BKA-Trojaner Gewalt und Kinderpornografie

holger55 · 12.12.2011, 00:39

Hallo,

zunächst vielen Dank für Eure Hilfe.

Ich war unter Windows 7 (64bit) mit dem Gast-Account (mit firefox) online, dann war auf einmal Taskleiste weg, Task-Manager nicht aufrufbar und eine IE-Seite mit einer Version des BKA-Trojaners zu sehen.

Hab das System dann heruntergefahren, bin im abgesicherten Modus rein (Admin) und habe das System per Systemwiederherstellung auf den Stand vom 8.12. (also 3-4 Tage vorher) zurückgesetzt.

Seitdem kann ich den Gast-Account wieder normal benutzen (die anderen hatte ich zwischenzeitlich nicht ausprobiert), das angebliche BKA-Fenster erscheint also nicht und auch auf Taskleiste, Startmenü und Task-Manager habe ich wieder Zugriff.

Naja, um wirklich klar Schiff zu machen, reicht das ja wohl wahrscheinlich nicht aus, oder? Hier wäre ich für Eure Unterstützung dankbar.

---

Habe also Defogger wie von Euch in der Einführung für Hilfesuchende beschrieben laufen lassen (Neustartmeldung kam allerdings nicht).

Dann der OTL-scan.

Hier folgt die OTL.txt-Datei, die Extras.txt befindet sich im Anhang:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 12.12.2011 00:06:34 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Gast\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 64,64% Memory free
7,72 Gb Paging File | 6,08 Gb Available in Paging File | 78,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,82 Gb Total Space | 45,65 Gb Free Space | 10,04% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 0,00 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
 
Computer Name: FELITHINK | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.12 00:00:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gast\Downloads\OTL.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.25 22:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011.05.26 18:43:12 | 000,328,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.05.10 02:59:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
PRC - [2011.05.10 02:59:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.04.14 12:24:26 | 000,410,984 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
PRC - [2011.04.14 12:22:42 | 000,361,832 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2011.04.14 12:22:28 | 000,263,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
PRC - [2011.04.14 12:22:26 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2011.04.04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.03.29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.03.08 12:21:18 | 000,138,168 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.02.18 10:19:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.01.14 14:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.01.14 14:52:08 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe
PRC - [2011.01.14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2010.11.29 16:32:44 | 000,069,560 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2010.07.21 16:26:14 | 000,611,696 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010.05.03 12:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.05.03 12:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe
PRC - [2010.04.01 14:50:44 | 000,043,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009.08.28 13:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.05.27 21:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.29 18:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2011.02.01 13:05:12 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.09.29 16:25:48 | 000,126,392 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.25 22:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.05.10 02:59:00 | 000,477,032 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011.05.10 02:59:00 | 000,148,840 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.05.10 02:59:00 | 000,083,304 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.05.02 13:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2011.05.02 13:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2011.04.20 09:04:38 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.04.14 12:22:28 | 000,263,528 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2011.04.14 12:22:26 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2011.04.04 09:27:20 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.03.29 12:41:08 | 000,064,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.02.18 10:19:06 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.01.14 14:52:10 | 000,065,896 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011.01.14 14:51:56 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.07.21 16:26:14 | 000,611,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010.05.03 12:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.05.03 12:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.04.07 14:37:38 | 000,093,032 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.28 13:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.08.11 15:59:38 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.29 03:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008.01.16 08:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.12 00:02:57 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.23 14:33:32 | 000,167,040 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2011.05.19 20:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.05.10 02:59:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011.05.10 02:59:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.05.01 13:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.04.13 11:07:50 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.04.11 13:27:15 | 000,358,480 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a2djavs.sys -- (a2djavs)
DRV:64bit: - [2011.04.11 13:27:15 | 000,096,848 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a2djusb.sys -- (a2djusb_svc)
DRV:64bit: - [2011.03.29 18:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2011.03.29 18:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.01 13:05:12 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010.12.17 15:51:46 | 000,299,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2010.12.17 15:51:44 | 001,493,632 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2010.12.17 15:51:42 | 000,748,160 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.08.25 10:46:18 | 000,682,624 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.07.22 10:39:10 | 000,295,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2010.05.24 00:43:11 | 000,038,536 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2010.05.10 13:47:58 | 000,016,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2010.05.10 13:43:24 | 000,023,736 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.10 11:19:12 | 000,034,600 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.15 04:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.13 07:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.10.26 06:52:00 | 000,061,952 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2009.10.26 04:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.29 16:25:50 | 000,012,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.24 12:58:38 | 000,041,536 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tvti2c.sys -- (TVTI2C)
DRV:64bit: - [2009.09.17 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.07.02 03:16:02 | 000,040,512 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2009.07.01 04:46:00 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.01 04:46:00 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.01 04:46:00 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.11 03:33:56 | 000,118,016 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LenovoRd.sys -- (LenovoRd)
DRV:64bit: - [2009.04.07 07:33:00 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2011.10.25 11:14:06 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.13 13:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- c:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp2) SMI Helper Driver (smihlp2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.18 23:08:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.05 17:36:11 | 000,000,000 | ---D | M]
 
[2010.10.26 10:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2010.10.26 10:42:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\contact@callgraph.in
[2010.10.26 10:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\x8k9gg9l.default\extensions
[2011.08.16 20:10:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.26 12:17:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.06.14 17:59:14 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files (x86)\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.06.14 18:38:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.10.18 23:08:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.06.14 18:38:49 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.18 23:08:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.18 23:08:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.18 23:08:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.18 23:08:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.18 23:08:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.18 23:08:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.03.31 18:03:23 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4:64bit: - HKLM..\RunOnce: [*Restore] C:\Windows\SysNative\rstrui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E43D93A2-600D-4586-AE3D-9CB9BD3D8272}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - (c:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - c:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{a83da3e4-66c3-11df-85fd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a83da3e4-66c3-11df-85fd-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.12 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Neuer Ordner (2)
[2011.12.12 00:01:33 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Neuer Ordner
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.12 03:24:53 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat
[2011.12.12 00:10:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011.12.12 00:07:00 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011.12.12 00:02:57 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.12 00:01:00 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2011.12.11 23:54:55 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 23:54:55 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 23:54:54 | 001,646,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.11 23:54:54 | 000,711,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.11 23:54:54 | 000,662,950 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.11 23:54:54 | 000,153,766 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.11 23:54:54 | 000,124,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.11 23:47:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.11 23:46:57 | 3110,866,944 | -HS- | M] () -- C:\hiberfil.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.12 03:24:53 | 000,001,732 | ---- | C] () -- C:\tvtpktfilter.dat
[2011.12.12 00:01:00 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2011.08.04 14:11:39 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010.06.15 16:16:35 | 000,007,614 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2010.06.14 18:34:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.24 01:22:25 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.24 00:45:11 | 001,612,392 | ---- | C] () -- C:\Windows\SysWow64\nView.dll
[2010.05.24 00:45:11 | 001,108,584 | ---- | C] () -- C:\Windows\SysWow64\nvwimg.dll
[2010.05.24 00:45:11 | 000,256,616 | ---- | C] () -- C:\Windows\SysWow64\nViewSetup.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010.10.26 10:51:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Call Graph
[2011.11.09 14:03:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\foobar2000
[2011.10.27 14:58:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HandBrake
[2010.06.28 11:12:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Juniper Networks
[2010.06.14 23:49:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Lenovo
[2011.05.07 16:56:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PCDr
[2011.07.06 00:54:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PwrMgr
[2010.10.26 10:42:30 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sedna Wireless
[2011.05.07 16:48:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Update
[2011.12.12 00:10:00 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011.10.27 17:51:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.12.12 00:07:00 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.10.06 11:48:07 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.11 00:13:24 | 000,000,000 | ---D | M] -- C:\8f1218f4348cc9923cc81bc37a870dfe
[2009.07.24 18:28:56 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.10.27 13:00:43 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.06.14 17:25:59 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.24 00:42:56 | 000,000,000 | ---D | M] -- C:\Intel
[2010.05.24 10:15:18 | 000,000,000 | ---D | M] -- C:\mfg
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.08 16:02:39 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.09 17:32:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.11 23:43:32 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.14 17:25:59 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.06.14 17:26:23 | 000,000,000 | RHSD | M] -- C:\RRbackups
[2011.12.11 23:43:32 | 000,000,000 | ---D | M] -- C:\swshare
[2010.11.27 12:19:53 | 000,000,000 | ---D | M] -- C:\SWTOOLS
[2011.12.12 00:07:30 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.06 11:48:01 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.11 23:44:51 | 000,000,000 | ---D | M] -- C:\Windows
[2010.07.27 13:44:47 | 000,000,000 | ---D | M] -- C:\_SMA
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2010.05.24 10:27:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010.05.24 10:29:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.05.24 10:27:18 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010.05.24 10:28:06 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.05.24 10:29:39 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.05.24 10:28:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010.05.24 10:29:39 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.05.24 10:28:06 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010.05.24 10:29:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.05.24 10:27:18 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010.05.24 10:28:06 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010.05.24 10:27:18 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.05.24 10:29:27 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_cbde32e1ee86914c\winlogon.exe
[2010.05.24 10:29:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.05.24 10:29:39 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2010.05.24 10:29:27 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=FEFF314FF78051201309E47D90554BE8 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_cc6fd1fd079cfbce\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >

--- --- ---

Vielen Dank, Holger55

Chris4You · 12.12.2011, 07:48

Hi,

bitte noch
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

durchführen und Log posten...

Zur Sicherheit noch:

TDSS-Killer
Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

holger55 · 12.12.2011, 17:14

Hallo Chris,

vielen Dank!

Hier das Malwarebyte-Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8356

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12.12.2011 16:07:56
mbam-log-2011-12-12 (16-07-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 477605
Laufzeit: 2 Stunde(n), 51 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Gast\AppData\Roaming\Help\ceptr.tll (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Gast\AppData\Roaming\Help\comm.tll (Malware.Trace) -> Quarantined and deleted successfully.

Und dann noch TDSS-Killer:

16:22:54.0870 2264 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
16:22:54.0885 2264 ============================================================
16:22:54.0885 2264 Current date / time: 2011/12/12 16:22:54.0885
16:22:54.0885 2264 SystemInfo:
16:22:54.0885 2264
16:22:54.0885 2264 OS Version: 6.1.7601 ServicePack: 1.0
16:22:54.0885 2264 Product type: Workstation
16:22:54.0885 2264 ComputerName: FELITHINK
16:22:54.0885 2264 UserName: Admin
16:22:54.0885 2264 Windows directory: C:\Windows
16:22:54.0885 2264 System windows directory: C:\Windows
16:22:54.0885 2264 Running under WOW64
16:22:54.0885 2264 Processor architecture: Intel x64
16:22:54.0885 2264 Number of processors: 4
16:22:54.0885 2264 Page size: 0x1000
16:22:54.0885 2264 Boot type: Normal boot
16:22:54.0885 2264 ============================================================
16:22:55.0260 2264 Initialize success
16:23:23.0334 2332 ============================================================
16:23:23.0334 2332 Scan started
16:23:23.0334 2332 Mode: Manual;
16:23:23.0334 2332 ============================================================
16:23:24.0161 2332 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:23:24.0161 2332 1394ohci - ok
16:23:24.0270 2332 5U877 (0839005949ea2da7e9420a66614c6649) C:\Windows\system32\DRIVERS\5U877.sys
16:23:24.0270 2332 5U877 - ok
16:23:24.0379 2332 a2djavs (920eebd5224f7469efd58253affdf063) C:\Windows\system32\Drivers\a2djavs.sys
16:23:24.0395 2332 a2djavs - ok
16:23:24.0442 2332 a2djusb_svc (8f1bbdf8db4f96b99d13f931b96ecee0) C:\Windows\system32\Drivers\a2djusb.sys
16:23:24.0442 2332 a2djusb_svc - ok
16:23:24.0504 2332 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:23:24.0504 2332 ACPI - ok
16:23:24.0613 2332 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:23:24.0613 2332 AcpiPmi - ok
16:23:24.0738 2332 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:23:24.0754 2332 adp94xx - ok
16:23:24.0800 2332 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:23:24.0816 2332 adpahci - ok
16:23:24.0847 2332 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:23:24.0863 2332 adpu320 - ok
16:23:24.0972 2332 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:23:24.0988 2332 AFD - ok
16:23:25.0097 2332 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:23:25.0097 2332 agp440 - ok
16:23:25.0222 2332 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:23:25.0222 2332 aliide - ok
16:23:25.0253 2332 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:23:25.0253 2332 amdide - ok
16:23:25.0284 2332 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:23:25.0300 2332 AmdK8 - ok
16:23:25.0300 2332 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:23:25.0315 2332 AmdPPM - ok
16:23:25.0409 2332 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:23:25.0409 2332 amdsata - ok
16:23:25.0440 2332 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:23:25.0440 2332 amdsbs - ok
16:23:25.0487 2332 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:23:25.0487 2332 amdxata - ok
16:23:25.0658 2332 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:23:25.0658 2332 AppID - ok
16:23:25.0736 2332 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:23:25.0752 2332 arc - ok
16:23:25.0783 2332 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:23:25.0783 2332 arcsas - ok
16:23:25.0877 2332 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:23:25.0877 2332 AsyncMac - ok
16:23:25.0955 2332 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:23:25.0955 2332 atapi - ok
16:23:26.0080 2332 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
16:23:26.0095 2332 avgntflt - ok
16:23:26.0220 2332 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
16:23:26.0236 2332 avipbb - ok
16:23:26.0298 2332 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:23:26.0298 2332 avkmgr - ok
16:23:26.0438 2332 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:23:26.0438 2332 b06bdrv - ok
16:23:26.0516 2332 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:23:26.0516 2332 b57nd60a - ok
16:23:26.0688 2332 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:23:26.0688 2332 Beep - ok
16:23:26.0813 2332 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:23:26.0813 2332 blbdrive - ok
16:23:26.0875 2332 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:23:26.0875 2332 bowser - ok
16:23:26.0953 2332 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:23:26.0953 2332 BrFiltLo - ok
16:23:27.0000 2332 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:23:27.0000 2332 BrFiltUp - ok
16:23:27.0094 2332 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:23:27.0094 2332 Brserid - ok
16:23:27.0156 2332 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:23:27.0156 2332 BrSerWdm - ok
16:23:27.0156 2332 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:23:27.0156 2332 BrUsbMdm - ok
16:23:27.0203 2332 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:23:27.0203 2332 BrUsbSer - ok
16:23:27.0328 2332 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:23:27.0328 2332 BthEnum - ok
16:23:27.0374 2332 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:23:27.0374 2332 BTHMODEM - ok
16:23:27.0437 2332 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:23:27.0437 2332 BthPan - ok
16:23:27.0546 2332 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:23:27.0546 2332 BTHPORT - ok
16:23:27.0624 2332 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:23:27.0624 2332 BTHUSB - ok
16:23:27.0702 2332 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
16:23:27.0702 2332 btwaudio - ok
16:23:27.0764 2332 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
16:23:27.0780 2332 btwavdt - ok
16:23:27.0842 2332 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:23:27.0858 2332 btwl2cap - ok
16:23:27.0905 2332 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
16:23:27.0905 2332 btwrchid - ok
16:23:28.0014 2332 CAXHWAZL (9c4e50bea239e2d45099ec919f779db0) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
16:23:28.0030 2332 CAXHWAZL - ok
16:23:28.0061 2332 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:23:28.0061 2332 cdfs - ok
16:23:28.0154 2332 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:23:28.0154 2332 cdrom - ok
16:23:28.0232 2332 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:23:28.0232 2332 circlass - ok
16:23:28.0264 2332 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:23:28.0264 2332 CLFS - ok
16:23:28.0357 2332 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:23:28.0357 2332 CmBatt - ok
16:23:28.0420 2332 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:23:28.0420 2332 cmdide - ok
16:23:28.0482 2332 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:23:28.0498 2332 CNG - ok
16:23:28.0607 2332 CnxtHdAudService (22bc1c27274d1cb1c3a8c14cdba0cdf2) C:\Windows\system32\drivers\CHDRT64.sys
16:23:28.0622 2332 CnxtHdAudService - ok
16:23:28.0716 2332 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:23:28.0716 2332 Compbatt - ok
16:23:28.0794 2332 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:23:28.0794 2332 CompositeBus - ok
16:23:28.0872 2332 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:23:28.0872 2332 crcdisk - ok
16:23:28.0950 2332 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:23:28.0966 2332 CSC - ok
16:23:29.0075 2332 CVirtA (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
16:23:29.0075 2332 CVirtA - ok
16:23:29.0106 2332 CVPNDRVA (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
16:23:29.0122 2332 CVPNDRVA - ok
16:23:29.0231 2332 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:23:29.0231 2332 DfsC - ok
