|
Log-Analyse und Auswertung: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.12.2011, 17:53 | #1 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Hallo, mein Name ist Bastian. Mir ist vor kurzem (Ca. 2 Wochen) das gleiche passiert, wie auch schon Giesi, Stezi und einigen anderen hier im Forum. Ich war mit FireFox (Version 8.0.1) im Internet und auf einmal passierte es: Es öffnete sich ein Fenster über den ganzen Bildschirm, dass mein Windowssystem aus Sicherheitsgründen blockiert worden sei. Den genauen Wortlaut habe ich nicht mehr im Kopf, sorry. Ich habe da nicht direkt reagiert, das komische war nur, dass meine Benutzeroberfläche verschwunden war und ich den Taskmanager nicht mehr öffnen konnte. Unter zur Hilfenahme von Google und den dort gefundenen Suchergebnissen konnte ich den Taskmanager in der Registry wieder einschalten. Als Antivirenprogramm habe ich von Avira die "Premium Security Suite". Den habe ich schon durchlaufen lassen und es gab folgenden Report: Code:
ATTFilter Premium Security Suite Erstellungsdatum der Reportdatei: Freitag, 16. Dezember 2011 14:51 Es wird nach 3567211 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Axel **** Seriennummer : 2212677838-ISECE-0000001 Plattform : Windows 7 x64 Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : BASTIAN-W500 Versionsinformationen: BUILD.DAT : 10.2.0.672 43195 Bytes 28.09.2011 13:10:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 09.07.2011 13:58:47 AVSCAN.DLL : 10.0.5.0 57192 Bytes 09.07.2011 13:58:47 LUKE.DLL : 10.3.0.5 45416 Bytes 09.07.2011 13:58:48 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 09.07.2011 13:58:49 AVREG.DLL : 10.3.0.9 88833 Bytes 29.07.2011 05:17:04 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 16:13:22 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 16:13:22 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 06:15:33 VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 10:55:54 VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 13:58:45 VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 21:04:38 VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 07:25:20 VBASE008.VDF : 7.11.18.32 2132992 Bytes 24.11.2011 14:58:40 VBASE009.VDF : 7.11.18.33 2048 Bytes 24.11.2011 14:58:41 VBASE010.VDF : 7.11.18.34 2048 Bytes 24.11.2011 14:58:41 VBASE011.VDF : 7.11.18.35 2048 Bytes 24.11.2011 14:58:41 VBASE012.VDF : 7.11.18.36 2048 Bytes 24.11.2011 14:58:41 VBASE013.VDF : 7.11.18.89 204800 Bytes 28.11.2011 19:39:25 VBASE014.VDF : 7.11.18.145 143872 Bytes 01.12.2011 19:38:48 VBASE015.VDF : 7.11.18.180 173056 Bytes 02.12.2011 19:38:49 VBASE016.VDF : 7.11.18.208 164864 Bytes 05.12.2011 20:28:17 VBASE017.VDF : 7.11.18.239 177152 Bytes 06.12.2011 19:38:47 VBASE018.VDF : 7.11.19.36 171520 Bytes 09.12.2011 20:24:45 VBASE019.VDF : 7.11.19.77 144896 Bytes 13.12.2011 23:39:19 VBASE020.VDF : 7.11.19.78 2048 Bytes 13.12.2011 23:39:19 VBASE021.VDF : 7.11.19.79 2048 Bytes 13.12.2011 23:39:19 VBASE022.VDF : 7.11.19.80 2048 Bytes 13.12.2011 23:39:19 VBASE023.VDF : 7.11.19.81 2048 Bytes 13.12.2011 23:39:20 VBASE024.VDF : 7.11.19.82 2048 Bytes 13.12.2011 23:39:20 VBASE025.VDF : 7.11.19.83 2048 Bytes 13.12.2011 23:39:20 VBASE026.VDF : 7.11.19.84 2048 Bytes 13.12.2011 23:39:20 VBASE027.VDF : 7.11.19.85 2048 Bytes 13.12.2011 23:39:20 VBASE028.VDF : 7.11.19.86 2048 Bytes 13.12.2011 23:39:20 VBASE029.VDF : 7.11.19.87 2048 Bytes 13.12.2011 23:39:20 VBASE030.VDF : 7.11.19.88 2048 Bytes 13.12.2011 23:39:20 VBASE031.VDF : 7.11.19.98 81920 Bytes 13.12.2011 23:39:21 Engineversion : 8.2.8.2 AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 13:57:47 AESCRIPT.DLL : 8.1.3.90 491899 Bytes 11.12.2011 20:25:08 AESCN.DLL : 8.1.7.2 127349 Bytes 01.03.2011 16:13:23 AESBX.DLL : 8.2.4.5 434549 Bytes 03.12.2011 19:39:08 AERDL.DLL : 8.1.9.15 639348 Bytes 12.09.2011 14:59:53 AEPACK.DLL : 8.2.15.1 770423 Bytes 13.12.2011 23:39:24 AEOFFICE.DLL : 8.1.2.23 201083 Bytes 13.12.2011 23:39:22 AEHEUR.DLL : 8.1.3.6 3895670 Bytes 11.12.2011 20:25:04 AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 13:57:33 AEGEN.DLL : 8.1.5.17 405877 Bytes 11.12.2011 20:24:49 AEEMU.DLL : 8.1.3.0 393589 Bytes 01.03.2011 16:13:23 AECORE.DLL : 8.1.24.0 196983 Bytes 25.10.2011 13:57:31 AEBB.DLL : 8.1.1.0 53618 Bytes 01.03.2011 16:13:23 AVWINLL.DLL : 10.0.0.0 19304 Bytes 13.12.2010 07:39:20 AVPREF.DLL : 10.0.3.2 44904 Bytes 09.07.2011 13:58:47 AVREP.DLL : 10.0.0.10 174120 Bytes 27.05.2011 06:15:33 AVARKT.DLL : 10.0.26.1 255336 Bytes 09.07.2011 13:58:46 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 09.07.2011 13:58:46 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 13.12.2010 07:39:20 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01 RCIMAGE.DLL : 10.0.0.33 2901352 Bytes 09.07.2011 13:58:45 RCTEXT.DLL : 10.0.63.0 98664 Bytes 09.07.2011 13:58:45 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f1d5958\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Freitag, 16. Dezember 2011 14:51 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'mscorsvw.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SUService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SeaPort.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iviRegMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mscorsvw.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BluetoothHeadsetProxy.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'BcmSqlStartupSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HPTLBXFX.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ONENOTEM.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'reader_sl.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MobileConnect.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SvcGuiHlpr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MCPLaunch.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'rundll32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DLG.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TpScrex.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TPONSCR.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'tpfnf6r.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TPOSDSVC.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AcDeskBandHlpr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avmailc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AcSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mini_WMCore.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MPSERV.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HPLaserJetService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avfwsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AcPrfMgrSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TPHKSVC.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\Bastian\AppData\Local\Temp\0.44916411262764844.exe' HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableCAD C:\Users\Bastian\AppData\Local\Temp\0.44916411262764844.exe [FUND] Ist das Trojanische Pferd TR/Obfuscate.QG.87 [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4970e0ec.qua' verschoben! Ende des Suchlaufs: Freitag, 16. Dezember 2011 14:51 Benötigte Zeit: 00:07 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 43 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 42 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 1 Hinweise Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8385 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 18.12.2011 01:06:06 mbam-log-2011-12-18 (01-06-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|M:\|Q:\|) Durchsuchte Objekte: 428144 Laufzeit: 58 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{DA919340-65ED-1E11-7692-47ADA195D5E5} (Trojan.ZbotR.Gen) -> Value: {DA919340-65ED-1E11-7692-47ADA195D5E5} -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Bastian\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\0.11758478501636294.exe.lnk (Backdoor.Agent) -> Quarantined and deleted successfully. c:\Users\Bastian\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\0.44916411262764844.exe.lnk (Backdoor.Agent) -> Quarantined and deleted successfully. Extras.txt: Code:
ATTFilter OTL Extras logfile created on: 18.12.2011 17:09:26 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bastian\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 26,61% Memory free 7,80 Gb Paging File | 4,42 Gb Available in Paging File | 56,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 175,66 Gb Total Space | 65,40 Gb Free Space | 37,23% Space Free | Partition Type: NTFS Drive E: | 465,65 Gb Total Space | 189,44 Gb Free Space | 40,68% Space Free | Partition Type: FAT32 Drive M: | 111,49 Gb Total Space | 29,78 Gb Free Space | 26,71% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 1,83 Gb Free Space | 18,77% Space Free | Partition Type: NTFS Computer Name: BASTIAN-W500 | User Name: Bastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit) "{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software "{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1 "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz "{5783F2D7-9001-0407-0102-0060B0CE6BBA}" = AutoCAD 2011 - Deutsch "{5783F2D7-9001-0407-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - Deutsch "{5B67ABCE-A18A-4334-B728-A15665CB173E}" = Mobile Broadband drivers "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager und Intel® Turbo Memory "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software "{B1BD0923-7351-EBCE-B478-33B2DCE45AC2}" = ATI Catalyst Install Manager "{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst "{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer "{F7E3FCA4-30BC-11DD-1510-90DA60EC0410}" = ccc-utility64 "{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client "0481B164C8D1D26C560D6A5E717C5920D4362D60" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (01/14/2010 8.6.0.13) "112AA64E0C8CC704E307FE914F7DEC1C0035598E" = Windows-Treiberpaket - Lenovo 1.55 (08/18/2009 1.55) "1FBDB507F002A372EB195A0ACF6E2A2F9D34689E" = Windows-Treiberpaket - Ricoh Company (rismxdp) hdc (09/03/2009 6.10.01.05) "5F72B7FA1792CB768F6A46E18A9DAD0E1FE1C863" = Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc (09/03/2009 6.10.01.05) "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "ATI Uninstaller" = ATI Uninstaller "AutoCAD 2011 - Deutsch" = AutoCAD 2011 - Deutsch "AutoCAD 2011 - Deutsch Version 2.1" = AutoCAD 2011 - Deutsch Version 2.1 "CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD "CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter "D50474ACAF488895A3CE5D30373288EA6AD46EAA" = Windows-Treiberpaket - Ricoh Company MMC Host Controller (09/03/2009 6.10.01.05) "E59560E2F5B162D40255FCD327ACA5E989D995D2" = Windows-Treiberpaket - Ricoh (5U875UVC) Image (07/08/2009 1.27.500.0) "E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows-Treiberpaket - Intel System (06/04/2009 1.0.0.0002) "EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 "HECI" = Intel(R) Management Engine Interface "LENOVO.SMIIF" = Lenovo System Interface Driver "MESOL" = Intel® Active-Management-Technologie "Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1 "OnScreenDisplay" = Anzeige am Bildschirm "PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox "Power Management Driver" = ThinkPad Power Management Driver "ProInst" = Intel PROSet Wireless "PROSet" = Intel(R) Network Connections Drivers "SynTPDeinstKey" = ThinkPad UltraNav Driver "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier "W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C6F231-1B18-C448-323A-56D1A0DB9C46}" = Catalyst Control Center Graphics Full New "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410 "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series "{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav" "{17FB7811-87DD-53C4-3A56-7F7F37DCD802}" = Catalyst Control Center Graphics Previews Vista "{192359F3-D455-0C89-3161-766008BD6D10}" = CCC Help French "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009 "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan "{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{446B2807-CF65-6D50-2BC8-141E235CD1CD}" = ccc-core-static "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP1 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition "{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{73ED3EA3-F96F-D098-7EE4-146FBD30113E}" = PX Profile Update "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7C6DD158-A31F-5F0B-82A0-C28258CBB31F}" = CCC Help Japanese "{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410 "{82EB6CEA-749A-410F-8AD2-372A286BA3BE}" = Integrated Camera Driver Installer Package Ver.1.27.500.0 "{872D8B75-1B00-E5AD-22DD-DA74CA237C7C}" = CCC Help Chinese Standard "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C7750D1-ADE6-4DAD-A54E-871EB2ABFE98}" = ThinkVantage GPS "{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011 "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{45854A38-F4B0-4434-BB40-A8ED6FDDEEC9}" = "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office Visio 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2) "{90120000-00D1-0407-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (German) "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91B7B957-0F45-4BDC-85BA-08F80D49B9BC}" = Mobile Broadband Connect "{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410 "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}" = Integrated Camera TWAIN "{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011 "{A34D0CB7-38BC-2C6D-270E-84BF07DB7CCB}" = Catalyst Control Center Graphics Light "{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3 "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX "{B99D0112-5508-59BD-B80E-4049E907845C}" = CCC Help Chinese Traditional "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{C9C16E4B-4FDD-4A31-8B8F-EC402082407A}" = HPLaserJetHelp_LearnCenter "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CB5B4945-AA4C-5A32-D6EC-0365F6DC0C41}" = Catalyst Control Center Core Implementation "{CB87D276-2F4A-453A-A2D8-D597927C59A0}" = Tabellenbuch Metall digital 6.0 "{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library "{D00A26B4-CFAD-373C-8A62-4408AA382451}" = CCC Help Dutch "{D4001570-E33E-5B45-7BB6-B0AD9E08788C}" = CCC Help German "{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation "{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService "{D984A74E-DFB9-B6A2-C863-732A551F8FB2}" = Catalyst Control Center Localization All "{DAA3DC12-2A82-0866-B3E1-8BCFF6EC5715}" = CCC Help Korean "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E1EA855E-9187-4AFB-E7A9-FE655B48386B}" = CCC Help English "{E276D6EE-9FB5-8456-633A-603893C8F539}" = CCC Help Portuguese "{E2773E0C-BD2A-D110-F209-0C3E1118009E}" = CCC Help Spanish "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F1B03D1F-29B4-86D7-DCF5-8C2DCE13B05E}" = CCC Help Italian "{F65525AB-4B63-AC34-BE4A-08CA24FC1414}" = Catalyst Control Center Graphics Full Existing "{F67714D1-6842-EACA-C159-D25B947FA380}" = Catalyst Control Center InstallProxy "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{F932659E-6B83-1BF6-C10D-5F722F33C175}" = CCC Help Swedish "{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410 "Autodesk Design Review 2011" = Autodesk Design Review 2011 "Avira AntiVir Desktop" = Avira Premium Security Suite "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP1 "DAEMON Tools Lite" = DAEMON Tools Lite "ENTERPRISE" = Microsoft Office Enterprise 2007 "FormatFactory" = FormatFactory 2.60 "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8 "Lenovo Welcome_is1" = Lenovo Welcome "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "MegaCAD 3D 2011" = MegaCAD 3D 2011 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Miranda IM" = Miranda IM 0.9.23 "MozBackup" = MozBackup 1.4.10 "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US) "PROHYBRIDR" = 2007 Microsoft Office system "Samsung Universal Print Driver" = Samsung Universal Print Driver "Turnbeutelvergesser" = Turnbeutelvergesser 6.00 "VLC media player" = VLC media player 1.1.5 "WinLiveSuite_Wave3" = Windows Live Essentials "WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD 2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD 2011\acdbmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD 2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD 2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD 2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD 2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD 2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD 2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD 2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 16.12.2011 11:55:09 | Computer Name = Bastian-W500 | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Autodesk\AutoCAD 2011\acmgd.dll". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 17.12.2011 12:00:18 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029 Description = Display is not active Error - 17.12.2011 12:00:20 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 17.12.2011 12:00:20 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029 Description = Display is not active Error - 17.12.2011 12:00:20 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029 Description = Display is not active Error - 17.12.2011 20:06:39 | Computer Name = Bastian-W500 | Source = Service Control Manager | ID = 7016 Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen Status gemeldet: 0 Error - 17.12.2011 20:14:42 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 17.12.2011 20:14:42 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029 Description = Display is not active Error - 18.12.2011 07:26:07 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029 Description = Display is not active Error - 18.12.2011 07:37:58 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 52236 Description = CPLIB :: General - Invalid Parameter Error - 18.12.2011 07:37:58 | Computer Name = Bastian-W500 | Source = amdkmdag | ID = 43029 Description = Display is not active < End of report > Code:
ATTFilter OTL logfile created on: 18.12.2011 17:09:26 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bastian\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 26,61% Memory free 7,80 Gb Paging File | 4,42 Gb Available in Paging File | 56,65% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 175,66 Gb Total Space | 65,40 Gb Free Space | 37,23% Space Free | Partition Type: NTFS Drive E: | 465,65 Gb Total Space | 189,44 Gb Free Space | 40,68% Space Free | Partition Type: FAT32 Drive M: | 111,49 Gb Total Space | 29,78 Gb Free Space | 26,71% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 1,83 Gb Free Space | 18,77% Space Free | Partition Type: NTFS Computer Name: BASTIAN-W500 | User Name: Bastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rnr_gui.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rnr_simple.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Rescue and Recovery\br_funcs.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe () PRC - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Megatech\MProtect\MPServ.exe () PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\4f17701af9670df8a08f7c824c419166\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\a90c7ebd4a3635353ce9034ba4fa7928\Extensibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\e4fa07688c640cc9b6bdeabe029c74c0\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\b2794d89b6e5b5fb0aa707004f09e2ae\Iris.Mapi.MessageStore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\bd971f2e883563b3497b259edcec6098\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BusinessLayer\a144a5f76446196e6062cd66c8b3cad4\BusinessLayer.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\b7bd9b301dddfbb50ca13583c007636e\Microsoft.Office.Interop.Outlook.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\1b4ee5f72049eb671c422b5c83896117\Microsoft.Interop.Mapi.Impl.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\bad645e10037a53cb4a78932b6f39005\Microsoft.Interop.Mapi.PropTags.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMRes\46c3901569bd3f591de7f07f9605bfec\BCMRes.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\office\7b1c0fa0c8f737a36a504cea6ab9b2fb\office.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.e#\81bb2b9c79f79095455c1594c10adfaf\Microsoft.Interop.eCRM.Ole.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\stdole\17b4308b0e6d35c1230135ed25fffbfe\stdole.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\0ab3f1e3838ae7cecbc5258398a4d296\Microsoft.Interop.Mapi.Interfaces.