorkstation - ok
08:42:22.0042 6008        LENOVO.MICMUTE  (340288b3b2edc8afd5ff127df85142a7) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
08:42:22.0062 6008        LENOVO.MICMUTE - ok
08:42:22.0082 6008        lenovo.smi      (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
08:42:22.0102 6008        lenovo.smi - ok
08:42:22.0152 6008        Lenovo.VIRTSCRLSVC (f7de50781dc4d162c1005eb30d98f931) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
08:42:22.0172 6008        Lenovo.VIRTSCRLSVC - ok
08:42:22.0202 6008        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:42:22.0302 6008        lltdio - ok
08:42:22.0362 6008        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:42:22.0472 6008        lltdsvc - ok
08:42:22.0492 6008        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:42:22.0592 6008        lmhosts - ok
08:42:22.0672 6008        LMS            (97f9eaac985a663394cd8f54dcd3e73a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:42:22.0702 6008        LMS - ok
08:42:22.0732 6008        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:42:22.0762 6008        LSI_FC - ok
08:42:22.0792 6008        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:42:22.0822 6008        LSI_SAS - ok
08:42:22.0842 6008        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:42:22.0872 6008        LSI_SAS2 - ok
08:42:22.0892 6008        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:42:22.0922 6008        LSI_SCSI - ok
08:42:22.0952 6008        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:42:23.0052 6008        luafv - ok
08:42:23.0072 6008        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:42:23.0092 6008        megasas - ok
08:42:23.0152 6008        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:42:23.0182 6008        MegaSR - ok
08:42:23.0212 6008        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:42:23.0232 6008        MEIx64 - ok
08:42:23.0272 6008        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:42:23.0372 6008        MMCSS - ok
08:42:23.0382 6008        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:42:23.0482 6008        Modem - ok
08:42:23.0512 6008        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:42:23.0552 6008        monitor - ok
08:42:23.0592 6008        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:42:23.0612 6008        mouclass - ok
08:42:23.0642 6008        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:42:23.0682 6008        mouhid - ok
08:42:23.0702 6008        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:42:23.0732 6008        mountmgr - ok
08:42:23.0802 6008        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:42:23.0822 6008        MozillaMaintenance - ok
08:42:23.0862 6008        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:42:23.0882 6008        mpio - ok
08:42:23.0902 6008        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:42:23.0992 6008        mpsdrv - ok
08:42:24.0022 6008        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:42:24.0072 6008        MRxDAV - ok
08:42:24.0112 6008        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:42:24.0152 6008        mrxsmb - ok
08:42:24.0192 6008        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:42:24.0232 6008        mrxsmb10 - ok
08:42:24.0272 6008        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:42:24.0303 6008        mrxsmb20 - ok
08:42:24.0332 6008        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:42:24.0352 6008        msahci - ok
08:42:24.0392 6008        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:42:24.0422 6008        msdsm - ok
08:42:24.0452 6008        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:42:24.0502 6008        MSDTC - ok
08:42:24.0564 6008        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:42:24.0666 6008        Msfs - ok
08:42:24.0686 6008        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:42:24.0776 6008        mshidkmdf - ok
08:42:24.0806 6008        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:42:24.0836 6008        msisadrv - ok
08:42:24.0878 6008        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:42:24.0978 6008        MSiSCSI - ok
08:42:24.0978 6008        msiserver - ok
08:42:25.0030 6008        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:42:25.0120 6008        MSKSSRV - ok
08:42:25.0140 6008        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:42:25.0242 6008        MSPCLOCK - ok
08:42:25.0282 6008        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:42:25.0362 6008        MSPQM - ok
08:42:25.0412 6008        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:42:25.0452 6008        MsRPC - ok
08:42:25.0472 6008        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:42:25.0502 6008        mssmbios - ok
08:42:25.0522 6008        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:42:25.0622 6008        MSTEE - ok
08:42:25.0652 6008        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:42:25.0682 6008        MTConfig - ok
08:42:25.0702 6008        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:42:25.0732 6008        Mup - ok
08:42:25.0792 6008        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:42:25.0902 6008        napagent - ok
08:42:25.0972 6008        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:42:26.0022 6008        NativeWifiP - ok
08:42:26.0142 6008        NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
08:42:26.0212 6008        NDIS - ok
08:42:26.0242 6008        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:42:26.0342 6008        NdisCap - ok
08:42:26.0362 6008        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:42:26.0452 6008        NdisTapi - ok
08:42:26.0472 6008        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:42:26.0572 6008        Ndisuio - ok
08:42:26.0602 6008        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:42:26.0692 6008        NdisWan - ok
08:42:26.0722 6008        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:42:26.0812 6008        NDProxy - ok
08:42:26.0832 6008        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:42:26.0932 6008        NetBIOS - ok
08:42:26.0982 6008        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:42:27.0072 6008        NetBT - ok
08:42:27.0102 6008        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:27.0132 6008        Netlogon - ok
08:42:27.0192 6008        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:42:27.0292 6008        Netman - ok
08:42:27.0342 6008        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:42:27.0452 6008        netprofm - ok
08:42:27.0502 6008        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:42:27.0542 6008        NetTcpPortSharing - ok
08:42:28.0252 6008        NETwNs64        (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
08:42:28.0612 6008        NETwNs64 - ok
08:42:28.0772 6008        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:42:28.0792 6008        nfrd960 - ok
08:42:28.0852 6008        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:42:28.0962 6008        NlaSvc - ok
08:42:28.0982 6008        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:42:29.0072 6008        Npfs - ok
08:42:29.0082 6008        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:42:29.0182 6008        nsi - ok
08:42:29.0202 6008        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:42:29.0292 6008        nsiproxy - ok
08:42:29.0482 6008        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:42:29.0582 6008        Ntfs - ok
08:42:29.0702 6008        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:42:29.0802 6008        Null - ok
08:42:29.0842 6008        nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:42:29.0872 6008        nusb3hub - ok
08:42:29.0902 6008        nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:42:29.0942 6008        nusb3xhc - ok
08:42:31.0132 6008        nvlddmkm        (e2c13f0bc48bbf7fec12aee77f3d3e26) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:42:31.0672 6008        nvlddmkm - ok
08:42:31.0812 6008        nvpciflt        (2e6c975ae61742dc8a31b9e260d8af1d) C:\Windows\system32\DRIVERS\nvpciflt.sys
08:42:31.0822 6008        nvpciflt - ok
08:42:31.0872 6008        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:42:31.0902 6008        nvraid - ok
08:42:31.0942 6008        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:42:31.0972 6008        nvstor - ok
08:42:32.0072 6008        NVSvc          (ade4d6e9335f1746016d3533f177c694) C:\Windows\system32\nvvsvc.exe
08:42:32.0132 6008        NVSvc - ok
08:42:32.0392 6008        nvUpdatusService (e9200f89ea2885b9b8151aa9d7b480eb) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
08:42:32.0492 6008        nvUpdatusService - ok
08:42:32.0642 6008        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:42:32.0672 6008        nv_agp - ok
08:42:32.0682 6008        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:42:32.0722 6008        ohci1394 - ok
08:42:32.0782 6008        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:42:32.0822 6008        p2pimsvc - ok
08:42:32.0882 6008        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:42:32.0922 6008        p2psvc - ok
08:42:32.0952 6008        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:42:32.0982 6008        Parport - ok
08:42:33.0012 6008        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:42:33.0042 6008        partmgr - ok
08:42:33.0082 6008        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:42:33.0142 6008        PcaSvc - ok
08:42:33.0182 6008        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:42:33.0212 6008        pci - ok
08:42:33.0222 6008        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:42:33.0242 6008        pciide - ok
08:42:33.0282 6008        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:42:33.0322 6008        pcmcia - ok
08:42:33.0332 6008        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:42:33.0362 6008        pcw - ok
08:42:33.0432 6008        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:42:33.0542 6008        PEAUTH - ok
08:42:33.0692 6008        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:42:33.0772 6008        PeerDistSvc - ok
08:42:33.0862 6008        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:42:33.0892 6008        PerfHost - ok
08:42:33.0972 6008        PHCORE          (52c9f4359af4a25969b882aecc6f3bda) C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
08:42:33.0992 6008        PHCORE - ok
08:42:34.0182 6008        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:42:34.0322 6008        pla - ok
08:42:34.0492 6008        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:42:34.0542 6008        PlugPlay - ok
08:42:34.0572 6008        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:42:34.0602 6008        PNRPAutoReg - ok
08:42:34.0632 6008        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:42:34.0672 6008        PNRPsvc - ok
08:42:34.0722 6008        Point64        (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
08:42:34.0742 6008        Point64 - ok
08:42:34.0812 6008        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:42:34.0922 6008        PolicyAgent - ok
08:42:34.0962 6008        Power          (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
08:42:35.0012 6008        Power - ok
08:42:35.0072 6008        Power Manager DBC Service (4cadd52e1669693937360c7ed680365b) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
08:42:35.0092 6008        Power Manager DBC Service - ok
08:42:35.0132 6008        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:42:35.0232 6008        PptpMiniport - ok
08:42:35.0242 6008        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:42:35.0282 6008        Processor - ok
08:42:35.0322 6008        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:42:35.0362 6008        ProfSvc - ok
08:42:35.0382 6008        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:35.0412 6008        ProtectedStorage - ok
08:42:35.0452 6008        psadd          (05a4779e4994b21473edbe85aabe8030) C:\Windows\system32\DRIVERS\psadd.sys
08:42:35.0462 6008        psadd - ok
08:42:35.0512 6008        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:42:35.0602 6008        Psched - ok
08:42:35.0652 6008        PSI_SVC_2      (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
08:42:35.0682 6008        PSI_SVC_2 - ok
08:42:35.0722 6008        PwmEWSvc        (71399b176de1caefd5ad4287abb9e8a3) C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
08:42:35.0752 6008        PwmEWSvc - ok
08:42:35.0922 6008        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:42:36.0012 6008        ql2300 - ok
08:42:36.0162 6008        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:42:36.0192 6008        ql40xx - ok
08:42:36.0242 6008        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:42:36.0282 6008        QWAVE - ok
08:42:36.0312 6008        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:42:36.0362 6008        QWAVEdrv - ok
08:42:36.0372 6008        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:42:36.0462 6008        RasAcd - ok
08:42:36.0492 6008        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:42:36.0582 6008        RasAgileVpn - ok
08:42:36.0612 6008        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:42:36.0712 6008        RasAuto - ok
08:42:36.0752 6008        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:42:36.0832 6008        Rasl2tp - ok
08:42:36.0902 6008        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:42:37.0002 6008        RasMan - ok
08:42:37.0032 6008        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:42:37.0122 6008        RasPppoe - ok
08:42:37.0152 6008        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:42:37.0252 6008        RasSstp - ok
08:42:37.0292 6008        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:42:37.0392 6008        rdbss - ok
08:42:37.0422 6008        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:42:37.0462 6008        rdpbus - ok
08:42:37.0482 6008        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:42:37.0582 6008        RDPCDD - ok
08:42:37.0622 6008        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:42:37.0652 6008        RDPDR - ok
08:42:37.0662 6008        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:42:37.0752 6008        RDPENCDD - ok
08:42:37.0772 6008        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:42:37.0862 6008        RDPREFMP - ok
08:42:37.0912 6008        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:42:37.0942 6008        RDPWD - ok
08:42:37.0982 6008        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:42:38.0012 6008        rdyboost - ok
08:42:38.0162 6008        RegSrvc        (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:42:38.0212 6008        RegSrvc - ok
08:42:38.0252 6008        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:42:38.0352 6008        RemoteAccess - ok
08:42:38.0392 6008        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:42:38.0492 6008        RemoteRegistry - ok
08:42:38.0572 6008        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:42:38.0622 6008        RFCOMM - ok
08:42:38.0662 6008        risdxc          (5a227511ed22ddfedf7ef7323c8f7d2f) C:\Windows\system32\DRIVERS\risdxc64.sys
08:42:38.0692 6008        risdxc - ok
08:42:38.0712 6008        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:42:38.0812 6008        RpcEptMapper - ok
08:42:38.0832 6008        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:42:38.0872 6008        RpcLocator - ok
08:42:38.0952 6008        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:42:39.0052 6008        RpcSs - ok
08:42:39.0082 6008        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:42:39.0172 6008        rspndr - ok
08:42:39.0192 6008        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:42:39.0232 6008        s3cap - ok
08:42:39.0252 6008        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:39.0282 6008        SamSs - ok
08:42:39.0282 6008        SAService - ok
08:42:39.0312 6008        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:42:39.0342 6008        sbp2port - ok
08:42:39.0372 6008        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:42:39.0472 6008        SCardSvr - ok
08:42:39.0502 6008        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:42:39.0602 6008        scfilter - ok
08:42:39.0722 6008        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:42:39.0852 6008        Schedule - ok
08:42:39.0882 6008        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:42:39.0972 6008        SCPolicySvc - ok
08:42:40.0002 6008        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:42:40.0042 6008        SDRSVC - ok
08:42:40.0092 6008        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:42:40.0192 6008        secdrv - ok
08:42:40.0222 6008        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:42:40.0302 6008        seclogon - ok
08:42:40.0332 6008        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:42:40.0432 6008        SENS - ok
08:42:40.0452 6008        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:42:40.0492 6008        SensrSvc - ok
08:42:40.0512 6008        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:42:40.0552 6008        Serenum - ok