16:23:29.0293 2332 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:23:29.0309 2332 discache - ok
16:23:29.0402 2332 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:23:29.0402 2332 Disk - ok
16:23:29.0496 2332 DNE (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
16:23:29.0496 2332 DNE - ok
16:23:29.0636 2332 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
16:23:29.0636 2332 dot4 - ok
16:23:29.0699 2332 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:23:29.0699 2332 Dot4Print - ok
16:23:29.0746 2332 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
16:23:29.0761 2332 dot4usb - ok
16:23:29.0855 2332 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:23:29.0855 2332 drmkaud - ok
16:23:29.0917 2332 dsNcAdpt (47fcc78d22fe5cb88f7aa9ab650a9f1c) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
16:23:29.0917 2332 dsNcAdpt - ok
16:23:30.0011 2332 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:23:30.0026 2332 DXGKrnl - ok
16:23:30.0182 2332 DzHDD64 (ce4cffd9f64b86bceb1c343fc9924d72) C:\Windows\system32\DRIVERS\DzHDD64.sys
16:23:30.0182 2332 DzHDD64 - ok
16:23:30.0260 2332 e1kexpress (3fac023e44bcae77e62770f8fd476a2a) C:\Windows\system32\DRIVERS\e1k62x64.sys
16:23:30.0260 2332 e1kexpress - ok
16:23:30.0354 2332 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:23:30.0385 2332 ebdrv - ok
16:23:30.0510 2332 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:23:30.0526 2332 elxstor - ok
16:23:30.0572 2332 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:23:30.0588 2332 ErrDev - ok
16:23:30.0650 2332 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:23:30.0666 2332 exfat - ok
16:23:30.0744 2332 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:23:30.0760 2332 fastfat - ok
16:23:30.0822 2332 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:23:30.0838 2332 fdc - ok
16:23:30.0900 2332 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:23:30.0916 2332 FileInfo - ok
16:23:30.0931 2332 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:23:30.0931 2332 Filetrace - ok
16:23:30.0947 2332 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:23:30.0947 2332 flpydisk - ok
16:23:31.0009 2332 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:23:31.0009 2332 FltMgr - ok
16:23:31.0087 2332 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:23:31.0103 2332 FsDepends - ok
16:23:31.0118 2332 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:23:31.0118 2332 Fs_Rec - ok
16:23:31.0196 2332 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:23:31.0196 2332 fvevol - ok
16:23:31.0243 2332 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:23:31.0243 2332 gagp30kx - ok
16:23:31.0290 2332 GEARAspiWDM - ok
16:23:31.0337 2332 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:23:31.0337 2332 hcw85cir - ok
16:23:31.0477 2332 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:23:31.0493 2332 HdAudAddService - ok
16:23:31.0524 2332 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:23:31.0524 2332 HDAudBus - ok
16:23:31.0586 2332 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:23:31.0586 2332 HECIx64 - ok
16:23:31.0602 2332 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:23:31.0618 2332 HidBatt - ok
16:23:31.0664 2332 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:23:31.0680 2332 HidBth - ok
16:23:31.0680 2332 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:23:31.0696 2332 HidIr - ok
16:23:31.0742 2332 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:23:31.0758 2332 HidUsb - ok
16:23:31.0898 2332 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:23:31.0914 2332 HpSAMD - ok
16:23:31.0992 2332 HSF_DPV (5a518b63d408b2dbc1778788456e1a66) C:\Windows\system32\DRIVERS\CAX_DPV.sys
16:23:32.0008 2332 HSF_DPV - ok
16:23:32.0164 2332 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:23:32.0179 2332 HTTP - ok
16:23:32.0242 2332 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:23:32.0242 2332 hwpolicy - ok
16:23:32.0320 2332 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:23:32.0320 2332 i8042prt - ok
16:23:32.0366 2332 iaStor (85977cd13fc16069ce0af7943a811775) C:\Windows\system32\DRIVERS\iaStor.sys
16:23:32.0366 2332 iaStor - ok
16:23:32.0491 2332 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:23:32.0507 2332 iaStorV - ok
16:23:32.0569 2332 IBMPMDRV (a9bd44426a69079240767fe4aee0ea71) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
16:23:32.0585 2332 IBMPMDRV - ok
16:23:32.0710 2332 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:23:32.0772 2332 igfx - ok
16:23:32.0881 2332 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:23:32.0897 2332 iirsp - ok
16:23:32.0959 2332 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
16:23:32.0975 2332 Impcd - ok
16:23:33.0022 2332 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:23:33.0037 2332 intelide - ok
16:23:33.0100 2332 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:23:33.0100 2332 intelppm - ok
16:23:33.0224 2332 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:23:33.0240 2332 IpFilterDriver - ok
16:23:33.0256 2332 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:23:33.0256 2332 IPMIDRV - ok
16:23:33.0318 2332 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:23:33.0334 2332 IPNAT - ok
16:23:33.0380 2332 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:23:33.0380 2332 IRENUM - ok
16:23:33.0427 2332 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:23:33.0443 2332 isapnp - ok
16:23:33.0458 2332 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:23:33.0474 2332 iScsiPrt - ok
16:23:33.0583 2332 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:23:33.0583 2332 kbdclass - ok
16:23:33.0630 2332 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:23:33.0646 2332 kbdhid - ok
16:23:33.0692 2332 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:23:33.0692 2332 KSecDD - ok
16:23:33.0739 2332 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:23:33.0739 2332 KSecPkg - ok
16:23:33.0770 2332 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:23:33.0770 2332 ksthunk - ok
16:23:33.0911 2332 lenovo.smi (2b9d8555dc004e240082d18e7725ce20) C:\Windows\system32\DRIVERS\smiifx64.sys
16:23:33.0926 2332 lenovo.smi - ok
16:23:34.0004 2332 LenovoRd (606da892a53fa863b67f8d3f8ff016a0) C:\Windows\system32\Drivers\LenovoRd.sys
16:23:34.0004 2332 LenovoRd - ok
16:23:34.0067 2332 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:23:34.0067 2332 lltdio - ok
16:23:34.0192 2332 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:23:34.0207 2332 LSI_FC - ok
16:23:34.0223 2332 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:23:34.0223 2332 LSI_SAS - ok
16:23:34.0238 2332 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:23:34.0238 2332 LSI_SAS2 - ok
16:23:34.0301 2332 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:23:34.0301 2332 LSI_SCSI - ok
16:23:34.0332 2332 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:23:34.0332 2332 luafv - ok
16:23:34.0394 2332 mdmxsdk (fc631425ed761ea1f24738aa15ff5a7d) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:23:34.0394 2332 mdmxsdk - ok
16:23:34.0426 2332 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:23:34.0426 2332 megasas - ok
16:23:34.0457 2332 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:23:34.0457 2332 MegaSR - ok
16:23:34.0519 2332 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:23:34.0519 2332 Modem - ok
16:23:34.0566 2332 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:23:34.0566 2332 monitor - ok
16:23:34.0628 2332 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:23:34.0644 2332 mouclass - ok
16:23:34.0691 2332 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:23:34.0706 2332 mouhid - ok
16:23:34.0753 2332 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:23:34.0753 2332 mountmgr - ok
16:23:34.0816 2332 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:23:34.0816 2332 mpio - ok
16:23:34.0878 2332 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:23:34.0878 2332 mpsdrv - ok
16:23:34.0940 2332 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:23:34.0940 2332 MRxDAV - ok
16:23:35.0018 2332 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:23:35.0034 2332 mrxsmb - ok
16:23:35.0081 2332 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:23:35.0081 2332 mrxsmb10 - ok
16:23:35.0112 2332 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:23:35.0112 2332 mrxsmb20 - ok