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\BCMCommon\1e8700cbe08335775d2270c1af3d1acd\BCMCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll () MOD - C:\Windows\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll () MOD - C:\Windows\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll () MOD - C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll () MOD - C:\Program Files (x86)\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL () MOD - C:\PROGRA~2\MICROS~4\Office12\ADDINS\COLLEA~1.DLL () MOD - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\de-DE\BCMRes.resources.dll () MOD - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\de-DE\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.CSUtils.resources.dll () MOD - C:\PROGRA~2\MICROS~4\Office12\ADDINS\UMOUTL~1.DLL () ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe () SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe () SRV:64bit: - (ATService) -- C:\Windows\SysNative\ATService.exe (AuthenTec, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (SUService) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (WMCoreService) -- C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe () SRV - (RoxMediaDB10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (Megatech-Software-Protection) -- C:\Megatech\MProtect\MPServ.exe () SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS () DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (e36wgps) -- C:\Windows\SysNative\drivers\e36wgps64.sys (Ericsson AB) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (5U875UVC) -- C:\Windows\SysNative\drivers\5U875.sys (Ricoh co.,Ltd.) DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV:64bit: - (iaNvStor) Intel(R) -- C:\Windows\SysNative\drivers\iaNvStor.sys (Intel Corporation) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (e36gmgmt) F3607gw Mobile Broadband Device Management Drivers (Win7) -- C:\Windows\SysNative\drivers\e36gmgmt.sys (MCCI Corporation) DRV:64bit: - (e36gmdm) F3607gw Mobile Broadband Data Modem Driver (Win7) -- C:\Windows\SysNative\drivers\e36gmdm.sys (MCCI Corporation) DRV:64bit: - (e36gbus) F3607gw Mobile Broadband Device driver (Win7) -- C:\Windows\SysNative\drivers\e36gbus.sys (MCCI Corporation) DRV:64bit: - (e36gmdfl) F3607gw Mobile Broadband Data Modem Filter (Win7) -- C:\Windows\SysNative\drivers\e36gmdfl.sys (MCCI Corporation) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\SysNative\drivers\AF15BDA.sys (AfaTech ) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant) DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH) DRV - (PCDSRVC{127174DC-C366ED8B-06020200}_0) -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp:// IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.26 00:10:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.30 11:12:35 | 000,000,000 | ---D | M] [2011.06.10 07:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Extensions [2011.06.10 07:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.26 00:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\4u1ipfn5.default\extensions [2011.05.26 22:20:11 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\4u1ipfn5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.11.26 00:10:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\4u1ipfn5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.26 00:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.26 00:10:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.25 22:19:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.26 00:10:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe () O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IaNvSrv] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Launch Backup Service Once] C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrstrigger.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.22.1.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E99ED48-3FEE-4731-A0FD-005AF0202FD7}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36D9559D-9053-491A-87A3-4C2C61109938}: DhcpNameServer = 172.22.1.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2BC3353-8F8C-4A0C-82FF-403037C0D436}: NameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.09 22:35:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - Unable to obtain root file information for disk E:\ O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{24349f84-24c0-11e0-ac4d-00216ac241f2}\Shell - "" = AutoRun O33 - MountPoints2\{24349f84-24c0-11e0-ac4d-00216ac241f2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\Shell - "" = AutoRun O33 - MountPoints2\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{8fb333ea-52f1-11e0-a9be-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{8fb333ea-52f1-11e0-a9be-028037ec0200}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{f9f6de81-f196-11e0-9573-002713b6dd19}\Shell - "" = AutoRun O33 - MountPoints2\{f9f6de81-f196-11e0-9573-002713b6dd19}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.18 17:05:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2011.12.18 14:36:51 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.12.18 13:15:27 | 000,000,000 | -H-D | C] -- C:\A [2011.12.17 17:07:35 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Roaming\Malwarebytes [2011.12.17 17:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.17 17:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.17 17:07:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.17 17:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.17 14:51:39 | 000,000,000 | ---D | C] -- C:\83a370baaa6d703eb4bf237a [2011.12.14 17:31:05 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2011.12.14 17:31:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.14 17:31:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.14 17:31:05 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.14 17:31:04 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.14 17:31:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.14 17:31:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.14 01:06:24 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.14 01:00:40 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.14 01:00:39 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.12 23:33:52 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2011.12.12 23:33:40 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2011.12.12 23:33:40 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2011.12.12 23:33:35 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011.12.12 23:33:35 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011.12.12 23:33:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011.12.12 23:33:34 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011.12.12 23:33:34 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011.12.12 23:33:33 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011.12.12 23:33:33 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011.12.12 23:33:21 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll [2011.12.12 23:33:21 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll [2011.12.12 23:33:21 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll [2011.12.12 23:33:21 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll [2011.12.12 23:33:21 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll [2011.12.12 23:33:21 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll [2011.12.12 23:33:21 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll [2011.12.12 23:33:21 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll [2011.12.12 23:33:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll [2011.12.12 23:33:21 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe [2011.12.12 23:33:21 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe [2011.12.12 23:33:21 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll [2011.12.12 23:33:21 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll [2011.12.10 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2011.12.10 00:24:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.12.07 19:07:49 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Desktop\FW-Kirberg_Fahrsicherheitstraining_2011-12-04 [2011.12.01 23:50:57 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.12.01 23:49:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2011.11.19 12:49:29 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Local\HP [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.18 17:12:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011.12.18 17:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2011.12.18 14:51:05 | 000,001,220 | ---- | M] () -- C:\SISTodo [2011.12.18 14:51:05 | 000,000,012 | ---- | M] () -- C:\SISHashTodo [2011.12.18 14:36:51 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.12.18 13:08:04 | 001,619,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.18 13:08:04 | 000,700,836 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.18 13:08:04 | 000,653,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.18 13:08:04 | 000,149,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.18 13:08:04 | 000,121,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.18 13:00:03 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.12.18 12:55:11 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 12:55:11 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 12:26:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.18 01:14:18 | 3139,444,736 | -HS- | M] () -- C:\hiberfil.sys [2011.12.16 15:18:18 | 000,531,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.01 23:50:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.11.27 20:37:43 | 631,708,940 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.18 14:51:05 | 000,001,220 | ---- | C] () -- C:\SISTodo [2011.12.18 14:51:05 | 000,000,012 | ---- | C] () -- C:\SISHashTodo [2011.07.09 15:04:06 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011.06.18 05:51:39 | 000,646,848 | ---- | C] () -- C:\Users\Bastian\AppData\Local\wanancsp.dat [2011.05.26 23:09:33 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\MPDLL.DLL [2011.05.26 23:09:32 | 000,000,075 | ---- | C] () -- C:\Windows\megapfad.ini [2011.03.08 23:19:51 | 000,004,096 | -H-- | C] () -- C:\Users\Bastian\AppData\Local\keyfile3.drm [2011.01.19 21:02:29 | 000,000,017 | ---- | C] () -- C:\Users\Bastian\AppData\Local\resmon.resmoncfg [2010.09.01 15:33:39 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.01 14:56:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.01 14:55:45 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010.09.01 14:55:45 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2010.09.01 14:55:45 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010.09.01 14:55:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010.09.01 14:55:44 | 000,000,542 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.06.04 14:51:10 | 000,000,542 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 < End of report > |