08:42:40.0582 6008        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:42:40.0612 6008        Serial - ok
08:42:40.0642 6008        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:42:40.0672 6008        sermouse - ok
08:42:40.0722 6008        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:42:40.0812 6008        SessionEnv - ok
08:42:40.0842 6008        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:42:40.0872 6008        sffdisk - ok
08:42:40.0892 6008        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:42:40.0932 6008        sffp_mmc - ok
08:42:40.0942 6008        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:42:40.0982 6008        sffp_sd - ok
08:42:41.0002 6008        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:42:41.0032 6008        sfloppy - ok
08:42:41.0092 6008        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:42:41.0192 6008        ShellHWDetection - ok
08:42:41.0232 6008        Shockprf        (e2fc046d4edabfe3b5ef7da06406277d) C:\Windows\system32\DRIVERS\Apsx64.sys
08:42:41.0252 6008        Shockprf - ok
08:42:41.0282 6008        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:42:41.0312 6008        SiSRaid2 - ok
08:42:41.0332 6008        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:42:41.0352 6008        SiSRaid4 - ok
08:42:41.0392 6008        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:42:41.0482 6008        Smb - ok
08:42:41.0532 6008        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:42:41.0572 6008        SNMPTRAP - ok
08:42:41.0602 6008        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:42:41.0632 6008        spldr - ok
08:42:41.0702 6008        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:42:41.0802 6008        Spooler - ok
08:42:42.0082 6008        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:42:42.0292 6008        sppsvc - ok
08:42:42.0422 6008        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:42:42.0512 6008        sppuinotify - ok
08:42:42.0582 6008        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:42:42.0632 6008        srv - ok
08:42:42.0692 6008        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:42:42.0742 6008        srv2 - ok
08:42:42.0772 6008        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:42:42.0802 6008        srvnet - ok
08:42:42.0842 6008        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:42:42.0942 6008        SSDPSRV - ok
08:42:42.0952 6008        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:42:43.0042 6008        SstpSvc - ok
08:42:43.0142 6008        Stereo Service  (9f16ddf670705ecae9169e6e3130e50b) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:42:43.0172 6008        Stereo Service - ok
08:42:43.0202 6008        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:42:43.0222 6008        stexstor - ok
08:42:43.0322 6008        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:42:43.0382 6008        stisvc - ok
08:42:43.0432 6008        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
08:42:43.0452 6008        storflt - ok
08:42:43.0482 6008        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:42:43.0512 6008        StorSvc - ok
08:42:43.0542 6008        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:42:43.0562 6008        storvsc - ok
08:42:43.0632 6008        SUService      (59b5a060a31bd4bab030c4fcd1048292) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
08:42:43.0652 6008        SUService - ok
08:42:43.0672 6008        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:42:43.0692 6008        swenum - ok
08:42:43.0772 6008        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:42:43.0882 6008        swprv - ok
08:42:44.0052 6008        SynTP          (ffdd13b42d4b106ac9fafbb0e1f7faa5) C:\Windows\system32\DRIVERS\SynTP.sys
08:42:44.0132 6008        SynTP - ok
08:42:44.0412 6008        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:42:44.0522 6008        SysMain - ok
08:42:44.0642 6008        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:42:44.0692 6008        TabletInputService - ok
08:42:44.0732 6008        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:42:44.0822 6008        TapiSrv - ok
08:42:44.0842 6008        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:42:44.0942 6008        TBS - ok
08:42:45.0172 6008        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:42:45.0272 6008        Tcpip - ok
08:42:45.0562 6008        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:42:45.0662 6008        TCPIP6 - ok
08:42:45.0792 6008        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:42:45.0892 6008        tcpipreg - ok
08:42:45.0912 6008        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:42:45.0942 6008        TDPIPE - ok
08:42:45.0972 6008        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:42:45.0992 6008        TDTCP - ok
08:42:46.0032 6008        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:42:46.0132 6008        tdx - ok
08:42:46.0152 6008        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
08:42:46.0182 6008        TermDD - ok
08:42:46.0272 6008        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:42:46.0382 6008        TermService - ok
08:42:46.0402 6008        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:42:46.0442 6008        Themes - ok
08:42:46.0472 6008        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:42:46.0562 6008        THREADORDER - ok
08:42:46.0592 6008        TPDIGIMN        (55b7fe3e1d3b616bdc4e9ea48d92d6e6) C:\Windows\system32\DRIVERS\ApsHM64.sys
08:42:46.0602 6008        TPDIGIMN - ok
08:42:46.0632 6008        TPHDEXLGSVC    (f0684c62ed8fd3061cd488ecfc851022) C:\Windows\system32\TPHDEXLG64.exe
08:42:46.0652 6008        TPHDEXLGSVC - ok
08:42:46.0732 6008        TPHKLOAD        (83415782d47f8064fcafea308abb2246) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
08:42:46.0762 6008        TPHKLOAD - ok
08:42:46.0792 6008        TPHKSVC        (c04bb65441913ab621c58a8bd3169b23) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
08:42:46.0822 6008        TPHKSVC - ok
08:42:46.0852 6008        TPM            (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
08:42:46.0892 6008        TPM - ok
08:42:46.0922 6008        TPPWRIF        (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
08:42:46.0942 6008        TPPWRIF - ok
08:42:46.0982 6008        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:42:47.0092 6008        TrkWks - ok
08:42:47.0152 6008        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:42:47.0252 6008        TrustedInstaller - ok
08:42:47.0272 6008        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:42:47.0362 6008        tssecsrv - ok
08:42:47.0392 6008        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:42:47.0432 6008        TsUsbFlt - ok
08:42:47.0452 6008        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:42:47.0482 6008        TsUsbGD - ok
08:42:47.0522 6008        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:42:47.0612 6008        tunnel - ok
08:42:47.0652 6008        TVTI2C          (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
08:42:47.0672 6008        TVTI2C - ok
08:42:47.0702 6008        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:42:47.0722 6008        uagp35 - ok
08:42:47.0772 6008        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:42:47.0872 6008        udfs - ok
08:42:47.0912 6008        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:42:47.0962 6008        UI0Detect - ok
08:42:48.0032 6008        UleadBurningHelper (be788a747457e6916586c410ec0111e7) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
08:42:48.0042 6008        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
08:42:48.0042 6008        UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
08:42:48.0082 6008        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:42:48.0102 6008        uliagpkx - ok
08:42:48.0132 6008        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:42:48.0172 6008        umbus - ok
08:42:48.0192 6008        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:42:48.0222 6008        UmPass - ok
08:42:48.0272 6008        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:42:48.0322 6008        UmRdpService - ok
08:42:48.0592 6008        UNS            (a69cd6bdb82872999d2e46f9324ada83) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:42:48.0722 6008        UNS - ok
08:42:48.0892 6008        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:42:48.0992 6008        upnphost - ok
08:42:49.0072 6008        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
08:42:49.0102 6008        usbaudio - ok
08:42:49.0132 6008        usbccgp        (ebf228a52517042de4f38a40285bc8d9) C:\Windows\system32\DRIVERS\usbccgp.sys
08:42:49.0162 6008        usbccgp - ok
08:42:49.0202 6008        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:42:49.0242 6008        usbcir - ok
08:42:49.0262 6008        usbehci        (6b3d5e6a9da786ec755b00bc180c700b) C:\Windows\system32\drivers\usbehci.sys
08:42:49.0292 6008        usbehci - ok
08:42:49.0352 6008        usbhub          (94abe9da48e466bbe84c73e0c6652ed1) C:\Windows\system32\DRIVERS\usbhub.sys
08:42:49.0402 6008        usbhub - ok
08:42:49.0432 6008        usbohci        (660b2c08ce7103e71eaa26f85b0b0a56) C:\Windows\system32\drivers\usbohci.sys
08:42:49.0452 6008        usbohci - ok
08:42:49.0492 6008        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:42:49.0532 6008        usbprint - ok
08:42:49.0572 6008        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:42:49.0602 6008        usbscan - ok
08:42:49.0632 6008        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:42:49.0672 6008        USBSTOR - ok
08:42:49.0692 6008        usbuhci        (1529632fc96032d337b298f8a285d640) C:\Windows\system32\drivers\usbuhci.sys
08:42:49.0722 6008        usbuhci - ok
08:42:49.0772 6008        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:42:49.0822 6008        usbvideo - ok
08:42:49.0852 6008        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:42:49.0952 6008        UxSms - ok
08:42:49.0982 6008        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:42:50.0012 6008        VaultSvc - ok
08:42:50.0062 6008        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:42:50.0082 6008        vdrvroot - ok
08:42:50.0162 6008        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:42:50.0262 6008        vds - ok
08:42:50.0292 6008        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:42:50.0322 6008        vga - ok
08:42:50.0342 6008        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:42:50.0432 6008        VgaSave - ok
08:42:50.0472 6008        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:42:50.0502 6008        vhdmp - ok
08:42:50.0532 6008        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:42:50.0552 6008        viaide - ok
08:42:50.0582 6008        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
08:42:50.0612 6008        vmbus - ok
08:42:50.0622 6008        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:42:50.0662 6008        VMBusHID - ok
08:42:50.0682 6008        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:42:50.0702 6008        volmgr - ok
08:42:50.0752 6008        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:42:50.0792 6008        volmgrx - ok
08:42:50.0842 6008        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:42:50.0872 6008        volsnap - ok
08:42:50.0912 6008        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:42:50.0942 6008        vsmraid - ok
08:42:51.0112 6008        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:42:51.0242 6008        VSS - ok
08:42:51.0372 6008        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:42:51.0412 6008        vwifibus - ok
08:42:51.0442 6008        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:42:51.0502 6008        vwififlt - ok
08:42:51.0562 6008        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:42:51.0662 6008        W32Time - ok
08:42:51.0682 6008        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:42:51.0722 6008        WacomPen - ok
08:42:51.0762 6008        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:42:51.0862 6008        WANARP - ok
08:42:51.0862 6008        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:42:51.0952 6008        Wanarpv6 - ok
08:42:52.0112 6008        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:42:52.0202 6008        wbengine - ok
08:42:52.0362 6008        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:42:52.0412 6008        WbioSrvc - ok
08:42:52.0442 6008        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:42:52.0512 6008        wcncsvc - ok
08:42:52.0522 6008        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:42:52.0562 6008        WcsPlugInService - ok
08:42:52.0612 6008        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:42:52.0642 6008        Wd - ok
08:42:52.0712 6008        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:42:52.0772 6008        Wdf01000 - ok
08:42:52.0792 6008        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:42:52.0852 6008        WdiServiceHost - ok
08:42:52.0852 6008        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:42:52.0902 6008        WdiSystemHost - ok
08:42:52.0932 6008        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:42:52.0992 6008        WebClient - ok
08:42:53.0022 6008        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:42:53.0132 6008        Wecsvc - ok
08:42:53.0152 6008        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:42:53.0252 6008        wercplsupport - ok
08:42:53.0282 6008        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:42:53.0372 6008        WerSvc - ok
08:42:53.0422 6008        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:42:53.0502 6008        WfpLwf - ok
08:42:53.0532 6008        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:42:53.0552 6008        WIMMount - ok
08:42:53.0562 6008        WinHttpAutoProxySvc - ok
08:42:53.0622 6008        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:42:53.0712 6008        Winmgmt - ok
08:42:53.0882 6008        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:42:54.0032 6008        WinRM - ok
08:42:54.0202 6008        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
08:42:54.0242 6008        WinUsb - ok
08:42:54.0362 6008        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:42:54.0442 6008        Wlansvc - ok
08:42:54.0482 6008        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:42:54.0512 6008        WmiAcpi - ok
08:42:54.0592 6008        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:42:54.0632 6008        wmiApSrv - ok
08:42:54.0672 6008        WMPNetworkSvc - ok
08:42:54.0702 6008        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:42:54.0732 6008        WPCSvc - ok
08:42:54.0752 6008        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:42:54.0792 6008        WPDBusEnum - ok
08:42:54.0812 6008        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:42:54.0892 6008        ws2ifsl - ok
08:42:54.0902 6008        WSearch - ok
08:42:55.0112 6008        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:42:55.0242 6008        wuauserv - ok
08:42:55.0382 6008        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:42:55.0472 6008        WudfPf - ok
08:42:55.0502 6008        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:42:55.0592 6008        WUDFRd - ok
08:42:55.0622 6008        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:42:55.0712 6008        wudfsvc - ok
08:42:55.0742 6008        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:42:55.0792 6008        WwanSvc - ok
08:42:55.0832 6008        MBR (0x1B8)    (b85b50c6a0d35ae5861c76696621a9fc) \Device\Harddisk0\DR0
08:42:56.0302 6008        \Device\Harddisk0\DR0 - ok
08:42:56.0312 6008        MBR (0x1B8)    (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
08:42:57.0372 6008        \Device\Harddisk1\DR2 - ok
08:42:57.0392 6008        Boot (0x1200)  (b319c3ca87af16c9981175ec4d827b15) \Device\Harddisk0\DR0\Partition0
08:42:57.0392 6008        \Device\Harddisk0\DR0\Partition0 - ok
08:42:57.0402 6008        Boot (0x1200)  (ff72a23b70f57aa11800f0c895d7a2ca) \Device\Harddisk0\DR0\Partition1
08:42:57.0412 6008        \Device\Harddisk0\DR0\Partition1 - ok
08:42:57.0432 6008        Boot (0x1200)  (4d7b5619e5fd76b47f38e73bec3d03b1) \Device\Harddisk0\DR0\Partition2
08:42:57.0432 6008        \Device\Harddisk0\DR0\Partition2 - ok
08:42:57.0452 6008        Boot (0x1200)  (b85535610a46a83cede7e1449f4cea38) \Device\Harddisk0\DR0\Partition3
08:42:57.0462 6008        \Device\Harddisk0\DR0\Partition3 - ok
08:42:57.0462 6008        Boot (0x1200)  (dfea88f2e3588e6a86f963abc6621316) \Device\Harddisk1\DR2\Partition0
08:42:57.0472 6008        \Device\Harddisk1\DR2\Partition0 - ok
08:42:57.0472 6008        ============================================================
08:42:57.0472 6008        Scan finished
08:42:57.0472 6008        ============================================================
08:42:57.0482 6016        Detected object count: 1
08:42:57.0482 6016        Actual detected object count: 1
08:43:49.0292 6016        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:49.0292 6016        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
Dankbar für Eure Hilfe:
wenjin