16:23:35.0174 2332 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:23:35.0174 2332 msahci - ok
16:23:35.0252 2332 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:23:35.0252 2332 msdsm - ok
16:23:35.0299 2332 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:23:35.0299 2332 Msfs - ok
16:23:35.0377 2332 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:23:35.0377 2332 mshidkmdf - ok
16:23:35.0393 2332 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:23:35.0393 2332 msisadrv - ok
16:23:35.0455 2332 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:23:35.0455 2332 MSKSSRV - ok
16:23:35.0471 2332 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:23:35.0471 2332 MSPCLOCK - ok
16:23:35.0486 2332 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:23:35.0486 2332 MSPQM - ok
16:23:35.0549 2332 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:23:35.0549 2332 MsRPC - ok
16:23:35.0611 2332 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:23:35.0611 2332 mssmbios - ok
16:23:35.0689 2332 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:23:35.0689 2332 MSTEE - ok
16:23:35.0705 2332 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:23:35.0705 2332 MTConfig - ok
16:23:35.0783 2332 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:23:35.0783 2332 Mup - ok
16:23:35.0861 2332 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:23:35.0861 2332 NativeWifiP - ok
16:23:35.0954 2332 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:23:35.0970 2332 NDIS - ok
16:23:36.0048 2332 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:23:36.0048 2332 NdisCap - ok
16:23:36.0095 2332 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:23:36.0095 2332 NdisTapi - ok
16:23:36.0142 2332 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:23:36.0157 2332 Ndisuio - ok
16:23:36.0204 2332 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:23:36.0220 2332 NdisWan - ok
16:23:36.0282 2332 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:23:36.0298 2332 NDProxy - ok
16:23:36.0376 2332 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:23:36.0376 2332 NetBIOS - ok
16:23:36.0438 2332 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:23:36.0454 2332 NetBT - ok
16:23:36.0656 2332 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:23:36.0750 2332 NETw5s64 - ok
16:23:36.0937 2332 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
16:23:36.0984 2332 netw5v64 - ok
16:23:37.0265 2332 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:23:37.0421 2332 NETwNs64 - ok
16:23:37.0530 2332 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:23:37.0546 2332 nfrd960 - ok
16:23:37.0608 2332 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:23:37.0608 2332 Npfs - ok
16:23:37.0624 2332 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:23:37.0624 2332 nsiproxy - ok
16:23:37.0702 2332 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:23:37.0733 2332 Ntfs - ok
16:23:37.0811 2332 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:23:37.0811 2332 Null - ok
16:23:37.0873 2332 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
16:23:37.0889 2332 NVHDA - ok
16:23:38.0123 2332 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:23:38.0185 2332 nvlddmkm - ok
16:23:38.0326 2332 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:23:38.0326 2332 nvraid - ok
16:23:38.0357 2332 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:23:38.0357 2332 nvstor - ok
16:23:38.0419 2332 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:23:38.0435 2332 nv_agp - ok
16:23:38.0450 2332 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:23:38.0466 2332 ohci1394 - ok
16:23:38.0528 2332 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:23:38.0544 2332 Parport - ok
16:23:38.0606 2332 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:23:38.0606 2332 partmgr - ok
16:23:38.0700 2332 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:23:38.0700 2332 pci - ok
16:23:38.0731 2332 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:23:38.0731 2332 pciide - ok
16:23:38.0747 2332 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:23:38.0762 2332 pcmcia - ok
16:23:38.0778 2332 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:23:38.0778 2332 pcw - ok
16:23:38.0794 2332 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:23:38.0809 2332 PEAUTH - ok
16:23:38.0856 2332 pmxdrv (34bfc6ed31b4e8be940c884b8ac7d9df) C:\Windows\system32\drivers\pmxdrv.sys
16:23:38.0856 2332 pmxdrv - ok
16:23:39.0012 2332 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:23:39.0028 2332 PptpMiniport - ok
16:23:39.0043 2332 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:23:39.0059 2332 Processor - ok
16:23:39.0121 2332 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys
16:23:39.0137 2332 psadd - ok
16:23:39.0199 2332 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:23:39.0199 2332 Psched - ok
16:23:39.0371 2332 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:23:39.0402 2332 ql2300 - ok
16:23:39.0418 2332 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:23:39.0418 2332 ql40xx - ok
16:23:39.0449 2332 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:23:39.0449 2332 QWAVEdrv - ok
16:23:39.0464 2332 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:23:39.0464 2332 RasAcd - ok
16:23:39.0574 2332 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:23:39.0589 2332 RasAgileVpn - ok
16:23:39.0636 2332 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:23:39.0652 2332 Rasl2tp - ok
16:23:39.0667 2332 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:23:39.0667 2332 RasPppoe - ok
16:23:39.0683 2332 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:23:39.0698 2332 RasSstp - ok
16:23:39.0745 2332 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:23:39.0761 2332 rdbss - ok
16:23:39.0776 2332 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:23:39.0776 2332 rdpbus - ok
16:23:39.0792 2332 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:23:39.0792 2332 RDPCDD - ok
16:23:39.0854 2332 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:23:39.0870 2332 RDPDR - ok
16:23:39.0979 2332 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:23:39.0979 2332 RDPENCDD - ok
16:23:39.0995 2332 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:23:39.0995 2332 RDPREFMP - ok
16:23:40.0042 2332 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:23:40.0057 2332 RDPWD - ok
16:23:40.0104 2332 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:23:40.0120 2332 rdyboost - ok
16:23:40.0182 2332 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:23:40.0198 2332 RFCOMM - ok
16:23:40.0291 2332 rimspci (3dca561aaf776aa2e356fb5b142aa5f8) C:\Windows\system32\DRIVERS\rimspe64.sys
16:23:40.0291 2332 rimspci - ok
16:23:40.0369 2332 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:23:40.0385 2332 rspndr - ok
16:23:40.0432 2332 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:23:40.0447 2332 s3cap - ok
16:23:40.0478 2332 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:23:40.0478 2332 sbp2port - ok
16:23:40.0541 2332 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:23:40.0541 2332 scfilter - ok
16:23:40.0603 2332 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:23:40.0603 2332 sdbus - ok
16:23:40.0728 2332 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:23:40.0728 2332 secdrv - ok
16:23:40.0790 2332 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:23:40.0790 2332 Serenum - ok
16:23:40.0806 2332 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:23:40.0806 2332 Serial - ok
16:23:40.0884 2332 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:23:40.0884 2332 sermouse - ok
16:23:40.0915 2332 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
16:23:40.0931 2332 sffdisk - ok
16:23:40.0946 2332 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:23:40.0946 2332 sffp_mmc - ok
16:23:40.0962 2332 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
16:23:40.0978 2332 sffp_sd - ok
16:23:40.0978 2332 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:23:40.0993 2332 sfloppy - ok
16:23:41.0118 2332 Shockprf (c3f190562fe82efda7ccef305ebad3e3) C:\Windows\system32\DRIVERS\Apsx64.sys
16:23:41.0118 2332 Shockprf - ok
16:23:41.0149 2332 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:23:41.0165 2332 SiSRaid2 - ok
16:23:41.0180 2332 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:23:41.0196 2332 SiSRaid4 - ok