19.12.2011, 13:45 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Führ bitte auch ESET aus, danach sehen wir weiter:
__________________ESET Online Scanner
__________________ |
20.12.2011, 06:21 | #3 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Hallo Arne,
__________________hier der Inhalt der log.txt: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=3e3905a92eed9545a2d2920f3b0c97e1 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-12-19 11:59:07 # local_time=2011-12-20 12:59:07 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1798 16775165 100 90 82434 83421521 75217 0 # compatibility_mode=5893 16776573 100 94 128440 75962375 0 0 # compatibility_mode=8192 67108863 100 0 3948 3948 0 0 # scanned=330698 # found=4 # cleaned=0 # scan_time=6621 C:\Users\Bastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\34bf534f-66383f7a a variant of Java/Exploit.CVE-2011-3544.C trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Bastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1a94801e-7b0f086e a variant of Java/Agent.DN trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Bastian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\d0de731-4b11598f a variant of Java/Exploit.CVE-2011-3544.C trojan (unable to clean) 00000000000000000000000000000000 I M:\Alte-Festplatte-Bastian\USB\Programs\WRAR\Scherz\scherzprogramm-Format_WINDOWS.zip Win32/JepRuss.A joke (unable to clean) 00000000000000000000000000000000 I |
20.12.2011, 10:05 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
20.12.2011, 21:05 | #5 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Hallo Arne, hier der OTL-Log nach dem Eset Scan: Code:
ATTFilter OTL logfile created on: 20.12.2011 16:55:35 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bastian\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 58,77% Memory free 7,80 Gb Paging File | 5,71 Gb Available in Paging File | 73,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 175,66 Gb Total Space | 64,97 Gb Free Space | 36,98% Space Free | Partition Type: NTFS Drive M: | 111,49 Gb Total Space | 29,78 Gb Free Space | 26,71% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 1,83 Gb Free Space | 18,77% Space Free | Partition Type: NTFS Computer Name: BASTIAN-W500 | User Name: Bastian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bastian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) PRC - C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe () PRC - C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe () PRC - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Megatech\MProtect\MPServ.exe () PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\680689b01ddb7fbe11478caf8cb71d3c\System.Runtime.Serialization.Formatters.Soap.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\dd2070ee8e6e28ac8dc658404c50ebde\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll () MOD - C:\Program Files (x86)\Common Files\Lenovo\CDRecord.dll () MOD - C:\PROGRA~2\ThinkPad\UTILIT~1\GR\PWMROV.DLL () MOD - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe () ========== Win32 Services (SafeList) ========== SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (Samsung UPD Service) -- C:\Windows\SysNative\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe () SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe () SRV:64bit: - (ATService) -- C:\Windows\SysNative\ATService.exe (AuthenTec, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP) SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (SUService) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\AMT\LMS.exe (Intel Corporation) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (WMCoreService) -- C:\Program Files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe () SRV - (RoxMediaDB10) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.) SRV - (VMCService) -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (Megatech-Software-Protection) -- C:\Megatech\MProtect\MPServ.exe () SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS () DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (e36wgps) -- C:\Windows\SysNative\drivers\e36wgps64.sys (Ericsson AB) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (5U875UVC) -- C:\Windows\SysNative\drivers\5U875.sys (Ricoh co.,Ltd.) DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV:64bit: - (iaNvStor) Intel(R) -- C:\Windows\SysNative\drivers\iaNvStor.sys (Intel Corporation) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (e36gmgmt) F3607gw Mobile Broadband Device Management Drivers (Win7) -- C:\Windows\SysNative\drivers\e36gmgmt.sys (MCCI Corporation) DRV:64bit: - (e36gmdm) F3607gw Mobile Broadband Data Modem Driver (Win7) -- C:\Windows\SysNative\drivers\e36gmdm.sys (MCCI Corporation) DRV:64bit: - (e36gbus) F3607gw Mobile Broadband Device driver (Win7) -- C:\Windows\SysNative\drivers\e36gbus.sys (MCCI Corporation) DRV:64bit: - (e36gmdfl) F3607gw Mobile Broadband Data Modem Filter (Win7) -- C:\Windows\SysNative\drivers\e36gmdfl.sys (MCCI Corporation) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.) DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (LenovoRd) -- C:\Windows\SysNative\drivers\LenovoRd.sys (Lenovo) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation) DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited) DRV:64bit: - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\SysNative\drivers\AF15BDA.sys (AfaTech ) DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant) DRV - (avfwot) -- C:\Windows\SysWOW64\drivers\avfwot.sys (Avira GmbH) DRV - (PCDSRVC{127174DC-C366ED8B-06020200}_0) -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp:// IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.26 00:10:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.30 11:12:35 | 000,000,000 | ---D | M] [2011.06.10 07:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Extensions [2011.06.10 07:19:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.26 00:10:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\4u1ipfn5.default\extensions [2011.05.26 22:20:11 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\4u1ipfn5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.11.26 00:10:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Bastian\AppData\Roaming\mozilla\Firefox\Profiles\4u1ipfn5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.26 00:10:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.11.26 00:10:15 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.10.25 22:19:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.26 00:10:15 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe () O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IaNvSrv] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [picon] C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [MobileConnect] C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E99ED48-3FEE-4731-A0FD-005AF0202FD7}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2BC3353-8F8C-4A0C-82FF-403037C0D436}: NameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.09 22:35:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{24349f84-24c0-11e0-ac4d-00216ac241f2}\Shell - "" = AutoRun O33 - MountPoints2\{24349f84-24c0-11e0-ac4d-00216ac241f2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\Shell - "" = AutoRun O33 - MountPoints2\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{8fb333ea-52f1-11e0-a9be-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{8fb333ea-52f1-11e0-a9be-028037ec0200}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{f9f6de81-f196-11e0-9573-002713b6dd19}\Shell - "" = AutoRun O33 - MountPoints2\{f9f6de81-f196-11e0-9573-002713b6dd19}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {0C12DF01-205B-ED7A-1DEC-96225F6DC661} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {56978983-3200-E602-0362-CFB80E3EE582} - Microsoft Windows Media Player ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {7E681E36-585C-AA1B-6273-710388C48FED} - Java (Sun) ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {BCB5E3E4-4060-2D73-7BA3-2B056BDA5D0F} - Themes Setup ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F144B88C-09DC-47FF-8390-6F4CE8DAC244} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.19 23:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.19 23:02:16 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Bastian\Desktop\esetsmartinstaller_enu.exe [2011.12.18 17:05:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2011.12.17 17:07:35 | 000,000,000 | ---D | C] -- C:\Users\Bastian\AppData\Roaming\Malwarebytes [2011.12.17 17:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.17 17:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.12.17 17:07:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.12.17 17:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.12.17 14:51:39 | 000,000,000 | ---D | C] -- C:\83a370baaa6d703eb4bf237a [2011.12.10 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2011.12.10 00:24:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.12.07 19:07:49 | 000,000,000 | ---D | C] -- C:\Users\Bastian\Desktop\FW-Kirberg_Fahrsicherheitstraining_2011-12-04 [2011.12.01 23:49:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.20 16:54:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.20 15:56:13 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2011.12.19 23:02:17 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Bastian\Desktop\esetsmartinstaller_enu.exe [2011.12.18 22:42:02 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job [2011.12.18 17:05:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bastian\Desktop\OTL.exe [2011.12.18 13:08:04 | 001,619,442 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.18 13:08:04 | 000,700,836 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.18 13:08:04 | 000,653,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.18 13:08:04 | 000,149,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.18 13:08:04 | 000,121,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.18 12:55:11 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 12:55:11 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.18 01:14:18 | 3139,444,736 | -HS- | M] () -- C:\hiberfil.sys [2011.12.16 