Chris4You 16.07.2012 11:14
Hi,

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2012.07.16 08:25:20 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\80000000.@
[2012.07.16 08:16:47 | 000,022,016 | ---- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\800000cb.@
[2012.07.13 09:56:29 | 000,001,696 | ---- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\00000001.@
[2012.03.30 14:34:08 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@
[2012.03.30 14:34:08 | 000,002,048 | -HS- | C] () -- C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@

:reg
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = dword:0x01

:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris

chris

wenjin 16.07.2012 12:39
Hallo Chris,

erstmal vielen Dank, dass Du Dich meines Problems annimmst.

Ich habe den Code in OTL eingefügt. Bin nicht sicher, aber das Programm scheint sich aufzuhängen. In der Statusleiste steht die ganze Zeit:
Zitat:
Processing registry data 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]...
Und beim Klick auf das Programm erscheint in der Titelleiste "Keine Rückmeldung". Oder ist es normal, dass der Fix über 15 Minuten dauert und das Programm währenddessen auf nichts reagiert?

Chris4You 16.07.2012 13:03
Hi,

nein, ist es nicht.
Nimm die Anweisung samt des vorangestellten ":reg" raus.
OTL beenden und neu starten.

Falls es nicht funktioniert, in den abgesicherten Modus booten (F8 beim Booten) und dort probieren.

Kannst auch probieren, die Antivirenlösung temporär für den OTL-Lauf auszuschalten...

chris

wenjin 16.07.2012 14:26
So, habe die Reg-Befehlszeilen raus genommen, damit funktionierte es.

Nach dem ComboFix-Scan und anschließendem Neustart ging erstmal nichts mehr. Wenn ich ein Programm öffnen wollte, wurde mir angezeigt, dass ein fehlgeschlagener Versuch unternommen wurde, auf eine/n Registryeintrag/Registrydatei zuzugreifen, die gelöscht wird (oder so ähnlich). Habe dann nochmal neu gestartet und jetzt geht wieder alles.

Übrigens sind seit dem Trojanerbefall sämtliche Icons auf dem Desktop aus meiner individuellen Sortierung an den linken Desktoprand (default) sortiert worden. Weiß nicht, ob das relevant ist.

OTL-Log:
Code:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
File C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\80000000.@ not found.
File C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\800000cb.@ not found.
File C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\00000001.@ not found.
File C:\Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@ not found.
File C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: t-cee
->Temp folder emptied: 33486 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: username
->Temp folder emptied: 127271772 bytes
->Temporary Internet Files folder emptied: 105840676 bytes
->Java cache emptied: 1707786 bytes
->FireFox cache emptied: 64296181 bytes
->Flash cache emptied: 65103 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1343716233 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 2298950646 bytes
 
Total Files Cleaned = 3.759,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07162012_140650

Files\Folders moved on Reboot...
C:\Users\username\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\username\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
ComboFix.txt
Code:
ComboFix 12-07-14.01 - username 16.07.2012  14:19:22.1.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8075.6412 [GMT 2:00]
ausgeführt von:: c:\users\username\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
C:\root
c:\root\wpfdot.exe
c:\windows\system32\Thumbs.db
Q:\Autorun.inf
.
Infizierte Kopie von c:\windows\system32\Services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-16 bis 2012-07-16  ))))))))))))))))))))))))))))))
.
.
2012-07-16 10:50 . 2012-07-16 10:50        --------        d-----w-        C:\_OTL
2012-07-12 09:54 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-12 09:48 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C318FC68-32E6-4744-80FB-6ABFE53E73C0}\mpengine.dll
2012-07-08 08:01 . 2012-07-08 08:01        --------        d-----w-        c:\users\username\.thumbnails
2012-07-08 08:00 . 2012-07-08 08:00        --------        d-----w-        c:\users\username\AppData\Local\fontconfig
2012-07-08 08:00 . 2012-07-13 05:55        --------        d-----w-        c:\users\username\.gimp-2.8
2012-07-08 08:00 . 2012-07-08 08:00        --------        d-----w-        c:\users\username\AppData\Local\gegl-0.2
2012-07-08 07:56 . 2012-07-08 07:57        --------        d-----w-        c:\program files\GIMP 2
2012-07-08 06:32 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe
2012-07-06 15:17 . 2012-07-06 15:18        --------        d-----w-        C:\InterbankFX_1-Click
2012-07-06 09:09 . 2012-07-06 09:09        --------        d-----w-        c:\program files (x86)\ElsterFormular
2012-06-30 11:58 . 2012-04-24 05:37        1462272        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-30 11:58 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-06-30 11:58 . 2012-04-24 05:37        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-30 11:58 . 2012-04-24 05:37        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-30 11:58 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-06-30 11:58 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-06-30 11:57 . 2012-04-07 12:31        3216384        ----a-w-        c:\windows\system32\msi.dll
2012-06-30 11:57 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\SysWow64\msi.dll
2012-06-30 11:57 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-06-30 11:57 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-06-30 11:57 . 2012-05-01 05:40        209920        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-25 09:45 . 2012-06-25 09:45        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-25 09:45 . 2012-06-25 09:45        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 18:23 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 18:23 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 18:23 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 18:23 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 18:23 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 18:23 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 18:23 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 18:23 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 18:23 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-19 10:58 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-19 10:58 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-19 10:58 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-19 10:58 . 2012-05-04 11:06        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-06-19 10:58 . 2012-05-04 10:03        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-06-19 10:58 . 2012-05-04 10:03        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-06-19 10:58 . 2012-04-28 03:55        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 05:57 . 2012-04-15 06:46        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 05:57 . 2012-04-15 06:46        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 13:47 . 2012-06-08 08:31        405176        ----a-w-        c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-12 06:25 . 2012-04-14 15:59        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-12 06:25 . 2012-04-14 15:59        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-11 12:46 . 2012-05-11 12:46        644400        ----a-w-        c:\windows\SysWow64\mscomct2.ocx
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-02-27 1631808]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-12 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-02-27 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-02-27 244800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
R4 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-02-27 478056]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120]
R4 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-02-27 31344]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-01 25960]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-15 23664]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-12 86224]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2009704]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-25 378472]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-12-20 316080]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\SAsrv.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-16  15:10:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-16 13:10
.
Vor Suchlauf: 12 Verzeichnis(se), 67.688.546.304 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 67.526.483.968 Bytes frei
.
- - End Of File - - 6E30D9DBB351BED526F322274BF3F48E
MBR-Check-Datei
Code:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:                       
Windows Version:                Windows 7 Professional
Windows Information:                Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:        LENOVO
BIOS Manufacturer:                LENOVO
System Manufacturer:                LENOVO
System Product Name:                4276CTO
Logical Drives Mask:                0x0001004c