16:23:41.0243 2332 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:23:41.0243 2332 Smb - ok
16:23:41.0352 2332 smihlp2 (c5b1a19b14f19b08ae72fcb20a3075b6) c:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
16:23:41.0352 2332 smihlp2 - ok
16:23:41.0492 2332 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:23:41.0492 2332 spldr - ok
16:23:41.0570 2332 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:23:41.0586 2332 srv - ok
16:23:41.0617 2332 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:23:41.0617 2332 srv2 - ok
16:23:41.0742 2332 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:23:41.0742 2332 SrvHsfHDA - ok
16:23:41.0789 2332 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:23:41.0820 2332 SrvHsfV92 - ok
16:23:41.0851 2332 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:23:41.0867 2332 SrvHsfWinac - ok
16:23:41.0960 2332 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:23:41.0976 2332 srvnet - ok
16:23:42.0054 2332 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:23:42.0070 2332 stexstor - ok
16:23:42.0132 2332 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:23:42.0132 2332 storflt - ok
16:23:42.0210 2332 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:23:42.0210 2332 storvsc - ok
16:23:42.0319 2332 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:23:42.0319 2332 swenum - ok
16:23:42.0413 2332 SynTP (ffdd13b42d4b106ac9fafbb0e1f7faa5) C:\Windows\system32\DRIVERS\SynTP.sys
16:23:42.0428 2332 SynTP - ok
16:23:42.0584 2332 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:23:42.0616 2332 Tcpip - ok
16:23:42.0694 2332 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:23:42.0709 2332 TCPIP6 - ok
16:23:42.0787 2332 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:23:42.0787 2332 tcpipreg - ok
16:23:42.0818 2332 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:23:42.0834 2332 TDPIPE - ok
16:23:42.0850 2332 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:23:42.0850 2332 TDTCP - ok
16:23:42.0912 2332 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:23:42.0912 2332 tdx - ok
16:23:42.0959 2332 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:23:42.0974 2332 TermDD - ok
16:23:43.0115 2332 TPDIGIMN (1bb77eccbfa3675b1ee8d6d6d37a1e1e) C:\Windows\system32\DRIVERS\ApsHM64.sys
16:23:43.0115 2332 TPDIGIMN - ok
16:23:43.0224 2332 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
16:23:43.0224 2332 TPM - ok
16:23:43.0255 2332 TPPWRIF (7165b5a9b4867f64a6d6935f57d4196b) C:\Windows\system32\drivers\Tppwr64v.sys
16:23:43.0271 2332 TPPWRIF - ok
16:23:43.0318 2332 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:23:43.0333 2332 tssecsrv - ok
16:23:43.0380 2332 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:23:43.0396 2332 TsUsbFlt - ok
16:23:43.0505 2332 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:23:43.0520 2332 tunnel - ok
16:23:43.0567 2332 TurboB (53ff5f00eab07e329abe48ae3de4f5d7) C:\Windows\system32\DRIVERS\TurboB.sys
16:23:43.0567 2332 TurboB - ok
16:23:43.0630 2332 TVTI2C (4daae0413cd4e816258838e2fafb3147) C:\Windows\system32\DRIVERS\Tvti2c.sys
16:23:43.0645 2332 TVTI2C - ok
16:23:43.0676 2332 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:23:43.0676 2332 uagp35 - ok
16:23:43.0739 2332 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:23:43.0739 2332 udfs - ok
16:23:43.0817 2332 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:23:43.0817 2332 uliagpkx - ok
16:23:43.0895 2332 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:23:43.0910 2332 umbus - ok
16:23:43.0926 2332 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:23:43.0942 2332 UmPass - ok
16:23:44.0020 2332 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:23:44.0020 2332 usbccgp - ok
16:23:44.0066 2332 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:23:44.0082 2332 usbcir - ok
16:23:44.0129 2332 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:23:44.0129 2332 usbehci - ok
16:23:44.0160 2332 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:23:44.0176 2332 usbhub - ok
16:23:44.0254 2332 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:23:44.0254 2332 usbohci - ok
16:23:44.0332 2332 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:23:44.0332 2332 usbprint - ok
16:23:44.0378 2332 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:23:44.0378 2332 usbscan - ok
16:23:44.0425 2332 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:23:44.0425 2332 USBSTOR - ok
16:23:44.0472 2332 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:23:44.0488 2332 usbuhci - ok
16:23:44.0550 2332 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:23:44.0550 2332 usbvideo - ok
16:23:44.0675 2332 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:23:44.0675 2332 vdrvroot - ok
16:23:44.0753 2332 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:23:44.0753 2332 vga - ok
16:23:44.0784 2332 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:23:44.0784 2332 VgaSave - ok
16:23:44.0815 2332 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:23:44.0831 2332 vhdmp - ok
16:23:44.0846 2332 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:23:44.0846 2332 viaide - ok
16:23:44.0878 2332 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:23:44.0878 2332 vmbus - ok
16:23:44.0893 2332 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:23:44.0909 2332 VMBusHID - ok
16:23:44.0924 2332 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:23:44.0924 2332 volmgr - ok
16:23:45.0018 2332 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:23:45.0018 2332 volmgrx - ok
16:23:45.0096 2332 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:23:45.0096 2332 volsnap - ok
16:23:45.0174 2332 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:23:45.0174 2332 vsmraid - ok
16:23:45.0205 2332 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:23:45.0205 2332 vwifibus - ok
16:23:45.0268 2332 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:23:45.0268 2332 vwififlt - ok
16:23:45.0346 2332 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:23:45.0361 2332 vwifimp - ok
16:23:45.0408 2332 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:23:45.0408 2332 WacomPen - ok
16:23:45.0470 2332 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:23:45.0486 2332 WANARP - ok
16:23:45.0486 2332 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:23:45.0486 2332 Wanarpv6 - ok
16:23:45.0533 2332 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:23:45.0533 2332 Wd - ok
16:23:45.0564 2332 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:23:45.0564 2332 Wdf01000 - ok
16:23:45.0689 2332 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:23:45.0689 2332 WfpLwf - ok
16:23:45.0736 2332 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:23:45.0736 2332 WIMMount - ok
16:23:45.0814 2332 winachsf (7387ce6730baab8254da0ce3776a4b28) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
16:23:45.0829 2332 winachsf - ok
16:23:45.0985 2332 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:23:45.0985 2332 WinUsb - ok
16:23:46.0001 2332 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:23:46.0016 2332 WmiAcpi - ok
16:23:46.0094 2332 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:23:46.0094 2332 ws2ifsl - ok
16:23:46.0157 2332 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:23:46.0172 2332 WudfPf - ok
16:23:46.0250 2332 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:23:46.0250 2332 WUDFRd - ok
16:23:46.0391 2332 XAudio (9907bc1cc78c37073ac78a4541710b61) C:\Windows\system32\DRIVERS\XAudio64.sys
16:23:46.0391 2332 XAudio - ok
16:23:46.0516 2332 MBR (0x1B8) (ea61507cfbe279be473d5d4449c81da3) \Device\Harddisk0\DR0
16:23:46.0516 2332 \Device\Harddisk0\DR0 - ok
16:23:46.0531 2332 Boot (0x1200) (9029b206aae4658555a01617f0ff829d) \Device\Harddisk0\DR0\Partition0
16:23:46.0531 2332 \Device\Harddisk0\DR0\Partition0 - ok
16:23:46.0547 2332 Boot (0x1200) (a2c3457077079674a1f125eec87c9484) \Device\Harddisk0\DR0\Partition1
16:23:46.0547 2332 \Device\Harddisk0\DR0\Partition1 - ok
16:23:46.0578 2332 Boot (0x1200) (e701ffec5e7d98e277616d18272f633d) \Device\Harddisk0\DR0\Partition2
16:23:46.0578 2332 \Device\Harddisk0\DR0\Partition2 - ok
16:23:46.0578 2332 ============================================================
16:23:46.0578 2332 Scan finished
16:23:46.0578 2332 ============================================================
16:23:46.0594 5568 Detected object count: 0
16:23:46.0594 5568 Actual detected object count: 0