15:18:18 | 000,531,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.27 20:37:43 | 631,708,940 | ---- | M] () -- C:\Windows\MEMORY.DMP [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.09 15:04:06 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011.06.18 05:51:39 | 000,646,848 | ---- | C] () -- C:\Users\Bastian\AppData\Local\wanancsp.dat [2011.05.26 23:09:33 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\MPDLL.DLL [2011.05.26 23:09:32 | 000,000,075 | ---- | C] () -- C:\Windows\megapfad.ini [2011.03.08 23:19:51 | 000,004,096 | -H-- | C] () -- C:\Users\Bastian\AppData\Local\keyfile3.drm [2011.01.19 21:02:29 | 000,000,017 | ---- | C] () -- C:\Users\Bastian\AppData\Local\resmon.resmoncfg [2010.09.01 15:33:39 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.01 14:56:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.01 14:55:45 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2010.09.01 14:55:45 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2010.09.01 14:55:45 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2010.09.01 14:55:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2010.09.01 14:55:44 | 000,000,542 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.06.04 14:51:10 | 000,000,542 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== LOP Check ========== [2011.10.10 05:19:41 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Autodesk [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Canneverbe Limited [2011.06.02 15:52:27 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DAEMON Tools Lite [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\InterVideo [2011.06.18 14:13:16 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Miranda [2011.10.14 22:49:32 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\PCDr [2011.09.12 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Pyinp [2011.06.28 19:40:23 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\TerraTec [2011.10.14 22:48:54 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Update [2011.05.26 22:20:13 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Vodafone [2011.12.18 22:42:02 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2009.07.14 06:08:49 | 000,019,018 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.12.20 15:56:13 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Adobe [2011.07.15 08:06:54 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Apple Computer [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\ATI [2011.10.10 05:19:41 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Autodesk [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Avira [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Canneverbe Limited [2011.06.02 15:52:27 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\DAEMON Tools Lite [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\FLEXnet [2011.11.18 16:21:49 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Hewlett-Packard Company [2011.11.25 16:39:01 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\HpUpdate [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Identities [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Intel [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\InterVideo [2011.05.26 22:20:09 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Macromedia [2011.12.17 17:07:35 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Media Center Programs [2011.10.11 20:29:56 | 000,000,000 | --SD | M] -- C:\Users\Bastian\AppData\Roaming\Microsoft [2011.06.18 14:13:16 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Miranda [2011.05.26 22:20:11 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Mozilla [2011.10.14 22:49:32 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\PCDr [2011.09.12 14:58:12 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Pyinp [2011.06.02 15:15:48 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Roxio [2011.06.28 19:40:23 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\TerraTec [2011.10.14 22:48:54 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Update [2011.11.16 00:42:23 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\vlc [2011.05.26 22:20:13 | 000,000,000 | ---D | M] -- C:\Users\Bastian\AppData\Roaming\Vodafone < %APPDATA%\*.exe /s > [2011.08.19 21:29:37 | 000,010,134 | R--- | M] () -- C:\Users\Bastian\AppData\Roaming\Microsoft\Installer\{CB87D276-2F4A-453A-A2D8-D597927C59A0}\ARPPRODUCTICON.exe [2011.08.19 21:29:37 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Bastian\AppData\Roaming\Microsoft\Installer\{CB87D276-2F4A-453A-A2D8-D597927C59A0}\NewShortcut1_CB09F557482146D0BF868D1389AA6BC7_2.exe [2011.08.19 21:29:37 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Bastian\AppData\Roaming\Microsoft\Installer\{CB87D276-2F4A-453A-A2D8-D597927C59A0}\NewShortcut2_CB09F557482146D0BF868D1389AA6BC7_1.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.08.06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.08.06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SWTOOLS\DRIVERS\turbomem\DRV\Winall\Driver\IaStor.sys [2009.08.06 21:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.08.06 21:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys [2009.08.06 21:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\SWTOOLS\DRIVERS\turbomem\DRV\Winall\Driver64\IaStor.sys [2009.08.06 21:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.08.06 21:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_4e5c180df4db988c\iaStor.sys [2009.08.06 21:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_83773c065d299544\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NETLOGON.DLL.MUI > [2010.09.02 00:34:11 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=4AC18FDF3E2F10DB488305C30C96EB77 -- C:\Windows\SysNative\de-DE\netlogon.dll.mui [2010.09.02 00:34:15 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=B789D0A4B7495F9E8E9EA3423EA47C34 -- C:\Windows\SysWOW64\de-DE\netlogon.dll.mui < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: USERINIT.EXE.MUI > [2010.09.02 00:34:24 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=4A7B2370423EBC26B28A327E1D3C5400 -- C:\Windows\SysNative\de-DE\userinit.exe.mui [2010.09.02 00:34:11 | 000,004,096 | ---- | M] (Microsoft Corporation) MD5=522E6E34416F9DB378A0D4F3CFE4ACDA -- C:\Windows\SysWOW64\de-DE\userinit.exe.mui < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.09.02 00:39:21 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_cbde32e1ee86914c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [2010.09.02 00:39:21 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=FEFF314FF78051201309E47D90554BE8 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_cc6fd1fd079cfbce\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
20.12.2011, 22:02 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.10.09 22:35:37 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2008.06.10 17:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{24349f84-24c0-11e0-ac4d-00216ac241f2}\Shell - "" = AutoRun O33 - MountPoints2\{24349f84-24c0-11e0-ac4d-00216ac241f2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\Shell - "" = AutoRun O33 - MountPoints2\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\Shell\AutoRun\command - "" = D:\autorun.exe O33 - MountPoints2\{8fb333ea-52f1-11e0-a9be-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{8fb333ea-52f1-11e0-a9be-028037ec0200}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{f9f6de81-f196-11e0-9573-002713b6dd19}\Shell - "" = AutoRun O33 - MountPoints2\{f9f6de81-f196-11e0-9573-002713b6dd19}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a [2011.07.09 15:04:06 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011.06.18 05:51:39 | 000,646,848 | ---- | C] () -- C:\Users\Bastian\AppData\Local\wanancsp.dat :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. |
20.12.2011, 23:35 | #7 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Hallo Arne, hier der OTL-Log nach dem Neustart: Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File not found. Q:\AUTORUN.INF moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24349f84-24c0-11e0-ac4d-00216ac241f2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24349f84-24c0-11e0-ac4d-00216ac241f2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24349f84-24c0-11e0-ac4d-00216ac241f2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24349f84-24c0-11e0-ac4d-00216ac241f2}\ not found. File H:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24349f9a-24c0-11e0-ac4d-00216ac241f2}\ not found. File D:\autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fb333ea-52f1-11e0-a9be-028037ec0200}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fb333ea-52f1-11e0-a9be-028037ec0200}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fb333ea-52f1-11e0-a9be-028037ec0200}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fb333ea-52f1-11e0-a9be-028037ec0200}\ not found. File E:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b6a8b3de-b5ce-11df-b208-806e6f6e6963}\ not found. Q:\LenovoQDrive.exe moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9f6de81-f196-11e0-9573-002713b6dd19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9f6de81-f196-11e0-9573-002713b6dd19}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9f6de81-f196-11e0-9573-002713b6dd19}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9f6de81-f196-11e0-9573-002713b6dd19}\ not found. File E:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\LaunchU3.exe -a not found. C:\Windows\SUPDRun.exe moved successfully. C:\Users\Bastian\AppData\Local\wanancsp.dat moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Bastian ->Temp folder emptied: 1428114158 bytes ->Temporary Internet Files folder emptied: 57841609 bytes ->Java cache emptied: 508245 bytes ->FireFox cache emptied: 740078970 bytes ->Flash cache emptied: 22702 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Präsentation ->Temp folder emptied: 33692 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Public User: Rene Damitz %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 525792 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 44775358 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.167,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 12202011_232047 Files\Folders moved on Reboot... C:\Users\Bastian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Bastian |
21.12.2011, 10:04 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