Kernel Drivers (total 212):
  0x02E01000 \SystemRoot\system32\ntoskrnl.exe
  0x033E9000 \SystemRoot\system32\hal.dll
  0x00BA9000 \SystemRoot\system32\kdcom.dll
  0x00CFC000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x00D4B000 \SystemRoot\system32\PSHED.dll
  0x00D5F000 \SystemRoot\system32\CLFS.SYS
  0x00C00000 \SystemRoot\system32\CI.dll
  0x00ECA000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F6E000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x00F7D000 \SystemRoot\system32\drivers\ACPI.sys
  0x00FD4000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x00FDD000 \SystemRoot\system32\drivers\msisadrv.sys
  0x00E00000 \SystemRoot\system32\drivers\pci.sys
  0x00E33000 \SystemRoot\system32\drivers\vdrvroot.sys
  0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
  0x00E55000 \SystemRoot\system32\drivers\compbatt.sys
  0x00E5E000 \SystemRoot\system32\drivers\BATTC.SYS
  0x00E6A000 \SystemRoot\system32\drivers\volmgr.sys
  0x0104F000 \SystemRoot\System32\drivers\volmgrx.sys
  0x010AB000 \SystemRoot\System32\drivers\mountmgr.sys
  0x01279000 \SystemRoot\system32\drivers\iaStor.sys
  0x013CD000 \SystemRoot\system32\drivers\amdxata.sys
  0x01200000 \SystemRoot\system32\drivers\fltmgr.sys
  0x0124C000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01428000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x010C5000 \SystemRoot\System32\Drivers\msrpc.sys
  0x015CB000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01123000 \SystemRoot\System32\Drivers\cng.sys
  0x015E6000 \SystemRoot\System32\drivers\pcw.sys
  0x01400000 \SystemRoot\System32\DRIVERS\DzHDD64.sys
  0x0140B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0160F000 \SystemRoot\system32\drivers\ndis.sys
  0x01702000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01762000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01803000 \SystemRoot\System32\drivers\tcpip.sys
  0x01A06000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01A50000 \SystemRoot\system32\drivers\vmstorfl.sys
  0x01A60000 \SystemRoot\system32\drivers\volsnap.sys
  0x01AAC000 \SystemRoot\System32\DRIVERS\ApsHM64.sys
  0x01AB6000 \SystemRoot\System32\Drivers\spldr.sys
  0x01ABE000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01AF8000 \SystemRoot\System32\DRIVERS\Apsx64.sys
  0x01B1E000 \SystemRoot\system32\DRIVERS\nvpciflt.sys
  0x01B23000 \SystemRoot\System32\Drivers\mup.sys
  0x01B35000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01B3E000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x01B78000 \SystemRoot\system32\drivers\disk.sys
  0x01B8E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x03FD3000 \SystemRoot\System32\Drivers\Null.SYS
  0x03FDC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x0F249000 \??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
  0x103EE000 \SystemRoot\System32\drivers\vga.sys
  0x0F200000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x0F225000 \SystemRoot\System32\drivers\watchdog.sys
  0x0F235000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x0F23E000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x03FE3000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x03FEC000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x03E00000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03E11000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03E33000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x0467E000 \SystemRoot\system32\drivers\afd.sys
  0x04707000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x0474C000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x04757000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x04760000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x04786000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x0479C000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x047AB000 \SystemRoot\system32\DRIVERS\serial.sys
  0x047C8000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x047E3000 \SystemRoot\System32\drivers\Tppwr64v.sys
  0x047EA000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x04600000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x04651000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x0465D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x04668000 \SystemRoot\system32\DRIVERS\smiifx64.sys
  0x0466F000 \SystemRoot\System32\drivers\discache.sys
  0x04AD4000 \SystemRoot\system32\drivers\csc.sys
  0x04B57000 \SystemRoot\System32\Drivers\dfsc.sys
  0x04B75000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x04B86000 \SystemRoot\system32\DRIVERS\avkmgr.sys
  0x04B90000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0x04BB7000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x04BDD000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x1048C000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x110FF000 \SystemRoot\System32\Drivers\nvBridge.kmd
  0x11101000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x10400000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x05810000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
  0x063C3000 \SystemRoot\system32\DRIVERS\HECIx64.sys
  0x063D4000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x04A00000 \SystemRoot\system32\DRIVERS\e1c62x64.sys
  0x063E0000 \SystemRoot\system32\drivers\usbehci.sys
  0x04A50000 \SystemRoot\system32\drivers\USBPORT.SYS
  0x10446000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x04CBA000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
  0x05540000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x0554D000 \SystemRoot\system32\DRIVERS\risdxc64.sys
  0x055A9000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
  0x055DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x055DC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x04C00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x06844000 \SystemRoot\system32\DRIVERS\SynTP.sys
  0x069AA000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x069B9000 \SystemRoot\system32\drivers\tpm.sys
  0x069C8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x069CD000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
  0x069DA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0x069E3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x06800000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x06816000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x069F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04C0F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x04C3E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x04C59000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x04C7A000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x04C94000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x04C9F000 \SystemRoot\system32\DRIVERS\psadd.sys
  0x063F1000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
  0x0683A000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x0178C000 \SystemRoot\system32\DRIVERS\ks.sys
  0x1046A000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x01195000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x04AA6000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
  0x04ABF000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x08238000 \SystemRoot\system32\drivers\CHDRT64.sys
  0x01000000 \SystemRoot\system32\drivers\portcls.sys
  0x083C6000 \SystemRoot\system32\drivers\drmk.sys
  0x083E8000 \SystemRoot\system32\drivers\ksthunk.sys
  0x08200000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x03E40000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x00030000 \SystemRoot\System32\win32k.sys
  0x0821B000 \SystemRoot\System32\drivers\Dxapi.sys
  0x08227000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x02464000 \SystemRoot\System32\Drivers\dump_iaStor.sys
  0x025B8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x02431000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x0243F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x025CB000 \SystemRoot\system32\DRIVERS\5U877.sys
  0x02400000 \SystemRoot\system32\DRIVERS\STREAM.SYS
  0x00560000 \SystemRoot\System32\TSDDD.dll
  0x02411000 \SystemRoot\system32\drivers\usbaudio.sys
  0x083EE000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x03E76000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x025F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x00670000 \SystemRoot\System32\cdd.dll
  0x008D0000 \SystemRoot\System32\ATMFD.DLL
  0x03E8F000 \SystemRoot\system32\drivers\luafv.sys
  0x03EB2000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0x03ED2000 \SystemRoot\system32\drivers\WudfPf.sys
  0x04CAD000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x05800000 \SystemRoot\system32\DRIVERS\point64.sys
  0x03EF3000 \SystemRoot\system32\DRIVERS\WinUSB.sys
  0x03F04000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x03F35000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x1047C000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x03F4A000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x01BCC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x01BDF000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x0CC24000 \SystemRoot\system32\drivers\HTTP.sys
  0x0CCED000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x0CD1E000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x0CD3C000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x0CD54000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x0CD81000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0CDCF000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x0CE54000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x0CEBD000 \SystemRoot\System32\DRIVERS\srv.sys
  0x0CF55000 \SystemRoot\system32\drivers\peauth.sys
  0x0CE00000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x0CE0B000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x212D2000 \SystemRoot\system32\drivers\spsys.sys
  0x77780000 \Windows\System32\ntdll.dll
  0x477D0000 \Windows\System32\smss.exe
  0xFFAA0000 \Windows\System32\apisetschema.dll
  0xFF1E0000 \Windows\System32\autochk.exe
  0xFF9B0000 \Windows\System32\advapi32.dll
  0x77630000 \Windows\System32\urlmon.dll
  0x77510000 \Windows\System32\kernel32.dll
  0x77410000 \Windows\System32\user32.dll
  0xFF910000 \Windows\System32\comdlg32.dll
  0x77200000 \Windows\System32\iertutil.dll
  0xFF890000 \Windows\System32\difxapi.dll
  0xFEB00000 \Windows\System32\shell32.dll
  0xFEAF0000 \Windows\System32\lpk.dll
  0x770A0000 \Windows\System32\wininet.dll
  0xFEAE0000 \Windows\System32\nsi.dll
  0xFEAC0000 \Windows\System32\imagehlp.dll
  0xFEAA0000 \Windows\System32\sechost.dll
  0xFE9D0000 \Windows\System32\usp10.dll
  0xFE980000 \Windows\System32\ws2_32.dll
  0xFE850000 \Windows\System32\rpcrt4.dll
  0xFE7B0000 \Windows\System32\clbcatq.dll
  0xFE5A0000 \Windows\System32\ole32.dll
  0xFE520000 \Windows\System32\shlwapi.dll
  0xFE4C0000 \Windows\System32\Wldap32.dll
  0x77950000 \Windows\System32\normaliz.dll
  0xFE2E0000 \Windows\System32\setupapi.dll
  0xFE1D0000 \Windows\System32\msctf.dll
  0xFE0F0000 \Windows\System32\oleaut32.dll
  0xFE080000 \Windows\System32\gdi32.dll
  0x77940000 \Windows\System32\psapi.dll
  0xFDFE0000 \Windows\System32\msvcrt.dll
  0xFDFB0000 \Windows\System32\imm32.dll
  0xFDF10000 \Windows\System32\comctl32.dll
  0xFDEA0000 \Windows\System32\KernelBase.dll
  0xFDD30000 \Windows\System32\crypt32.dll
  0xFDD10000 \Windows\System32\devobj.dll
  0xFDCD0000 \Windows\System32\cfgmgr32.dll
  0xFDC90000 \Windows\System32\wintrust.dll
  0xFDC80000 \Windows\System32\msasn1.dll
  0x76460000 \Windows\SysWOW64\normaliz.dll