Wie geht's weiter?

Vielen Dank und Gruß,

Holger

Chris4You · 12.12.2011, 17:46

Hi,

so schlecht sieht das nicht aus... noch kurz den Bootblock prüfen und dann sollten wir durch sein...

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.

Vista und Win7 User mit Rechtsklick "als Administrator starten"

Das Tool braucht nur eine Sekunde.

Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste bitte den Inhalt des .txt Dokumentes

Und dann würde ich noch gerne nach dem Wurm schauen den MAM erwischt hat (ob es einer war)...

Doppelklick auf die SystemLook.exe, um das Tool zu starten.

Vista-User/Win7 mit Rechtsklick und als Administrator starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:regfind
comm.tll


:reg
[HKEY_CURRENT_USER\SYSTEM\CORE2] /s

Klicke nun auf den Button Look, um den Scan zu starten.

Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

chris

holger55 · 12.12.2011, 18:58

Ok, habe wohl eher schlechte Nachrichten:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 2522W2A
Logical Drives Mask: 0x0001001c

Kernel Drivers (total 220):
0x0341B000 \SystemRoot\system32\ntoskrnl.exe
0x03A04000 \SystemRoot\system32\hal.dll
0x00BAF000 \SystemRoot\system32\kdcom.dll
0x00C3B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C8A000 \SystemRoot\system32\PSHED.dll
0x00C9E000 \SystemRoot\system32\CLFS.SYS
0x00CFC000 \SystemRoot\system32\CI.dll
0x00E6C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F10000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F1F000 \SystemRoot\system32\drivers\ACPI.sys
0x00F76000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F7F000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F89000 \SystemRoot\system32\drivers\pci.sys
0x00FBC000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FC9000 \SystemRoot\System32\drivers\partmgr.sys
0x00FDE000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FE7000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E00000 \SystemRoot\system32\drivers\volmgr.sys
0x010A5000 \SystemRoot\System32\drivers\volmgrx.sys
0x01101000 \SystemRoot\System32\drivers\mountmgr.sys
0x0111B000 \SystemRoot\system32\drivers\vmbus.sys
0x01157000 \SystemRoot\system32\drivers\winhv.sys
0x012E3000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x014EB000 \SystemRoot\system32\drivers\amdxata.sys
0x014F6000 \SystemRoot\system32\drivers\fltmgr.sys
0x01542000 \SystemRoot\system32\drivers\fileinfo.sys
0x01606000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01556000 \SystemRoot\System32\Drivers\msrpc.sys
0x017A9000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x017C4000 \SystemRoot\System32\drivers\pcw.sys
0x017D5000 \SystemRoot\System32\DRIVERS\DzHDD64.sys
0x017E0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01809000 \SystemRoot\system32\drivers\ndis.sys
0x018FC000 \SystemRoot\system32\drivers\NETIO.SYS
0x0195C000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A1E000 \SystemRoot\System32\drivers\tcpip.sys
0x01C22000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01C6C000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01C7C000 \SystemRoot\system32\drivers\volsnap.sys
0x01CC8000 \SystemRoot\System32\DRIVERS\ApsHM64.sys
0x01CD2000 \SystemRoot\System32\Drivers\spldr.sys
0x01CDA000 \SystemRoot\System32\drivers\rdyboost.sys
0x01D14000 \SystemRoot\System32\DRIVERS\Apsx64.sys
0x01D3A000 \SystemRoot\System32\Drivers\mup.sys
0x01D4C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01D55000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01D8F000 \SystemRoot\system32\DRIVERS\disk.sys
0x01DA5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x04697000 \SystemRoot\system32\drivers\cdrom.sys
0x046C1000 \SystemRoot\System32\Drivers\Null.SYS
0x046CA000 \SystemRoot\System32\Drivers\Beep.SYS
0x046D1000 \SystemRoot\System32\drivers\vga.sys
0x046DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04704000 \SystemRoot\System32\drivers\watchdog.sys
0x04714000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0471D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04726000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0472F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0473A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0474B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0476D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0116B000 \SystemRoot\system32\drivers\afd.sys
0x0477A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x047BF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x047C8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04400000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04416000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04425000 \SystemRoot\system32\DRIVERS\serial.sys
0x04442000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0445D000 \SystemRoot\System32\drivers\Tppwr64v.sys
0x04464000 \SystemRoot\system32\drivers\termdd.sys
0x01987000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x047EE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01DE3000 \SystemRoot\system32\drivers\mssmbios.sys
0x01DEE000 \SystemRoot\system32\DRIVERS\smiifx64.sys
0x01A00000 \SystemRoot\System32\drivers\discache.sys
0x01000000 \SystemRoot\system32\drivers\csc.sys
0x019D8000 \SystemRoot\System32\Drivers\dfsc.sys
0x017EA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x01A0F000 \SystemRoot\system32\DRIVERS\avkmgr.sys
0x01272000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x01298000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x012BE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0F4D6000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10148000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x042DB000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04200000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04246000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0426A000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x0427B000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04287000 \SystemRoot\system32\DRIVERS\e1k62x64.sys
0x043CF000 \SystemRoot\system32\drivers\usbehci.sys
0x1014A000 \SystemRoot\system32\drivers\USBPORT.SYS
0x04CA4000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x05526000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x05533000 \SystemRoot\system32\drivers\sdbus.sys
0x05553000 \SystemRoot\system32\DRIVERS\rimspe64.sys
0x0556C000 \SystemRoot\system32\drivers\1394ohci.sys
0x055AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x055C8000 \SystemRoot\system32\drivers\kbdclass.sys
0x05629000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0578F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05791000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x057A0000 \SystemRoot\system32\drivers\tpm.sys
0x057AF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x057B4000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x057C1000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x057E7000 \SystemRoot\system32\drivers\wmiacpi.sys
0x057F0000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04C00000 \SystemRoot\system32\DRIVERS\dne64x.sys
0x05600000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0x0560C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04C2C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04C50000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04C5C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x055D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x101A0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x043E0000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x055F2000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04C8B000 \SystemRoot\system32\DRIVERS\psadd.sys
0x101C1000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x05622000 \SystemRoot\system32\drivers\swenum.sys
0x0F400000 \SystemRoot\system32\drivers\ks.sys
0x0F443000 \SystemRoot\system32\drivers\umbus.sys
0x0F455000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0F4AF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x101CF000 \SystemRoot\system32\drivers\nvhda64v.sys
0x015B4000 \SystemRoot\system32\drivers\portcls.sys
0x01083000 \SystemRoot\system32\drivers\drmk.sys
0x04C99000 \SystemRoot\system32\drivers\ksthunk.sys
0x072DB000 \SystemRoot\system32\drivers\CHDRT64.sys
0x07385000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x07662000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x07200000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x077D6000 \SystemRoot\system32\drivers\modem.sys
0x07631000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07600000 \SystemRoot\System32\Drivers\LenovoRd.sys
0x0761D000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0x0764E000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x077E5000 \SystemRoot\System32\drivers\Dxapi.sys
0x073D7000 \SystemRoot\system32\DRIVERS\5U877.sys
0x0F4C4000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x077F1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004E0000 \SystemRoot\System32\TSDDD.dll
0x072CB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04478000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x04680000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x006D0000 \SystemRoot\System32\cdd.dll
0x00E15000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x00E35000 \SystemRoot\system32\drivers\luafv.sys
0x07629000 \??\c:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
0x00DBC000 \SystemRoot\system32\drivers\WudfPf.sys
0x00E58000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0x00C00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x00DDD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03CFE000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x03D51000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x03D64000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03D7C000 \SystemRoot\system32\DRIVERS\TurboB.sys
0x03C00000 \SystemRoot\system32\drivers\HTTP.sys
0x03CC9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03D83000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03D9B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06674000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x066C2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x066E6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x066EB000 \SystemRoot\system32\drivers\peauth.sys
0x06791000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0679C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x067CD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x067DF000 \SystemRoot\system32\DRIVERS\XAudio64.sys
0x06600000 \SystemRoot\System32\DRIVERS\srv2.sys
0x08CE1000 \SystemRoot\System32\DRIVERS\srv.sys
0x08C00000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
0x08C8D000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x08C97000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x08D79000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0A240000 \SystemRoot\system32\drivers\spsys.sys
0x770E0000 \Windows\System32\ntdll.dll
0x484A0000 \Windows\System32\smss.exe
0xFF400000 \Windows\System32\apisetschema.dll
0xFFFF0000 \Windows\System32\autochk.exe
0xFF3C0000 \Windows\System32\imm32.dll
0xFF290000 \Windows\System32\rpcrt4.dll
0xFE500000 \Windows\System32\shell32.dll
0xFE460000 \Windows\System32\clbcatq.dll
0xFE3F0000 \Windows\System32\gdi32.dll
0xFE2E0000 \Windows\System32\msctf.dll
0x76ED0000 \Windows\System32\iertutil.dll
0xFE2D0000 \Windows\System32\lpk.dll
0xFE0F0000 \Windows\System32\setupapi.dll
0xFE090000 \Windows\System32\Wldap32.dll
0x76DB0000 \Windows\System32\kernel32.dll
0xFE010000 \Windows\System32\difxapi.dll
0x772B0000 \Windows\System32\normaliz.dll
0x76CB0000 \Windows\System32\user32.dll
0xFDE00000 \Windows\System32\ole32.dll
0xFDDB0000 \Windows\System32\ws2_32.dll
0xFDCE0000 \Windows\System32\usp10.dll
0xFDC40000 \Windows\System32\comdlg32.dll
0xFDB60000 \Windows\System32\advapi32.dll
0x76B50000 \Windows\System32\wininet.dll
0x772A0000 \Windows\System32\psapi.dll
0xFDAC0000 \Windows\System32\msvcrt.dll
0xFDA40000 \Windows\System32\shlwapi.dll
0xFDA30000 \Windows\System32\nsi.dll
0xFD950000 \Windows\System32\oleaut32.dll
0x76A00000 \Windows\System32\urlmon.dll
0xFD930000 \Windows\System32\imagehlp.dll
0xFD910000 \Windows\System32\sechost.dll
0xFD8F0000 \Windows\System32\devobj.dll
0xFD850000 \Windows\System32\comctl32.dll
0xFD810000 \Windows\System32\wintrust.dll
0xFD6A0000 \Windows\System32\crypt32.dll
0xFD630000 \Windows\System32\KernelBase.dll
0xFD5F0000 \Windows\System32\cfgmgr32.dll
0xFD5E0000 \Windows\System32\msasn1.dll
0x74E10000 \Windows\SysWOW64\normaliz.dll