21.12.2011, 21:50 | #9 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Hallo Arne, hier der LOG-File vom TDSS Killer: Code:
ATTFilter 21:47:23.0013 7004 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31 21:47:25.0014 7004 ============================================================ 21:47:25.0014 7004 Current date / time: 2011/12/21 21:47:25.0014 21:47:25.0014 7004 SystemInfo: 21:47:25.0014 7004 21:47:25.0014 7004 OS Version: 6.1.7601 ServicePack: 1.0 21:47:25.0014 7004 Product type: Workstation 21:47:25.0014 7004 ComputerName: BASTIAN-W500 21:47:25.0015 7004 UserName: Bastian 21:47:25.0015 7004 Windows directory: C:\Windows 21:47:25.0015 7004 System windows directory: C:\Windows 21:47:25.0015 7004 Running under WOW64 21:47:25.0015 7004 Processor architecture: Intel x64 21:47:25.0015 7004 Number of processors: 2 21:47:25.0015 7004 Page size: 0x1000 21:47:25.0015 7004 Boot type: Normal boot 21:47:25.0015 7004 ============================================================ 21:47:25.0468 7004 Initialize success 21:48:00.0991 4864 ============================================================ 21:48:00.0991 4864 Scan started 21:48:00.0991 4864 Mode: Manual; SigCheck; TDLFS; 21:48:00.0991 4864 ============================================================ 21:48:01.0724 4864 Scan interrupted by user! 21:48:01.0724 4864 Scan interrupted by user! 21:48:01.0724 4864 Scan interrupted by user! 21:48:01.0724 4864 ============================================================ 21:48:01.0724 4864 Scan finished 21:48:01.0724 4864 ============================================================ 21:48:01.0730 3496 Detected object count: 0 21:48:01.0730 3496 Actual detected object count: 0 21:48:14.0353 5616 ============================================================ 21:48:14.0353 5616 Scan started 21:48:14.0353 5616 Mode: Manual; SigCheck; TDLFS; 21:48:14.0353 5616 ============================================================ 21:48:14.0510 5616 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 21:48:14.0640 5616 1394ohci - ok 21:48:14.0685 5616 5U875UVC (149211ad76481ce108530abf5d011d92) C:\Windows\system32\DRIVERS\5U875.sys 21:48:15.0902 5616 5U875UVC - ok 21:48:15.0956 5616 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 21:48:15.0985 5616 ACPI - ok 21:48:16.0017 5616 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 21:48:16.0102 5616 AcpiPmi - ok 21:48:16.0152 5616 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 21:48:16.0183 5616 adp94xx - ok 21:48:16.0228 5616 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 21:48:16.0253 5616 adpahci - ok 21:48:16.0292 5616 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 21:48:16.0315 5616 adpu320 - ok 21:48:16.0380 5616 AF15BDA (5c88d51f14a47af72dd2841b2ca8b2ca) C:\Windows\system32\DRIVERS\AF15BDA.sys 21:48:16.0747 5616 AF15BDA - ok 21:48:16.0791 5616 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 21:48:16.0860 5616 AFD - ok 21:48:16.0966 5616 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 21:48:16.0987 5616 agp440 - ok 21:48:17.0028 5616 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 21:48:17.0047 5616 aliide - ok 21:48:17.0084 5616 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 21:48:17.0103 5616 amdide - ok 21:48:17.0145 5616 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 21:48:17.0216 5616 AmdK8 - ok 21:48:17.0427 5616 amdkmdag (54f05fccd1a6de22f21992fe5f7a7b40) C:\Windows\system32\DRIVERS\atipmdag.sys 21:48:18.0364 5616 amdkmdag - ok 21:48:18.0399 5616 amdkmdap (3fff0d6e7603601e62c5ad992b5e5912) C:\Windows\system32\DRIVERS\atikmpag.sys 21:48:19.0080 5616 amdkmdap - ok 21:48:19.0128 5616 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 21:48:19.0172 5616 AmdPPM - ok 21:48:19.0231 5616 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 21:48:19.0252 5616 amdsata - ok 21:48:19.0294 5616 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 21:48:19.0318 5616 amdsbs - ok 21:48:19.0346 5616 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 21:48:19.0366 5616 amdxata - ok 21:48:19.0430 5616 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 21:48:19.0534 5616 AppID - ok 21:48:19.0591 5616 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 21:48:19.0613 5616 arc - ok 21:48:19.0649 5616 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 21:48:19.0671 5616 arcsas - ok 21:48:19.0713 5616 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:48:19.0774 5616 AsyncMac - ok 21:48:19.0818 5616 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 21:48:19.0837 5616 atapi - ok 21:48:19.0996 5616 atikmdag (54f05fccd1a6de22f21992fe5f7a7b40) C:\Windows\system32\DRIVERS\atikmdag.sys 21:48:20.0719 5616 atikmdag - ok 21:48:20.0774 5616 ATSwpWDF (17b8d955be11b001456c47c5cfab1054) C:\Windows\system32\Drivers\ATSwpWDF.sys 21:48:21.0148 5616 ATSwpWDF - ok 21:48:21.0186 5616 avfwim (33eed63ec03eb4f1e32ae98548ef8d82) C:\Windows\system32\DRIVERS\avfwim.sys 21:48:21.0557 5616 avfwim - ok 21:48:21.0589 5616 avfwot (abe753b6883f2ad24654f74718ffd6e9) C:\Windows\system32\DRIVERS\avfwot.sys 21:48:22.0069 5616 avfwot - ok 21:48:22.0099 5616 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 21:48:22.0478 5616 avgntflt - ok 21:48:22.0509 5616 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 21:48:22.0787 5616 avipbb - ok 21:48:22.0846 5616 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 21:48:22.0920 5616 b06bdrv - ok 21:48:22.0952 5616 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:48:22.0999 5616 b57nd60a - ok 21:48:23.0034 5616 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:48:23.0087 5616 Beep - ok 21:48:23.0119 5616 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:48:23.0145 5616 blbdrive - ok 21:48:23.0179 5616 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 21:48:23.0229 5616 bowser - ok 21:48:23.0267 5616 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:48:23.0343 5616 BrFiltLo - ok 21:48:23.0389 5616 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:48:23.0411 5616 BrFiltUp - ok 21:48:23.0448 5616 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:48:23.0520 5616 Brserid - ok 21:48:23.0623 5616 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:48:23.0660 5616 BrSerWdm - ok 21:48:23.0687 5616 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:48:23.0714 5616 BrUsbMdm - ok 21:48:23.0742 5616 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:48:23.0768 5616 BrUsbSer - ok 21:48:23.0796 5616 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 21:48:23.0851 5616 BthEnum - ok 21:48:23.0892 5616 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 21:48:23.0935 5616 BTHMODEM - ok 21:48:23.0966 5616 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 21:48:23.0994 5616 BthPan - ok 21:48:24.0038 5616 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 21:48:24.0081 5616 BTHPORT - ok 21:48:24.0113 5616 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 21:48:24.0143 5616 BTHUSB - ok 21:48:24.0174 5616 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys 21:48:24.0526 5616 btwaudio - ok 21:48:24.0558 5616 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys 21:48:24.0936 5616 btwavdt - ok 21:48:24.0967 5616 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 21:48:25.0345 5616 btwl2cap - ok 21:48:25.0374 5616 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys 21:48:25.0656 5616 btwrchid - ok 21:48:25.0692 5616 CAXHWAZL (48360b88c4bf45850653bb7c86888ed4) C:\Windows\system32\DRIVERS\CAXHWAZL.sys 21:48:26.0453 5616 CAXHWAZL - ok 21:48:26.0500 5616 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:48:26.0559 5616 cdfs - ok 21:48:26.0591 5616 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 21:48:26.0624 5616 cdrom - ok 21:48:26.0657 5616 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 21:48:26.0687 5616 circlass - ok 21:48:26.0722 5616 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:48:26.0754 5616 CLFS - ok 21:48:26.0789 5616 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:48:26.0810 5616 CmBatt - ok 21:48:26.0862 5616 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 21:48:26.0881 5616 cmdide - ok 21:48:26.0932 5616 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys 21:48:26.0977 5616 CNG - ok 21:48:27.0023 5616 CnxtHdAudService (a358ef95afacc93afcc2292f160a5fe4) C:\Windows\system32\drivers\CHDRT64.sys 21:48:27.0736 5616 CnxtHdAudService - ok 21:48:27.0789 5616 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 21:48:27.0809 5616 Compbatt - ok 21:48:27.0838 5616 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 21:48:27.0882 5616 CompositeBus - ok 21:48:27.0927 5616 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 21:48:27.0947 5616 crcdisk - ok 21:48:27.0993 5616 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 21:48:28.0068 5616 CSC - ok 21:48:28.0106 5616 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 21:48:28.0169 5616 DfsC - ok 21:48:28.0199 5616 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:48:28.0237 5616 discache - ok 21:48:28.0267 5616 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 21:48:28.0290 5616 Disk - ok 21:48:28.0425 5616 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:48:28.0464 5616 drmkaud - ok 21:48:28.0499 5616 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 21:48:28.0827 5616 dtsoftbus01 - ok 21:48:28.0886 5616 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 21:48:28.0943 5616 DXGKrnl - ok 21:48:28.0981 5616 e1yexpress (d608110adb132e683360fca0f6b2bb53) C:\Windows\system32\DRIVERS\e1y60x64.sys 21:48:29.0339 5616 e1yexpress - ok 21:48:29.0377 5616 e36gbus (24bc0ec911009700caa38a8867a0f22a) C:\Windows\system32\DRIVERS\e36gbus.sys 21:48:29.0749 5616 e36gbus - ok 21:48:29.0777 5616 e36gmdfl (9b926801eacc6f04708ffaaededb9bb9) C:\Windows\system32\DRIVERS\e36gmdfl.sys 21:48:30.0158 5616 e36gmdfl - ok 21:48:30.0198 5616 e36gmdm (11a92b46e40ffb09ba010d95f5577d8b) C:\Windows\system32\DRIVERS\e36gmdm.sys 21:48:30.0567 5616 e36gmdm - ok 21:48:30.0606 5616 e36gmgmt (eb82c999e14c74d07133521ca37aa5c3) C:\Windows\system32\DRIVERS\e36gmgmt.sys 21:48:30.0979 5616 e36gmgmt - ok 21:48:31.0010 5616 e36wgps (7b2260b796d5de34ede7ae483005fcbb) C:\Windows\system32\DRIVERS\e36wgps64.sys 21:48:31.0285 5616 e36wgps - ok 21:48:31.0386 5616 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 21:48:31.0463 5616 ebdrv - ok 21:48:31.0522 5616 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 21:48:31.0551 5616 elxstor - ok 21:48:31.0587 5616 