Processes (total 83):
      0 System Idle Process
      4 System
    384 C:\Windows\System32\smss.exe
    536 csrss.exe
    660 C:\Windows\System32\wininit.exe
    680 csrss.exe
    720 C:\Windows\System32\Services.exe
    740 C:\Windows\System32\lsass.exe
    748 C:\Windows\System32\lsm.exe
    856 C:\Windows\System32\svchost.exe
    952 C:\Windows\System32\ibmpmsvc.exe
    992 C:\Windows\System32\nvvsvc.exe
    152 C:\Windows\System32\svchost.exe
    552 C:\Windows\System32\svchost.exe
    560 C:\Windows\System32\svchost.exe
    436 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\winlogon.exe
    1140 C:\Windows\System32\svchost.exe
    1248 WUDFHost.exe
    1308 C:\Windows\System32\svchost.exe
    1396 C:\Windows\System32\wlanext.exe
    1404 C:\Windows\System32\conhost.exe
    1476 C:\Windows\System32\taskeng.exe
    1496 C:\Windows\System32\spoolsv.exe
    1600 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    1644 C:\Windows\System32\svchost.exe
    1988 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    2000 C:\Windows\System32\nvvsvc.exe
    2236 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    2264 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    2304 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    2340 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    2368 C:\Windows\System32\svchost.exe
    2416 C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    2464 C:\Program Files\Lenovo\HOTKEY\micmute.exe
    2492 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
    2596 C:\Windows\System32\svchost.exe
    2628 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    2676 C:\Windows\SysWOW64\SASrv.exe
    2724 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    2752 C:\Windows\System32\svchost.exe
    2800 C:\Windows\System32\svchost.exe
    2216 unsecapp.exe
    2584 WmiPrvSE.exe
    3360 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    3368 C:\Windows\System32\conhost.exe
    3516 WUDFHost.exe
    3720 C:\Windows\servicing\TrustedInstaller.exe
    4008 C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
    4032 C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
    4060 C:\Windows\System32\dwm.exe
    3488 C:\Windows\explorer.exe
    1616 C:\Windows\System32\taskhost.exe
    2280 C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
    2176 C:\Windows\System32\hkcmd.exe
    788 C:\Windows\System32\igfxpers.exe
    964 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    3180 C:\Windows\System32\igfxsrvc.exe
    4172 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
    4188 C:\Windows\SysWOW64\rundll32.exe
    4220 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    4232 C:\Windows\System32\rundll32.exe
    4312 C:\Windows\System32\igfxext.exe
    4420 C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
    4452 C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
    4856 C:\Windows\System32\svchost.exe
    4920 C:\Windows\System32\SearchIndexer.exe
    4956 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4996 C:\Program Files\Windows Media Player\wmpnetwk.exe
    5092 C:\Windows\System32\SearchProtocolHost.exe
    2740 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    3752 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    692 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    4148 C:\Windows\System32\sppsvc.exe
    2244 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    5184 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    6068 C:\Windows\System32\SearchFilterHost.exe
    6104 C:\Windows\System32\SearchProtocolHost.exe
    4204 dllhost.exe
    1064 dllhost.exe
    1844 C:\Users\username\Desktop\MBRCheck.exe
    4016 C:\Windows\System32\conhost.exe
    2656 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`5de00000  (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000070`88b00000  (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS727550A9E364, Rev: JF3ZD0H0

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: F98BFA86330BA7D919314A62F0A7F6FC856671B6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
  [1] Dump the MBR of a physical disk to file.
  [2] Restore the MBR of a physical disk with a standard boot code.
  [3] Exit.

Enter your choice:

Done!
MBR-Check zeigte mir an:
Zitat:
Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit.
Habe das Programm dann verlassen.

Chris4You 16.07.2012 16:14
Hi,

der MBR kann OK sein, ist ein Notebook, die verwenden gerne eigenen Code (und eine eigene, unsichtbare Partition zum Zurücksetzen des Notebooks).

Daher:
MBR-code sichern und hochladen
Lass MBRCheck.exe nochmal laufen, die Frage mit yes beantworten,
dann 1, zu dumpende Festplatte 0 und Dateiname mbr.dat.
Hier das Ganze als Bildchen: http://www.imgbox.de/users/public/th...qGts3Lhk_t.gif
Den gesicherten MBR (die mbr.dat) dann bitte hier hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html

So, dann zur Sicherheit noch:
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

Und poste auch noch ein neues OTL-Log...

Es scheint eine neue Variante zu sein, der Killer hat die infizierte services.exe nicht erkannt... Hmm... CF hat sie wiederhergestellt...

chris

wenjin 16.07.2012 19:05
Hallo Chris,

den MBR-Code habe ich hochgeladen.

Während dem mbam-Scan tauchte plötzlich eine neue Avira-Meldung:
Zitat:
C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir enthält Code des Windows-Virus W32/Patched.UA
Scheint ja bereits in Quarantäne zu sein. Habe den Virus dann aber trotzdem nochmal mittels Avira in Quarantäne verschoben.

Nach dem mbam-Scan dann wieder die Avira-Meldung mit dem ATRAPS.Gen2-Trojaner:
Zitat:
C:\Windows\Installer\{56d76256-d551-818a-fa84-f69dc1cd}\n ist das trojanische Pferd TR/ATRAPS.Gen2.
Auch den habe ich in Quarantäne verschoben. Ist es möglich, dass eine meiner geöffneten Tabs den Trojaner immer wieder aufspielt? Mich wundert das ganze sowieso, da ich eigentlich nicht auf unsicheren Seiten surfe und alle meine aktuellen Tabs seriös scheinen.

Hier das Mbam-Log:
Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
username :: username-THINK [Administrator]

Schutz: Aktiviert

16.07.2012 18:06:19
mbam-log-2012-07-16 (18-06-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 378279
Laufzeit: 52 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles\07162012_125054\C_Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\07162012_130803\C_Windows\Installer\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OTL.txt
Code:
OTL logfile created on: 16.07.2012 19:19:42 - Run 3
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\username\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 72,79% Memory free
15,77 Gb Paging File | 13,36 Gb Available in Paging File | 84,73% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 62,89 Gb Free Space | 62,89% Space Free | Partition Type: NTFS
Drive D: | 348,67 Gb Total Space | 338,39 Gb Free Space | 97,05% Space Free | Partition Type: NTFS
Drive G: | 981,55 Mb Total Space | 979,02 Mb Free Space | 99,74% Space Free | Partition Type: FAT32
Drive Q: | 15,62 Gb Total Space | 5,11 Gb Free Space | 32,68% Space Free | Partition Type: NTFS
 
Computer Name: username-THINK | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\username\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (jhi_service) Intel(R) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 11:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.18 20:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 11:45:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.14 17:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions
[2012.07.09 08:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions
[2012.06.10 17:19:41 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012.06.08 10:31:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.15 10:06:08 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2012.06.10 17:26:36 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\rikaichan-jpde@polarcloud.com
[2012.05.11 07:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.09 08:32:35 | 000,028,993 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPM9XJXR.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
[2012.05.19 08:55:53 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPM9XJXR.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.06.25 11:45:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.25 11:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 11:45:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 11:45:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 11:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 11:45:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 11:45:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.16 15:05:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA55A89-71BB-43F3-8157-DAEDA2C7B1FA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0072BB-ADBE-4809-A9B3-1F3EC8E1389E}: DhcpNameServer = 172.168.111.2
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk G:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.16 18:03:49 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes
[2012.07.16 18:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.16 18:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 18:03:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.16 18:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.16 15:16:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.16 15:10:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.16 14:17:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.16 14:17:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.16 14:17:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.16 14:17:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.16 14:17:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.16 14:13:46 | 004,579,346 | R--- | C] (Swearware) -- C:\Users\username\Desktop\ComboFix.exe
[2012.07.16 12:50:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.16 07:53:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe
[2012.07.12 11:45:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 11:45:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 11:45:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 11:45:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 11:45:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 11:45:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 11:45:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 11:45:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 11:45:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 11:45:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 11:45:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 11:45:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 11:45:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 11:43:38 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.12 11:43:37 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.12 11:43:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 11:43:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 11:43:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.08 10:01:56 | 000,000,000 | ---D | C] -- C:\Users\username\.thumbnails
[2012.07.08 10:00:12 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\fontconfig
[2012.07.08 10:00:09 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\gegl-0.2
[2012.07.08 10:00:09 | 000,000,000 | ---D | C] -- C:\Users\username\.gimp-2.8
[2012.07.08 09:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.07.08 08:32:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.06 17:17:18 | 000,000,000 | ---D | C] -- C:\InterbankFX_1-Click
[2012.07.06 11:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.07.06 11:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2012.06.30 13:58:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.30 13:58:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.30 13:57:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.30 13:57:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.06.30 13:57:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.06.28 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Google
[2012.06.28 15:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.06.21 20:23:42 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 20:23:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 20:23:41 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 20:23:37 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 20:23:37 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 20:23:37 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 20:23:31 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 20:23:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.19 12:58:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.19 12:58:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.19 12:58:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.19 12:58:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.19 12:58:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.19 12:58:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.16 18:03:30 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 17:57:39 | 000,000,512 | ---- | M] () -- C:\Users\username\Desktop\mbr.dat
[2012.07.16 17:56:56 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.16 17:56:56 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.16 17:56:56 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.16 17:56:56 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.16 17:56:56 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.16 17:53:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.16 15:22:27 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 15:22:27 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.16 15:17:02 | 000,080,384 | ---- | M] () -- C:\Users\username\Desktop\MBRCheck.exe
[2012.07.16 15:14:53 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 15:05:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.16 14:13:57 | 004,579,346 | R--- | M] (Swearware) -- C:\Users\username\Desktop\ComboFix.exe
[2012.07.16 07:57:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.16 07:57:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.16 07:53:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe
[2012.07.16 07:50:55 | 000,000,000 | ---- | M] () -- C:\Users\username\defogger_reenable
[2012.07.16 07:50:27 | 000,050,477 | ---- | M] () -- C:\Users\username\Desktop\Defogger.exe
[2012.07.13 07:54:54 | 000,005,849 | ---- | M] () -- C:\Users\username\AppData\Local\recently-used.xbel
[2012.07.12 19:38:37 | 000,321,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 07:46:31 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.07.06 17:17:24 | 000,001,554 | ---- | M] () -- C:\Users\username\Desktop\Interbank FX Trader 4.lnk
[2012.07.06 11:09:27 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 17:29:47 | 000,001,413 | ---- | M] () -- C:\Users\username\Desktop\Free YouTube to MP3 Converter.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.16 18:03:30 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 17:57:39 | 000,000,512 | ---- | C] () -- C:\Users\username\Desktop\mbr.dat
[2012.07.16 15:17:01 | 000,080,384 | ---- | C] () -- C:\Users\username\Desktop\MBRCheck.exe
[2012.07.16 14:17:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.16 14:17:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.16 14:17:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.16 14:17:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.16 14:17:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.16 07:50:55 | 000,000,000 | ---- | C] () -- C:\Users\username\defogger_reenable
[2012.07.16 07:50:26 | 000,050,477 | ---- | C] () -- C:\Users\username\Desktop\Defogger.exe
[2012.07.13 07:54:54 | 000,005,849 | ---- | C] () -- C:\Users\username\AppData\Local\recently-used.xbel
[2012.07.12 07:46:31 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.07.08 09:57:17 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.07.06 11:09:27 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.03.30 14:34:08 | 000,002,048 | -HS- | C] () -- C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@
[2012.03.30 14:18:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.03.30 04:54:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.30 04:54:02 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.30 04:54:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