Processes (total 105):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
508 csrss.exe
592 C:\Windows\System32\wininit.exe
604 csrss.exe
644 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
776 C:\Windows\System32\svchost.exe
832 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
896 C:\Windows\System32\winlogon.exe
128 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
116 C:\Windows\System32\conhost.exe
420 C:\Windows\System32\ibmpmsvc.exe
512 C:\Windows\System32\nvvsvc.exe
504 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1184 C:\Windows\System32\svchost.exe
1260 C:\Windows\System32\audiodg.exe
1328 C:\Windows\System32\svchost.exe
1416 WUDFHost.exe
1496 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1508 C:\Windows\System32\svchost.exe
1548 C:\Windows\System32\nvvsvc.exe
1692 C:\Windows\System32\wlanext.exe
1700 C:\Windows\System32\conhost.exe
1820 C:\Windows\System32\spoolsv.exe
1852 C:\Windows\System32\svchost.exe
1900 C:\Windows\System32\taskeng.exe
1916 C:\Windows\System32\svchost.exe
1972 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
2024 C:\Windows\System32\svchost.exe
1564 C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
1864 C:\Program Files\Lenovo\HOTKEY\tphkload.exe
2064 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
2196 C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
2424 C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
2492 C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
2524 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2556 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2644 C:\Program Files\Lenovo\Communications Utility\CamMute.exe
2668 C:\Program Files\Lenovo\HOTKEY\micmute.exe
2688 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
2712 C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
2760 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2852 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2920 C:\Windows\System32\svchost.exe
2992 C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe
2324 C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
3248 unsecapp.exe
3324 WmiPrvSE.exe
3404 C:\Windows\servicing\TrustedInstaller.exe
3800 C:\PROGRA~1\Lenovo\VIRTSCRL\virtscrl.exe
3828 C:\Windows\System32\taskhost.exe
3860 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
3884 C:\Windows\System32\dwm.exe
3892 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
3936 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
3944 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
3996 C:\Windows\explorer.exe
3428 AcDeskBandHlpr.exe
2012 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1992 C:\Windows\System32\TpShocks.exe
3624 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
3460 C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
3680 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
3352 C:\Program Files (x86)\Digital Line Detect\DLG.exe
3348 C:\Windows\SysWOW64\rundll32.exe
3336 C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
3284 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3292 C:\Windows\System32\rundll32.exe
924 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
2232 C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
3796 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
4136 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
4220 C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.EXE
4324 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4500 C:\Windows\System32\SearchIndexer.exe
4572 C:\Windows\System32\SearchProtocolHost.exe
4592 C:\Windows\System32\SearchFilterHost.exe
4856 C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
4984 WUDFHost.exe
5052 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
5104 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
4976 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2308 C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
2364 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
3816 C:\Windows\System32\svchost.exe
4896 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
4772 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1448 C:\Windows\System32\sppsvc.exe
440 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3140 C:\Program Files (x86)\Lenovo\System Update\SUService.exe
3668 C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
4760 C:\Windows\System32\svchost.exe
2676 C:\Program Files\Windows Media Player\wmpnetwk.exe
5176 C:\Windows\System32\wbem\WMIADAP.exe
5220 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5680 WmiPrvSE.exe
6004 dllhost.exe
6048 dllhost.exe
6084 C:\Users\Gast\Desktop\MBRCheck.exe
6092 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`4b100000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000071`ffb00000 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS725050A9A364, Rev: PC4ZC70F

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1C38239174CCA0FBE4EF3AEE04910AE7C6A416CA

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

Welche systemlook-Datei meinst Du? Diese: hxxp://jpshortstuff.247fixes.com/SystemLook_x64.exe ?

holger55 · 12.12.2011, 19:05

ok, hier das Systemlook-Log:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:03 on 12/12/2011 by Admin
Administrator - Elevation successful

========== regfind ==========

Searching for "comm.tll"
[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2\1]
"Path"="C:\Users\Gast\AppData\Roaming\Help\comm.tll"

========== reg ==========

[HKEY_CURRENT_USER\SYSTEM\CORE2]
(Unable to open key - key not found)

-= EOF =-

Was heißt das jetzt alles? Wie geht es weiter?

Vielen Dank und Gruß,

Holger

Chris4You · 12.12.2011, 19:44

Hi,

Mal sehen was sonst noch dahinter steckt...
Bitte nochmal Systemlook

Doppelklick auf die SystemLook.exe, um das Tool zu starten.

Vista-User/Win7 mit Rechtsklick und als Administrator starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:reg
[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2] /s

Klicke nun auf den Button Look, um den Scan zu starten.

Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.

Ich bastele dann eine Regdatei die die Einträge "entsorgt"...

Wirst Du in Google auf andere Seiten umgeleitet?

Das mit dem Nonstandart-MBR ist so eine Sache. Manche OEMs ändern den ganz bewust um um spezielle Funktionen anbieten zu können...

Holen wir uns noch eine zweite Meinung ein...

aswMBR
Von http://filepony.de/download-aswmbr/ die aswMBR.exe runterladen und auf dem Desktop speichern.

Doppelklick auf die aswMBR.exe.

Scan-Button anklicken

Bootsectoren (MBR) etc. werden nun untersucht.....

Log speichern und im Thread posten

chris

holger55 · 12.12.2011, 22:37

Danke sehr!

Die neuen Logs folgen morgen.