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 21:48:31.0676 5616 ErrDev - ok 21:48:31.0723 5616 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:48:31.0785 5616 exfat - ok 21:48:31.0836 5616 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:48:31.0902 5616 fastfat - ok 21:48:31.0950 5616 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 21:48:31.0988 5616 fdc - ok 21:48:32.0021 5616 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:48:32.0043 5616 FileInfo - ok 21:48:32.0093 5616 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:48:32.0132 5616 Filetrace - ok 21:48:32.0172 5616 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 21:48:32.0193 5616 flpydisk - ok 21:48:32.0229 5616 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 21:48:32.0262 5616 FltMgr - ok 21:48:32.0309 5616 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:48:32.0329 5616 FsDepends - ok 21:48:32.0357 5616 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 21:48:32.0378 5616 Fs_Rec - ok 21:48:32.0412 5616 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:48:32.0439 5616 fvevol - ok 21:48:32.0528 5616 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:48:32.0549 5616 gagp30kx - ok 21:48:32.0577 5616 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:48:32.0887 5616 GEARAspiWDM - ok 21:48:32.0926 5616 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:48:32.0985 5616 hcw85cir - ok 21:48:33.0044 5616 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 21:48:33.0074 5616 HdAudAddService - ok 21:48:33.0105 5616 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 21:48:33.0146 5616 HDAudBus - ok 21:48:33.0175 5616 HECIx64 (15c9789470b8855ac2f54fdf96802d13) C:\Windows\system32\DRIVERS\HECIx64.sys 21:48:33.0536 5616 HECIx64 - ok 21:48:33.0581 5616 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 21:48:33.0621 5616 HidBatt - ok 21:48:33.0687 5616 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 21:48:33.0726 5616 HidBth - ok 21:48:33.0765 5616 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 21:48:33.0808 5616 HidIr - ok 21:48:33.0874 5616 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 21:48:33.0915 5616 HidUsb - ok 21:48:33.0967 5616 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 21:48:33.0988 5616 HpSAMD - ok 21:48:34.0060 5616 HSF_DPV (f6ac1087a131fbb385400667bea64fbe) C:\Windows\system32\DRIVERS\CAX_DPV.sys 21:48:34.0746 5616 HSF_DPV - ok 21:48:34.0797 5616 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 21:48:34.0873 5616 HTTP - ok 21:48:34.0901 5616 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 21:48:34.0921 5616 hwpolicy - ok 21:48:34.0951 5616 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 21:48:34.0976 5616 i8042prt - ok 21:48:35.0035 5616 iaNvStor (81f6586accdb49bcb20004c3e9866048) C:\Windows\system32\DRIVERS\iaNvStor.sys 21:48:35.0379 5616 iaNvStor - ok 21:48:35.0419 5616 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys 21:48:35.0894 5616 iaStor - ok 21:48:35.0964 5616 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 21:48:35.0991 5616 iaStorV - ok 21:48:36.0020 5616 IBMPMDRV (b8e7ca64fff8b71636dea3a845cc23e5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys 21:48:36.0304 5616 IBMPMDRV - ok 21:48:36.0497 5616 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys 21:48:37.0205 5616 igfx - ok 21:48:37.0248 5616 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 21:48:37.0268 5616 iirsp - ok 21:48:37.0327 5616 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 21:48:37.0346 5616 intelide - ok 21:48:37.0594 5616 intelkmd (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdpmd64.sys 21:48:38.0435 5616 intelkmd - ok 21:48:38.0468 5616 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:48:38.0502 5616 intelppm - ok 21:48:38.0546 5616 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:48:38.0585 5616 IpFilterDriver - ok 21:48:38.0623 5616 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 21:48:38.0647 5616 IPMIDRV - ok 21:48:38.0681 5616 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:48:38.0738 5616 IPNAT - ok 21:48:38.0787 5616 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:48:38.0869 5616 IRENUM - ok 21:48:38.0911 5616 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 21:48:38.0931 5616 isapnp - ok 21:48:38.0972 5616 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 21:48:38.0998 5616 iScsiPrt - ok 21:48:39.0081 5616 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 21:48:39.0103 5616 kbdclass - ok 21:48:39.0157 5616 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 21:48:39.0194 5616 kbdhid - ok 21:48:39.0226 5616 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys 21:48:39.0249 5616 KSecDD - ok 21:48:39.0296 5616 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys 21:48:39.0323 5616 KSecPkg - ok 21:48:39.0351 5616 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:48:39.0408 5616 ksthunk - ok 21:48:39.0444 5616 lenovo.smi (5acff5823634bc2c4ebf559c3b33e18e) C:\Windows\system32\DRIVERS\smiifx64.sys 21:48:39.0784 5616 lenovo.smi - ok 21:48:39.0816 5616 LenovoRd (606da892a53fa863b67f8d3f8ff016a0) C:\Windows\system32\Drivers\LenovoRd.sys 21:48:40.0481 5616 LenovoRd - ok 21:48:40.0511 5616 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:48:40.0550 5616 lltdio - ok 21:48:40.0606 5616 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:48:40.0627 5616 LSI_FC - ok 21:48:40.0656 5616 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:48:40.0677 5616 LSI_SAS - ok 21:48:40.0706 5616 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:48:40.0726 5616 LSI_SAS2 - ok 21:48:40.0757 5616 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:48:40.0779 5616 LSI_SCSI - ok 21:48:40.0810 5616 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:48:40.0863 5616 luafv - ok 21:48:40.0905 5616 massfilter (b5e86524918ef32b32d1032e0c8e92a3) C:\Windows\system32\DRIVERS\massfilter.sys 21:48:40.0957 5616 massfilter - ok 21:48:40.0987 5616 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 21:48:41.0607 5616 mdmxsdk - ok 21:48:41.0656 5616 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 21:48:41.0676 5616 megasas - ok 21:48:41.0724 5616 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 21:48:41.0750 5616 MegaSR - ok 21:48:41.0784 5616 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:48:41.0846 5616 Modem - ok 21:48:41.0875 5616 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:48:41.0900 5616 monitor - ok 21:48:41.0929 5616 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:48:41.0951 5616 mouclass - ok 21:48:42.0001 5616 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:48:42.0044 5616 mouhid - ok 21:48:42.0075 5616 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 21:48:42.0096 5616 mountmgr - ok 21:48:42.0155 5616 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 21:48:42.0179 5616 mpio - ok 21:48:42.0208 5616 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:48:42.0261 5616 mpsdrv - ok 21:48:42.0321 5616 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 21:48:42.0392 5616 MRxDAV - ok 21:48:42.0424 5616 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:48:42.0479 5616 mrxsmb - ok 21:48:42.0515 5616 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:48:42.0563 5616 mrxsmb10 - ok 21:48:42.0595 5616 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:48:42.0620 5616 mrxsmb20 - ok 21:48:42.0661 5616 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 21:48:42.0681 5616 msahci - ok 21:48:42.0723 5616 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 21:48:42.0746 5616 msdsm - ok 21:48:42.0777 5616 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:48:42.0814 5616 Msfs - ok 21:48:42.0842 5616 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:48:42.0896 5616 mshidkmdf - ok 21:48:42.0924 5616 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 21:48:42.0944 5616 msisadrv - ok 21:48:42.0990 5616 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:48:43.0027 5616 MSKSSRV - ok 21:48:43.0059 5616 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:48:43.0116 5616 MSPCLOCK - ok 21:48:43.0157 5616 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:48:43.0219 5616 MSPQM - ok 21:48:43.0275 5616 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 21:48:43.0382 5616 MsRPC - ok 21:48:43.0412 5616 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 21:48:43.0432 5616 mssmbios - ok 21:48:43.0527 5616 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:48:43.0578 5616 MSTEE - ok 21:48:43.0659 5616 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:48:43.0693 5616 MTConfig - ok 21:48:43.0722 5616 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:48:43.0744 5616 Mup - ok 21:48:43.0784 5616 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:48:43.0825 5616 NativeWifiP - ok 21:48:43.0881 5616 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 21:48:43.0923 5616 NDIS - ok 21:48:43.0965 5616 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:48:44.0005 5616 NdisCap - ok 21:48:44.0034 5616 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:48:44.0074 5616 NdisTapi - ok 21:48:44.0103 5616 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 21:48:44.0144 5616 Ndisuio - ok 21:48:44.0176 5616 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 21:48:44.0226 5616 NdisWan - ok 21:48:44.0255 5616 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 21:48:44.0302 5616 NDProxy - ok 21:48:44.0333 5616 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:48:44.0381 5616 NetBIOS - ok 21:48:44.0416 5616 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 21:48:44.0461 5616 NetBT - ok 21:48:44.0702 5616 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys 21:48:45.0602 5616 NETw5s64 - ok 21:48:45.0740 5616 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 21:48:45.0854 5616 netw5v64 - ok 21:48:45.0905 5616 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 21:48:45.0926 5616 nfrd960 - ok 21:48:45.0960 5616 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:48:46.0014 5616 Npfs - ok 21:48:46.0045 5616 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:48:46.0092 5616 nsiproxy - ok 21:48:46.0190 5616 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 21:48:46.0278 5616 Ntfs - ok 21:48:46.0308 5616 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:48:46.0349 5616 Null - ok 21:48:46.0413 5616 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 21:48:46.0435 5616 nvraid - ok 21:48:46.0480 5616 