< End of report >
Extras.txt
Code:
OTL Extras logfile created on: 16.07.2012 19:19:42 - Run 3
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\username\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 72,79% Memory free
15,77 Gb Paging File | 13,36 Gb Available in Paging File | 84,73% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 62,89 Gb Free Space | 62,89% Space Free | Partition Type: NTFS
Drive D: | 348,67 Gb Total Space | 338,39 Gb Free Space | 97,05% Space Free | Partition Type: NTFS
Drive G: | 981,55 Mb Total Space | 979,02 Mb Free Space | 99,74% Space Free | Partition Type: FAT32
Drive Q: | 15,62 Gb Total Space | 5,11 Gb Free Space | 32,68% Space Free | Partition Type: NTFS
 
Computer Name: username-THINK | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27D962EE-E6AB-48AE-9062-6398B72B0609}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{61863F82-9195-4F32-8951-1CF1AA316A72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.71
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows-Treiberpaket - Intel USB  (12/21/2010 9.2.0.1021)
"43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows-Treiberpaket - Intel System  (11/20/2010 9.2.0.1016)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
"8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"GIMP-2_is1" = GIMP 2.8.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"KaloMa_is1" = KaloMa 4.93
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless
"Winamp" = Winamp
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.07.2012 09:57:23 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 06.07.2012 01:22:02 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 06.07.2012 03:37:39 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Lenovo
 Solution Center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.07.2012 03:39:40 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\lenovo
 solution center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.07.2012 04:23:48 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4ac  ID des fehlerhaften Prozesses: 0x1398  Startzeit der fehlerhaften Anwendung:
 0x01cd5b37ba4045e7  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 e8bdd116-c743-11e1-9112-f0def1dce4ed
 
Error - 06.07.2012 05:16:44 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x000ccb60  ID des fehlerhaften Prozesses: 0x1ba8  Startzeit der fehlerhaften Anwendung:
 0x01cd5b57ca7598bd  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 4d8b26b9-c74b-11e1-9112-f0def1dce4ed
 
Error - 06.07.2012 06:02:35 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Lenovo
 Solution Center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.07.2012 06:02:48 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\lenovo
 solution center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.07.2012 01:25:51 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 07.07.2012 07:24:39 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 14.04.2012 09:38:57 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 14.04.2012 15:45:33 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 15.04.2012 02:50:46 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 15.04.2012 06:52:45 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
[ System Events ]
Error - 16.04.2012 14:08:18 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst wuauserv erreicht.
 
Error - 16.04.2012 14:08:48 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
Error - 16.04.2012 14:09:18 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst iphlpsvc erreicht.
 
Error - 16.04.2012 14:09:48 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IKEEXT erreicht.
 
Error - 19.05.2012 14:14:16 | Computer Name = username-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.05.2012 14:14:18 | Computer Name = username-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 11.06.2012 07:07:36 | Computer Name = username-THINK | Source = DCOM | ID = 10010
Description =
 
Error - 11.06.2012 07:09:20 | Computer Name = username-THINK | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
 
Error - 11.06.2012 07:12:28 | Computer Name = username-THINK | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 18.06.2012 14:00:11 | Computer Name = username-THINK | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?06.?2012 um 19:58:15 unerwartet heruntergefahren.
 
 
< End of report >

Chris4You 17.07.2012 06:49
Hi,

ein Teil hat wohl überlebt. Ev. brauche ich noch die verseuchte services.exe für Kaspersky (den Killer), kannst Du die aus der Quarantäne wie den Bootblock bei uns hochladen?

Den Bootblock schaue ich mir gleich an...


Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
[2012.03.30 14:34:08 | 000,002,048 | -HS- | C] () -- C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@


:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Hitman

Lade Dir die passende Version von Hitman runter (32/64Bit), laufen lassen und Log posten.
ACHTUNG: Firewall muss für Hitman geöffnet sein (Zugriff unbedingt erlauben!)
Downloads - SurfRight
Für die Beseitigung kann eine temp. Lizenz (30 Tage) georderter werden (gibt dazu einen Reiter ;o)...

chris

wenjin 17.07.2012 07:36
Guten Morgen,

ich habe die services.exe aus Avira wiederhergestellt (ins Qoobox-Quarantäne-Verzeichnis). Bei der Auswahl über den Upload-Channel wir mir angezeigt:
Zitat:
Sie verfügen nicht über die Berechtigung, diese Datei zu öffnen.
Will da nicht einfach mit den Rechten rumspielen. Oder muss die Datei in ein andere Verzeichnis wiederhergestellt werden?

Wie genau lade ich den Bootblock hoch?

Die Hitman-Logdatei wird als XML ausgegeben. Ich hab sie per Upload-Channel hochgeladen.

Hier das OTL-Log:
Code:
All processes killed
========== OTL ==========
File C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: username
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: username
->Temp folder emptied: 2215688 bytes
->Temporary Internet Files folder emptied: 34233 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 108717969 bytes
->Flash cache emptied: 997 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5972 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 672 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 9723240 bytes
 
Total Files Cleaned = 115,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07172012_081545

Files\Folders moved on Reboot...
C:\Users\username\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\username\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Chris4You 17.07.2012 07:44
Hi,

Du hast bereits die MBR.DAT hochgeladen, das ist der Bootblock und der ist sauber.

Hitmann findet nichts, OTL kann das File nicht verschieben, erstelle daher bitte ein neues OTL-Log und poste es.

So, für den Upload musst Du das gleiche Vorgehen wie beim hochladen der mbr.dat durchführen, mit passwort packen und hochladen. Dazu musst Du Avira ausschalten, es blockt den Zugriff auf die Datei (und führe die services.exe auf keinen Fall per (zufälligen) Doppelklick etc. aus).

Danach bitte erst combofix deinstallieren (er löscht dabei auch die Quarantäne)

Combofix deinstallieren:
Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist.
Combofix deinstallieren http://www.bleepstatic.com/combofix/en/run-box.jpg

Falls das File "C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@" wieder auftaucht, werden wir CF neu runterladen und ich setzte ihn darauf an...

chris

wenjin 17.07.2012 08:10
Ich habe die Services.exe.vir als ZIP verpackt und hochgeladen, das hat funktioniert.

Combofix ist deinstalliert.

OTL.txt:
Code:
OTL logfile created on: 17.07.2012 08:54:18 - Run 5
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\username\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 75,87% Memory free
15,77 Gb Paging File | 13,84 Gb Available in Paging File | 87,74% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 62,94 Gb Free Space | 62,94% Space Free | Partition Type: NTFS
Drive D: | 348,67 Gb Total Space | 338,41 Gb Free Space | 97,06% Space Free | Partition Type: NTFS
Drive G: | 981,55 Mb Total Space | 979,02 Mb Free Space | 99,74% Space Free | Partition Type: FAT32
Drive Q: | 15,62 Gb Total Space | 5,11 Gb Free Space | 32,68% Space Free | Partition Type: NTFS
 
Computer Name: username-THINK | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\username\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (jhi_service) Intel(R) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 11:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.18 20:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 11:45:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.14 17:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions
[2012.07.17 08:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions
[2012.06.10 17:19:41 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012.06.08 10:31:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.15 10:06:08 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2012.06.10 17:26:36 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\rikaichan-jpde@polarcloud.com
[2012.05.11 07:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.09 08:32:35 | 000,028,993 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPM9XJXR.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
[2012.07.17 08:50:51 | 001,611,859 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPM9XJXR.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.06.25 11:45:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.25 11:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 11:45:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 11:45:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 11:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 11:45:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 11:45:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.16 15:05:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA55A89-71BB-43F3-8157-DAEDA2C7B1FA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0072BB-ADBE-4809-A9B3-1F3EC8E1389E}: DhcpNameServer = 172.168.111.2
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk G:\
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 08:53:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe
[2012.07.17 08:30:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012.07.17 08:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.07.17 08:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.07.16 18:03:49 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes
[2012.07.16 18:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.16 18:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 18:03:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.16 18:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.16 15:16:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.16 15:10:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.16 14:17:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.16 14:17:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.16 14:17:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.16 14:17:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.16 14:17:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.16 14:13:46 | 004,579,346 | R--- | C] (Swearware) -- C:\Users\username\Desktop\ComboFix.exe
[2012.07.16 12:50:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.12 11:45:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 11:45:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 11:45:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 11:45:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 11:45:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 11:45:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 11:45:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 11:45:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 11:45:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 11:45:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 11:45:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 11:45:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 11:45:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 11:43:38 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.12 11:43:37 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.12 11:43:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 11:43:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 11:43:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.08 10:01:56 | 000,000,000 | ---D | C] -- C:\Users\username\.thumbnails
[2012.07.08 10:00:12 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\fontconfig
[2012.07.08 10:00:09 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\gegl-0.2
[2012.07.08 10:00:09 | 000,000,000 | ---D | C] -- C:\Users\username\.gimp-2.8
[2012.07.08 09:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.07.08 08:32:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.06 17:17:18 | 000,000,000 | ---D | C] -- C:\InterbankFX_1-Click
[2012.07.06 11:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.07.06 11:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2012.06.30 13:58:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.30 13:58:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.30 13:57:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.30 13:57:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.06.30 13:57:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.06.28 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Google
[2012.06.28 15:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.06.21 20:23:42 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 20:23:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 20:23:41 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 20:23:37 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 20:23:37 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 20:23:37 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 20:23:31 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 20:23:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.19 12:58:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.19 12:58:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.19 12:58:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.19 12:58:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.19 12:58:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.19 12:58:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 08:53:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe
[2012.07.17 08:32:40 | 000,001,236 | ---- | M] () -- C:\Users\username\Desktop\hitman_log.xml
[2012.07.17 08:30:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012.07.17 08:30:09 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst
[2012.07.17 08:25:34 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 08:25:34 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 08:22:29 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.17 08:22:29 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.17 08:22:29 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.17 08:22:29 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.17 08:22:29 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 08:18:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 08:18:03 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 18:03:30 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 17:57:39 | 000,000,512 | ---- | M] () -- C:\Users\username\Desktop\mbr.dat
[2012.07.16 15:17:02 | 000,080,384 | ---- | M] () -- C:\Users\username\Desktop\MBRCheck.exe
[2012.07.16 15:05:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.16 14:13:57 | 004,579,346 | R--- | M] (Swearware) -- C:\Users\username\Desktop\ComboFix.exe
[2012.07.16 07:57:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.16 07:57:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.16 07:50:55 | 000,000,000 | ---- | M] () -- C:\Users\username\defogger_reenable
[2012.07.16 07:50:27 | 000,050,477 | ---- | M] () -- C:\Users\username\Desktop\Defogger.exe
[2012.07.13 07:54:54 | 000,005,849 | ---- | M] () -- C:\Users\username\AppData\Local\recently-used.xbel
[2012.07.12 19:38:37 | 000,321,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 07:46:31 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.07.06 17:17:24 | 000,001,554 | ---- | M] () -- C:\Users\username\Desktop\Interbank FX Trader 4.lnk
[2012.07.06 11:09:27 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 17:29:47 | 000,001,413 | ---- | M] () -- C:\Users\username\Desktop\Free YouTube to MP3 Converter.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.17 08:30:39 | 000,001,236 | ---- | C] () -- C:\Users\username\Desktop\hitman_log.xml
[2012.07.17 08:30:09 | 000,000,136 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst
[2012.07.16 18:03:30 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 17:57:39 | 000,000,512 | ---- | C] () -- C:\Users\username\Desktop\mbr.dat
[2012.07.16 15:17:01 | 000,080,384 | ---- | C] () -- C:\Users\username\Desktop\MBRCheck.exe
[2012.07.16 14:17:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.16 14:17:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.16 14:17:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.16 14:17:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.16 14:17:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.16 07:50:55 | 000,000,000 | ---- | C] () -- C:\Users\username\defogger_reenable
[2012.07.16 07:50:26 | 000,050,477 | ---- | C] () -- C:\Users\username\Desktop\Defogger.exe
[2012.07.13 07:54:54 | 000,005,849 | ---- | C] () -- C:\Users\username\AppData\Local\recently-used.xbel
[2012.07.12 07:46:31 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.07.08 09:57:17 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.07.06 11:09:27 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.03.30 14:34:08 | 000,002,048 | -HS- | C] () -- C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@
[2012.03.30 14:18:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.03.30 04:54:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.30 04:54:02 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.30 04:54:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