Habe bislang mit dem infizierten und bearbeiteten System nicht ausgiebig gesurft oder gar gegoogelt, bislang ist mir aber auch nichts aufgefallen. Werde das morgen nochmal intensiver untersuchen.

Gruß, Holger

holger55 · 13.12.2011, 11:42

also, nun das nächste Systemlook-Log:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:24 on 12/12/2011 by Admin
Administrator - Elevation successful

========== reg ==========

[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2]
"VerSize"= 0x000004b030 (307248)
"sid"="0E05178A900F4EC79F29B6707B128F0560E343A798FB44E28B5DA46CA497C5B1"

[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2\1]
"Path"="C:\Users\Gast\AppData\Roaming\Help\comm.tll"
"Key"= 0x0000ca14b0 (13243568)
"LogLevel"= 0x00000000fa (250)

[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2\2]
"Path"="C:\Users\Gast\AppData\Roaming\Help\ceptr.tll"
"Key"= 0x0000ca14b0 (13243568)
"LogLevel"= 0x00000000fa (250)

[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2\25]
"Path"="C:\Users\Gast\AppData\Local\Temp\com204E.tmp"
"Key"= 0x0004e4faf6 (82115318)
"LogLevel"= 0x0000000004 (4)

[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2\3]
"Path"="C:\Users\Gast\AppData\Local\Temp\com29ED.tmp"
"Key"= 0x0005ee3682 (99497602)
"LogLevel"= 0x00000000ff (255)

[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2\4]
"Path"="C:\Users\Gast\AppData\Local\Temp\com20AD.tmp"
"Key"= 0x0003321d19 (53615897)
"LogLevel"= 0x0000000004 (4)

[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2\6]
"Path"="C:\Users\Gast\AppData\Local\Temp\com235C.tmp"
"Key"= 0x000315dc8e (51764366)
"LogLevel"= 0x0000000004 (4)

[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2\7]
"Path"="C:\Users\Gast\AppData\Local\Temp\com25CD.tmp"
"Key"= 0x0001420ab3 (21105331)
"LogLevel"= 0x0000000004 (4)

[HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2\9]
"Path"="C:\Users\Gast\AppData\Local\Temp\com2C71.tmp"
"Key"= 0x00014e05c3 (21890499)
"LogLevel"= 0x00000000ff (255)

-= EOF =-

Und der Log von ASWmbr. Da wurde ich zu Beginn gefragt, ob ich auch die Virendefinition von Avast Antivirus zusätzlich isntallieren möchte. Das habe ich verneint, da ich keinen Internetzugang hatte. Ist der Scan nun hinfällig oder reicht das, was ich jetzt poste?

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-12 23:26:25
-----------------------------
23:26:25.948 OS Version: Windows x64 6.1.7601 Service Pack 1
23:26:25.948 Number of processors: 4 586 0x2502
23:26:25.948 ComputerName: FELITHINK UserName: Admin
23:26:28.038 Initialize success
23:26:50.627 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:26:50.642 Disk 0 Vendor: HITACHI_ PC4Z Size: 476940MB BusType: 3
23:26:50.642 Disk 0 MBR read successfully
23:26:50.658 Disk 0 MBR scan
23:26:50.658 Disk 0 unknown MBR code
23:26:50.658 Service scanning
23:26:58.427 Modules scanning
23:26:58.427 Disk 0 trace - called modules:
23:26:58.458 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
23:26:58.458 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006982060]
23:26:58.474 3 CLASSPNP.SYS[fffff8800185a43f] -> nt!IofCallDriver -> [0xfffffa80049207a0]
23:26:58.474 5 ACPI.sys[fffff88000f1b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004923050]
23:26:58.474 Scan finished successfully
23:27:17.474 Disk 0 MBR has been saved successfully to "C:\Users\Gast\Desktop\weiteres vorgehen\MBR.dat"
23:27:17.490 The log file has been saved successfully to "C:\Users\Gast\Desktop\weiteres vorgehen\aswMBR.txt"

Danke und Gruß, Holger

Chris4You · 13.12.2011, 21:31

Hi,

beseitigen wir die Reste...
Speichere den nachfolgenden Text über den Editor (Start->Ausführen notepad) auf dem Desktop unter dem Namen Core2Weg.reg (wichtig : nicht unter der Erweiterung "TXT"). Dann mit Doppelklick auf die Datei ausführen, Abfrage abnicken!

Code:

ATTFilter

REGEDIT4

[-HKEY_USERS\S-1-5-21-3207624457-673963974-83383330-501\System\Core2]

Datei hochladen:
http://www.trojaner-board.de/54791-a...ner-board.html
Folge den Anweisungen dort und lade die Datei:

Code:

ATTFilter

C:\Users\Gast\Desktop\weiteres vorgehen\MBR.dat

hoch.

Was treibt der Rechner? Umleitungen beim Surfen etc. zu bemerken?

chris

holger55 · 13.12.2011, 23:19

danke.

nein, nichts bemerkt. Datei lade ich morgen hoch.

Kann ich ihn nach dem Löschen wieder einigermaßen normal benutzen oder soll ich noch warten.

Bislang benutze ich nur den Gastaccount - und nicht meinen persönlichen (ist nicht admin) - und surfe zwar, aber keine Seiten mit Passwörtern oder so.

Danke und Gruß,

Holger

Chris4You · 13.12.2011, 23:40

Hi,

your decision... empfohlen wird Neuaufsetzen, Account wo die Verseuchung ware besser nicht mehr nutzen...

chris

holger55 · 14.12.2011, 13:12

ok, habe die core2weg.reg ausgeführt - allerdings vom Gastaccount, aber das ist egal oder? Es gab da auch keine Auswahl, dass ich das als Admin hätte machen können.

Die Mbr.dat habe ich hochgeladen. Das ware aber die "alte", richtig? Also nicht eine, nachdem ich core2weg.reg ausgeführt habe oder so.

Zitat:

your decision... empfohlen wird Neuaufsetzen, Account wo die Verseuchung ware besser nicht mehr nutzen...

Gut, den Gastaccount brauche ich ja nicht. Aber eine Frage, mit der ich keinesfalls provozieren möchte: Wenn ich sowieso das System Neuaufsetzen sollte, wieso haben wir dann diese Prozedur bis gerade durchgeführt? Dann hätte man sich das doch auch sparen können, oder?

Danke und Gruß.

holger

Chris4You · 14.12.2011, 13:52

Hi,

soll sagen, eine 10% Sicherheit gibt eine Bereinigung nie, das man nicht genau weis was die Schadsoftware alels angestellt hat (Prots freigeschaltet, Einstellungen verändert etc.)...

Bei Ucash alleine ist das Risiko imRahmen, falls was anderes "Mitgezogen" wurde (wie z. B. ein Backdoor) wird das ganze immer mehr zum"Riskio"...

Also Gast-Account löschen, neuen anlegen und immer schön mit Gast-Account Surfen (Firefox+NoScript+WOT)...

chris

holger55 · 14.12.2011, 14:01

gut, dass mit 100% ist klar.

Das Doofe war ja, dass ich Noscript eigentlich überall aktiviert habe, nur den verplant, dass ich Noscript für den Gastaccount nochmal eigenständig hätte aktiviert haben müssen.

WOT kannte ich nicht, das wird aber gleich drauf gemacht.

In Bälde werde ich das System wohl neu aufsetzen, aber meinen eigenlichen Account wohl schon vorher wieder benutzen, einfach für Office-Aufgaben - allerdings ohne sensible Daten preiszugeben. Aber zuhause bin ich sowieso offline und nur hin und wieder mit dem infizierten - nun hoffentlich gereinigten - System im Internet. Das müsste passen, oder? Auch ohne 100% Sicherheit. Dessen bin ich mir bewusst.

Sind wir dann damit fertig oder soll ich noch auf weitere Anweisungen warten?

Auf jeden Fall vielen vielen Dank, Chris4you!!!

Gruß, holger

BKA-Trojaner Gewalt und Kinderpornografie

Plagegeister aller Art und deren Bekämpfung: BKA-Trojaner Gewalt und Kinderpornografie