< End of report >
Extras.txt:
Code:
OTL Extras logfile created on: 17.07.2012 08:54:18 - Run 5
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\username\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 75,87% Memory free
15,77 Gb Paging File | 13,84 Gb Available in Paging File | 87,74% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 62,94 Gb Free Space | 62,94% Space Free | Partition Type: NTFS
Drive D: | 348,67 Gb Total Space | 338,41 Gb Free Space | 97,06% Space Free | Partition Type: NTFS
Drive G: | 981,55 Mb Total Space | 979,02 Mb Free Space | 99,74% Space Free | Partition Type: FAT32
Drive Q: | 15,62 Gb Total Space | 5,11 Gb Free Space | 32,68% Space Free | Partition Type: NTFS
 
Computer Name: username-THINK | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27D962EE-E6AB-48AE-9062-6398B72B0609}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{61863F82-9195-4F32-8951-1CF1AA316A72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{066C2DF9-CE01-4893-B121-87F235C1F134}" = protocol=6 | dir=in | app=d:\temp\install\hitmanpro36_x64.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5B9B913-A3B4-4DD2-B2DF-C56321165A50}" = protocol=17 | dir=in | app=d:\temp\install\hitmanpro36_x64.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.71
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows-Treiberpaket - Intel USB  (12/21/2010 9.2.0.1021)
"43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows-Treiberpaket - Intel System  (11/20/2010 9.2.0.1016)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
"8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"GIMP-2_is1" = GIMP 2.8.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"KaloMa_is1" = KaloMa 4.93
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless
"Winamp" = Winamp
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.07.2012 07:24:39 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 07.07.2012 08:32:52 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Lenovo
 Solution Center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.07.2012 08:34:42 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\lenovo
 solution center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.07.2012 09:25:13 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0017f5f0  ID des fehlerhaften Prozesses: 0x154c  Startzeit der fehlerhaften Anwendung:
 0x01cd5c42d217341d  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 2e4deada-c837-11e1-b009-f0def1dce4ed
 
Error - 07.07.2012 16:11:09 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d58e3  ID des fehlerhaften Prozesses: 0x13b4  Startzeit der fehlerhaften Anwendung:
 0x01cd5c5abcf61029  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 e3aa6f0b-c86f-11e1-b009-f0def1dce4ed
 
Error - 08.07.2012 02:25:53 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 08.07.2012 06:19:29 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4bd  ID des fehlerhaften Prozesses: 0x1468  Startzeit der fehlerhaften Anwendung:
 0x01cd5cd37e074f72  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 6697ccbe-c8e6-11e1-8544-f0def1dce4ed
 
Error - 08.07.2012 07:01:09 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Lenovo
 Solution Center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.07.2012 07:03:01 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\lenovo
 solution center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.07.2012 13:40:46 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 14.04.2012 09:38:57 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 14.04.2012 15:45:33 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 15.04.2012 02:50:46 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 15.04.2012 06:52:45 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
[ System Events ]
Error - 16.04.2012 14:08:18 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst wuauserv erreicht.
 
Error - 16.04.2012 14:08:48 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
Error - 16.04.2012 14:09:18 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst iphlpsvc erreicht.
 
Error - 16.04.2012 14:09:48 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IKEEXT erreicht.
 
Error - 19.05.2012 14:14:16 | Computer Name = username-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.05.2012 14:14:18 | Computer Name = username-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 11.06.2012 07:07:36 | Computer Name = username-THINK | Source = DCOM | ID = 10010
Description =
 
Error - 11.06.2012 07:09:20 | Computer Name = username-THINK | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
 
Error - 11.06.2012 07:12:28 | Computer Name = username-THINK | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 18.06.2012 14:00:11 | Computer Name = username-THINK | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?06.?2012 um 19:58:15 unerwartet heruntergefahren.
 
 
< End of report >

Chris4You 17.07.2012 09:00
Hi,

ok ist wieder da, CF neu runterladen (link in einem der vorangegangenen Posts)...

ComboFix-Script
Die nachfolgenden Zeilen (ohne Zitat!) abkopieren und in den Windows-Editor(Start->Programme->Zubehör->Edior)
kopieren und auf dem Desktop unter dem Namen "CFScript.txt" speichern (ohne Anführungszeichen!).

Code:
File::
C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@
Danach die CFScript.txt mit der Mause anklicken und gedrückt halten und über dem ComboFix-Symbol fallen lassen
(Maustaste loslassen, nennt man "Drag-and-Drop";o).
Jetzt sollte combofix starten und das script ausführen, poste das combofix-Log!

chris

wenjin 17.07.2012 10:47
Hier das CF-Log:
Code:
ComboFix 12-07-16.01 - username 17.07.2012  10:48:09.2.8 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8075.5748 [GMT 2:00]
ausgeführt von:: c:\users\username\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\username\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@"
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-17 bis 2012-07-17  ))))))))))))))))))))))))))))))
.
.
2012-07-17 06:30 . 2012-07-17 06:30        12872        ----a-w-        c:\windows\system32\bootdelete.exe
2012-07-17 06:22 . 2012-07-17 06:22        --------        d-----w-        c:\program files\HitmanPro
2012-07-17 06:22 . 2012-07-17 06:30        --------        d-----w-        c:\programdata\HitmanPro
2012-07-16 16:03 . 2012-07-16 16:03        --------        d-----w-        c:\users\username\AppData\Roaming\Malwarebytes
2012-07-16 16:03 . 2012-07-16 16:03        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-16 16:03 . 2012-07-16 16:03        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-16 16:03 . 2012-07-03 11:46        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-16 10:50 . 2012-07-16 10:50        --------        d-----w-        C:\_OTL
2012-07-12 09:54 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-12 09:48 . 2012-05-31 04:04        9013136        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C318FC68-32E6-4744-80FB-6ABFE53E73C0}\mpengine.dll
2012-07-08 08:01 . 2012-07-08 08:01        --------        d-----w-        c:\users\username\.thumbnails
2012-07-08 08:00 . 2012-07-08 08:00        --------        d-----w-        c:\users\username\AppData\Local\fontconfig
2012-07-08 08:00 . 2012-07-17 07:17        --------        d-----w-        c:\users\username\.gimp-2.8
2012-07-08 08:00 . 2012-07-08 08:00        --------        d-----w-        c:\users\username\AppData\Local\gegl-0.2
2012-07-08 07:56 . 2012-07-08 07:57        --------        d-----w-        c:\program files\GIMP 2
2012-07-08 06:32 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe
2012-07-06 15:17 . 2012-07-06 15:18        --------        d-----w-        C:\InterbankFX_1-Click
2012-07-06 09:09 . 2012-07-06 09:09        --------        d-----w-        c:\program files (x86)\ElsterFormular
2012-06-30 11:58 . 2012-04-24 05:37        1462272        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-30 11:58 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-06-30 11:58 . 2012-04-24 05:37        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-30 11:58 . 2012-04-24 05:37        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-30 11:58 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-06-30 11:58 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-06-30 11:57 . 2012-04-07 12:31        3216384        ----a-w-        c:\windows\system32\msi.dll
2012-06-30 11:57 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\SysWow64\msi.dll
2012-06-30 11:57 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-06-30 11:57 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-06-30 11:57 . 2012-05-01 05:40        209920        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-25 09:45 . 2012-06-25 09:45        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-25 09:45 . 2012-06-25 09:45        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-21 18:23 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-21 18:23 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-21 18:23 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-21 18:23 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-21 18:23 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-21 18:23 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-21 18:23 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-21 18:23 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-21 18:23 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-19 10:58 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-19 10:58 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-19 10:58 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-19 10:58 . 2012-05-04 11:06        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-06-19 10:58 . 2012-05-04 10:03        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-06-19 10:58 . 2012-05-04 10:03        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-06-19 10:58 . 2012-04-28 03:55        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 05:57 . 2012-04-15 06:46        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 05:57 . 2012-04-15 06:46        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-22 13:47 . 2012-06-08 08:31        405176        ----a-w-        c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-05-12 06:25 . 2012-04-14 15:59        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-05-12 06:25 . 2012-04-14 15:59        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-05-11 12:46 . 2012-05-11 12:46        644400        ----a-w-        c:\windows\SysWow64\mscomct2.ocx
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-02-27 1631808]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-12 348624]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-18 425000]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-18 39464]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2012-02-27 244800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
R4 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-02-27 478056]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120]
R4 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2012-02-27 31344]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-01 25960]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-15 23664]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-12 86224]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-23 212944]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2009704]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys [2011-05-25 101888]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-25 378472]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-17 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2011-03-04 166016]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-12-20 316080]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2012-02-27 89152]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-09-24 41536]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-14 316032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-10 418840]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\username\AppData\Roaming\Mozilla\Firefox\Profiles\upm9xjxr.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-17  11:45:11
ComboFix-quarantined-files.txt  2012-07-17 09:45
ComboFix2.txt  2012-07-16 13:10
.
Vor Suchlauf: 15 Verzeichnis(se), 67.059.044.352 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 67.007.246.336 Bytes frei
.
- - End Of File - - 452B7B4492F78F676403B07935C26D1C

Chris4You 17.07.2012 13:47
Hi,

poste noch mal ein neues OTL-Log...

chris

wenjin 17.07.2012 14:15
Hi Chris,

OTL.txt
Code:
OTL logfile created on: 17.07.2012 15:05:46 - Run 6
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\username\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,54 Gb Available Physical Memory | 70,21% Memory free
15,77 Gb Paging File | 13,30 Gb Available in Paging File | 84,32% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 62,47 Gb Free Space | 62,47% Space Free | Partition Type: NTFS
Drive D: | 348,67 Gb Total Space | 338,61 Gb Free Space | 97,11% Space Free | Partition Type: NTFS
Drive Q: | 15,62 Gb Total Space | 5,11 Gb Free Space | 32,68% Space Free | Partition Type: NTFS
 
Computer Name: username-THINK | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\username\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (jhi_service) Intel(R) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (e1cexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 11:45:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.18 20:02:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.25 11:45:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.04.14 17:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Extensions
[2012.07.17 08:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions
[2012.06.10 17:19:41 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012.06.08 10:31:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.15 10:06:08 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2012.06.10 17:26:36 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\username\AppData\Roaming\mozilla\Firefox\Profiles\upm9xjxr.default\extensions\rikaichan-jpde@polarcloud.com
[2012.05.11 07:47:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.09 08:32:35 | 000,028,993 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPM9XJXR.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
[2012.07.17 08:50:51 | 001,611,859 | ---- | M] () (No name found) -- C:\USERS\username\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UPM9XJXR.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012.06.25 11:45:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.25 11:45:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.25 11:45:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.25 11:45:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.25 11:45:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.25 11:45:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.25 11:45:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.16 15:05:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\username\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FA55A89-71BB-43F3-8157-DAEDA2C7B1FA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE0072BB-ADBE-4809-A9B3-1F3EC8E1389E}: DhcpNameServer = 172.168.111.2
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.17 11:45:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.17 10:46:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.17 10:46:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.17 10:46:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.17 10:46:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.17 10:44:59 | 004,579,127 | R--- | C] (Swearware) -- C:\Users\username\Desktop\ComboFix.exe
[2012.07.17 08:53:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe
[2012.07.17 08:30:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012.07.17 08:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012.07.17 08:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012.07.16 18:03:49 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Malwarebytes
[2012.07.16 18:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.16 18:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.16 18:03:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.16 18:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.16 14:17:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.16 12:50:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.12 11:45:09 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 11:45:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 11:45:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 11:45:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 11:45:06 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 11:45:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 11:45:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 11:45:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 11:45:03 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 11:45:02 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 11:45:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 11:45:02 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 11:45:01 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.12 11:43:38 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.12 11:43:37 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.12 11:43:29 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.12 11:43:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.12 11:43:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.08 10:01:56 | 000,000,000 | ---D | C] -- C:\Users\username\.thumbnails
[2012.07.08 10:00:12 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\fontconfig
[2012.07.08 10:00:09 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Local\gegl-0.2
[2012.07.08 10:00:09 | 000,000,000 | ---D | C] -- C:\Users\username\.gimp-2.8
[2012.07.08 09:56:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012.07.08 08:32:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2012.07.06 17:17:18 | 000,000,000 | ---D | C] -- C:\InterbankFX_1-Click
[2012.07.06 11:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2012.07.06 11:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2012.06.30 13:58:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.30 13:58:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.30 13:57:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.30 13:57:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.06.30 13:57:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.06.28 15:39:39 | 000,000,000 | ---D | C] -- C:\Users\username\AppData\Roaming\Google
[2012.06.28 15:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012.06.21 20:23:42 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.21 20:23:42 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.21 20:23:41 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.21 20:23:37 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.21 20:23:37 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.21 20:23:37 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.21 20:23:31 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.21 20:23:31 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.19 12:58:27 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.19 12:58:27 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.19 12:58:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.19 12:58:23 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.19 12:58:23 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.19 12:58:23 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.17 12:42:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.17 10:45:25 | 004,579,127 | R--- | M] (Swearware) -- C:\Users\username\Desktop\ComboFix.exe
[2012.07.17 10:42:47 | 000,080,384 | ---- | M] () -- C:\Users\username\Desktop\MBRCheck.exe
[2012.07.17 09:16:58 | 000,007,619 | ---- | M] () -- C:\Users\username\AppData\Local\recently-used.xbel
[2012.07.17 09:14:21 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.17 09:14:21 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.17 09:14:21 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.17 09:14:21 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.17 09:14:21 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.17 08:53:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\username\Desktop\OTL.exe
[2012.07.17 08:32:40 | 000,001,236 | ---- | M] () -- C:\Users\username\Desktop\hitman_log.xml
[2012.07.17 08:30:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012.07.17 08:30:09 | 000,000,136 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst
[2012.07.17 08:25:34 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 08:25:34 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.17 08:18:03 | 2055,655,423 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.16 18:03:30 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 17:57:39 | 000,000,512 | ---- | M] () -- C:\Users\username\Desktop\mbr.dat
[2012.07.16 15:05:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.16 07:57:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.16 07:57:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.16 07:50:55 | 000,000,000 | ---- | M] () -- C:\Users\username\defogger_reenable
[2012.07.16 07:50:27 | 000,050,477 | ---- | M] () -- C:\Users\username\Desktop\Defogger.exe
[2012.07.12 19:38:37 | 000,321,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 07:46:31 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.07.06 17:17:24 | 000,001,554 | ---- | M] () -- C:\Users\username\Desktop\Interbank FX Trader 4.lnk
[2012.07.06 11:09:27 | 000,001,244 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 17:29:47 | 000,001,413 | ---- | M] () -- C:\Users\username\Desktop\Free YouTube to MP3 Converter.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.17 10:46:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.17 10:46:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.17 10:46:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.17 10:46:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.17 10:46:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.17 09:16:58 | 000,007,619 | ---- | C] () -- C:\Users\username\AppData\Local\recently-used.xbel
[2012.07.17 08:30:39 | 000,001,236 | ---- | C] () -- C:\Users\username\Desktop\hitman_log.xml
[2012.07.17 08:30:09 | 000,000,136 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst
[2012.07.16 18:03:30 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.16 17:57:39 | 000,000,512 | ---- | C] () -- C:\Users\username\Desktop\mbr.dat
[2012.07.16 15:17:01 | 000,080,384 | ---- | C] () -- C:\Users\username\Desktop\MBRCheck.exe
[2012.07.16 07:50:55 | 000,000,000 | ---- | C] () -- C:\Users\username\defogger_reenable
[2012.07.16 07:50:26 | 000,050,477 | ---- | C] () -- C:\Users\username\Desktop\Defogger.exe
[2012.07.12 07:46:31 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\Lenovo Solution Center.lnk
[2012.07.08 09:57:17 | 000,000,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2012.07.06 11:09:27 | 000,001,244 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2012.03.30 14:34:08 | 000,002,048 | -HS- | C] () -- C:\Users\username\AppData\Local\{56d76256-d551-d3c2-818a-fa84f69dc1cd}\@
[2012.03.30 14:18:54 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012.03.30 04:54:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.30 04:54:02 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.30 04:54:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

< End of report >
Extras.txt:
Code:
OTL Extras logfile created on: 17.07.2012 15:05:46 - Run 6
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\username\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,54 Gb Available Physical Memory | 70,21% Memory free
15,77 Gb Paging File | 13,30 Gb Available in Paging File | 84,32% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 62,47 Gb Free Space | 62,47% Space Free | Partition Type: NTFS
Drive D: | 348,67 Gb Total Space | 338,61 Gb Free Space | 97,11% Space Free | Partition Type: NTFS
Drive Q: | 15,62 Gb Total Space | 5,11 Gb Free Space | 32,68% Space Free | Partition Type: NTFS
 
Computer Name: username-THINK | User Name: username | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27D962EE-E6AB-48AE-9062-6398B72B0609}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{61863F82-9195-4F32-8951-1CF1AA316A72}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{066C2DF9-CE01-4893-B121-87F235C1F134}" = protocol=6 | dir=in | app=d:\temp\install\hitmanpro36_x64.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5B9B913-A3B4-4DD2-B2DF-C56321165A50}" = protocol=17 | dir=in | app=d:\temp\install\hitmanpro36_x64.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 268.71
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.71
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{C862EC05-1C15-4327-B15D-C7788D6CFF73}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"0DD5528A211904214F70A66DE6ADBD378B21566D" = Windows-Treiberpaket - Intel USB  (12/21/2010 9.2.0.1021)
"43B5066463CEBC83E99586A67037B6F9FC4193FE" = Windows-Treiberpaket - Intel System  (11/20/2010 9.2.0.1016)
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"6D23A494E9A245843FB8584D9307D3E328DF8613" = Windows-Treiberpaket - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0)
"8058FF31D7C7F4818DC176DAF53CD379968C86E4" = Windows-Treiberpaket - Intel System  (09/10/2010 9.2.0.1011)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CNXT_AUDIO_HDA" = Conexant 20672 SmartAudio HD
"DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"GIMP-2_is1" = GIMP 2.8.0
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1147
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel(R) Identity Protection Technology 1.1.2.0
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH_Media_Driver_v2.14.18.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"ElsterFormular 13.2.0.8623k" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"KaloMa_is1" = KaloMa 4.93
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 13.0.1 (x86 de)" = Mozilla Thunderbird 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless
"Winamp" = Winamp
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.07.2012 07:24:39 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 07.07.2012 08:32:52 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Lenovo
 Solution Center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.07.2012 08:34:42 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\lenovo
 solution center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.07.2012 09:25:13 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0017f5f0  ID des fehlerhaften Prozesses: 0x154c  Startzeit der fehlerhaften Anwendung:
 0x01cd5c42d217341d  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 2e4deada-c837-11e1-b009-f0def1dce4ed
 
Error - 07.07.2012 16:11:09 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x001d58e3  ID des fehlerhaften Prozesses: 0x13b4  Startzeit der fehlerhaften Anwendung:
 0x01cd5c5abcf61029  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 e3aa6f0b-c86f-11e1-b009-f0def1dce4ed
 
Error - 08.07.2012 02:25:53 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
Error - 08.07.2012 06:19:29 | Computer Name = username-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
 Version: 11.3.300.257, Zeitstempel: 0x4fc82063  Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
 Version: 11.3.300.257, Zeitstempel: 0x4fc821fc  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x0016b4bd  ID des fehlerhaften Prozesses: 0x1468  Startzeit der fehlerhaften Anwendung:
 0x01cd5cd37e074f72  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
 6697ccbe-c8e6-11e1-8544-f0def1dce4ed
 
Error - 08.07.2012 07:01:09 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Lenovo
 Solution Center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.07.2012 07:03:01 | Computer Name = username-THINK | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Lenovo\lenovo
 solution center\App\diag\flex_comm_sample.exe".  Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.07.2012 13:40:46 | Computer Name = username-THINK | Source = WinMgmt | ID = 10
Description =
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 14.04.2012 09:38:57 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 14.04.2012 15:45:33 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 15.04.2012 02:50:46 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
Error - 15.04.2012 06:52:45 | Computer Name = username-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht gefunden.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (404) Nicht
 gefunden.
 
[ System Events ]
Error - 16.04.2012 14:08:18 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst wuauserv erreicht.
 
Error - 16.04.2012 14:08:48 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
Error - 16.04.2012 14:09:18 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst iphlpsvc erreicht.
 
Error - 16.04.2012 14:09:48 | Computer Name = username-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IKEEXT erreicht.
 
Error - 19.05.2012 14:14:16 | Computer Name = username-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 19.05.2012 14:14:18 | Computer Name = username-THINK | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 11.06.2012 07:07:36 | Computer Name = username-THINK | Source = DCOM | ID = 10010
Description =
 
Error - 11.06.2012 07:09:20 | Computer Name = username-THINK | Source = Microsoft-Windows-LanguagePackSetup | ID = 1000
Description = Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
 
Error - 11.06.2012 07:12:28 | Computer Name = username-THINK | Source = WMPNetworkSvc | ID = 866300
Description =
 
Error - 18.06.2012 14:00:11 | Computer Name = username-THINK | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?06.?2012 um 19:58:15 unerwartet heruntergefahren.
 
 
< End of report >


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:10 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129