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 21:48:46.0502 5616 nvstor - ok 21:48:46.0555 5616 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 21:48:46.0577 5616 nv_agp - ok 21:48:46.0621 5616 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 21:48:46.0657 5616 ohci1394 - ok 21:48:46.0696 5616 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 21:48:46.0721 5616 Parport - ok 21:48:46.0750 5616 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 21:48:46.0774 5616 partmgr - ok 21:48:46.0877 5616 PCDSRVC{127174DC-C366ED8B-06020200}_0 (4b5f5774ff1c577b9515fdd2b5c535c5) c:\program files\pc-doctor\pcdsrvc_x64.pkms 21:48:47.0156 5616 PCDSRVC{127174DC-C366ED8B-06020200}_0 - ok 21:48:47.0191 5616 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 21:48:47.0209 5616 pci - ok 21:48:47.0256 5616 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 21:48:47.0275 5616 pciide - ok 21:48:47.0310 5616 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 21:48:47.0339 5616 pcmcia - ok 21:48:47.0368 5616 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:48:47.0390 5616 pcw - ok 21:48:47.0438 5616 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:48:47.0514 5616 PEAUTH - ok 21:48:47.0594 5616 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys 21:48:48.0262 5616 Point64 - ok 21:48:48.0300 5616 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 21:48:48.0360 5616 PptpMiniport - ok 21:48:48.0404 5616 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 21:48:48.0445 5616 Processor - ok 21:48:48.0476 5616 psadd (515a7c5a0886fcc60901916785efd549) C:\Windows\system32\DRIVERS\psadd.sys 21:48:48.0794 5616 psadd - ok 21:48:48.0826 5616 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 21:48:48.0881 5616 Psched - ok 21:48:48.0911 5616 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 21:48:49.0207 5616 PxHlpa64 - ok 21:48:49.0285 5616 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 21:48:49.0332 5616 ql2300 - ok 21:48:49.0380 5616 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 21:48:49.0403 5616 ql40xx - ok 21:48:49.0447 5616 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:48:49.0486 5616 QWAVEdrv - ok 21:48:49.0526 5616 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:48:49.0580 5616 RasAcd - ok 21:48:49.0610 5616 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:48:49.0652 5616 RasAgileVpn - ok 21:48:49.0685 5616 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:48:49.0735 5616 Rasl2tp - ok 21:48:49.0768 5616 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:48:49.0821 5616 RasPppoe - ok 21:48:49.0851 5616 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:48:49.0902 5616 RasSstp - ok 21:48:49.0939 5616 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 21:48:49.0990 5616 rdbss - ok 21:48:50.0018 5616 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 21:48:50.0044 5616 rdpbus - ok 21:48:50.0072 5616 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:48:50.0111 5616 RDPCDD - ok 21:48:50.0157 5616 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 21:48:50.0219 5616 RDPDR - ok 21:48:50.0248 5616 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:48:50.0300 5616 RDPENCDD - ok 21:48:50.0330 5616 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:48:50.0370 5616 RDPREFMP - ok 21:48:50.0416 5616 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 21:48:50.0457 5616 RDPWD - ok 21:48:50.0494 5616 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 21:48:50.0600 5616 rdyboost - ok 21:48:50.0639 5616 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 21:48:50.0684 5616 RFCOMM - ok 21:48:50.0714 5616 rimmptsk (f45d6e12eb99a668f52201637c67c8f5) C:\Windows\system32\DRIVERS\rimmpx64.sys 21:48:51.0334 5616 rimmptsk - ok 21:48:51.0364 5616 rimsptsk (eac02ed935a9c1f2ddd8d985c465b854) C:\Windows\system32\DRIVERS\rimspx64.sys 21:48:52.0051 5616 rimsptsk - ok 21:48:52.0081 5616 rismxdp (931a8f843b4120df527c3684daf77fd9) C:\Windows\system32\DRIVERS\rixdpx64.sys 21:48:52.0870 5616 rismxdp - ok 21:48:52.0910 5616 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:48:52.0971 5616 rspndr - ok 21:48:53.0024 5616 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 21:48:53.0070 5616 s3cap - ok 21:48:53.0114 5616 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 21:48:53.0136 5616 sbp2port - ok 21:48:53.0167 5616 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 21:48:53.0204 5616 scfilter - ok 21:48:53.0238 5616 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 21:48:53.0259 5616 sdbus - ok 21:48:53.0291 5616 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:48:53.0350 5616 secdrv - ok 21:48:53.0383 5616 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 21:48:53.0404 5616 Serenum - ok 21:48:53.0435 5616 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 21:48:53.0473 5616 Serial - ok 21:48:53.0520 5616 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 21:48:53.0555 5616 sermouse - ok 21:48:53.0606 5616 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 21:48:53.0669 5616 sffdisk - ok 21:48:53.0703 5616 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 21:48:53.0744 5616 sffp_mmc - ok 21:48:53.0791 5616 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys 21:48:53.0831 5616 sffp_sd - ok 21:48:53.0876 5616 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 21:48:53.0913 5616 sfloppy - ok 21:48:53.0968 5616 Shockprf (5a5346931ce61ea85f8338f7a03131f7) C:\Windows\system32\DRIVERS\Apsx64.sys 21:48:54.0322 5616 Shockprf - ok 21:48:54.0369 5616 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:48:54.0389 5616 SiSRaid2 - ok 21:48:54.0431 5616 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 21:48:54.0454 5616 SiSRaid4 - ok 21:48:54.0495 5616 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:48:54.0551 5616 Smb - ok 21:48:54.0583 5616 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:48:54.0602 5616 spldr - ok 21:48:54.0676 5616 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 21:48:54.0716 5616 srv - ok 21:48:54.0756 5616 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 21:48:54.0807 5616 srv2 - ok 21:48:54.0858 5616 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 21:48:54.0885 5616 SrvHsfHDA - ok 21:48:54.0949 5616 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 21:48:55.0014 5616 SrvHsfV92 - ok 21:48:55.0080 5616 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 21:48:55.0114 5616 SrvHsfWinac - ok 21:48:55.0159 5616 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 21:48:55.0206 5616 srvnet - ok 21:48:55.0252 5616 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 21:48:55.0271 5616 stexstor - ok 21:48:55.0301 5616 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 21:48:55.0341 5616 StillCam - ok 21:48:55.0374 5616 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 21:48:55.0395 5616 storflt - ok 21:48:55.0459 5616 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 21:48:55.0478 5616 storvsc - ok 21:48:55.0509 5616 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 21:48:55.0529 5616 swenum - ok 21:48:55.0584 5616 SynTP (772493a8945495f1a287bf6c4ca25b48) C:\Windows\system32\DRIVERS\SynTP.sys 21:48:55.0955 5616 SynTP - ok 21:48:56.0071 5616 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 21:48:56.0179 5616 Tcpip - ok 21:48:56.0264 5616 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 21:48:56.0304 5616 TCPIP6 - ok 21:48:56.0337 5616 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 21:48:56.0395 5616 tcpipreg - ok 21:48:56.0426 5616 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:48:56.0469 5616 TDPIPE - ok 21:48:56.0511 5616 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 21:48:56.0569 5616 TDTCP - ok 21:48:56.0600 5616 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 21:48:56.0649 5616 tdx - ok 21:48:56.0680 5616 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 21:48:56.0702 5616 TermDD - ok 21:48:56.0737 5616 TPDIGIMN (7e25f9ae51daac0791df1eb949a58dbe) C:\Windows\system32\DRIVERS\ApsHM64.sys 21:48:57.0192 5616 TPDIGIMN - ok 21:48:57.0224 5616 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys 21:48:57.0246 5616 TPM - ok 21:48:57.0281 5616 TPPWRIF (2c067e01d6bbccc88b233b868e210907) C:\Windows\system32\drivers\Tppwr64v.sys 21:48:57.0600 5616 TPPWRIF - ok 21:48:57.0654 5616 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:48:57.0713 5616 tssecsrv - ok 21:48:57.0762 5616 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 21:48:57.0789 5616 TsUsbFlt - ok 21:48:57.0821 5616 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 21:48:57.0857 5616 tunnel - ok 21:48:57.0888 5616 TVTI2C (fcfa0cff6c50ff3a58a22a15ea2a9fe5) C:\Windows\system32\DRIVERS\Tvti2c.sys 21:48:58.0214 5616 TVTI2C - ok 21:48:58.0263 5616 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 21:48:58.0283 5616 uagp35 - ok 21:48:58.0322 5616 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 21:48:58.0392 5616 udfs - ok 21:48:58.0451 5616 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 21:48:58.0474 5616 uliagpkx - ok 21:48:58.0504 5616 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 21:48:58.0540 5616 umbus - ok 21:48:58.0603 5616 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:48:58.0643 5616 UmPass - ok 21:48:58.0715 5616 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 21:48:59.0834 5616 USBAAPL64 - ok 21:48:59.0880 5616 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 21:48:59.0936 5616 usbccgp - ok 21:48:59.0991 5616 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 21:49:00.0030 5616 usbcir - ok 21:49:00.0060 5616 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 21:49:00.0087 5616 usbehci - ok 21:49:00.0125 5616 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 21:49:00.0169 5616 usbhub - ok 21:49:00.0211 5616 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 21:49:00.0248 5616 usbohci - ok 21:49:00.0277 5616 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:49:00.0304 5616 usbprint - ok 21:49:00.0349 5616 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 21:49:00.0382 5616 USBSTOR - ok 21:49:00.0411 5616 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys 21:49:00.0433 5616 usbuhci - ok 21:49:00.0476 5616 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 21:49:00.0521 5616 usbvideo - ok 21:49:00.0554 5616 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 21:49:00.0574 5616 vdrvroot - ok 21:49:00.0621 5616 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:49:00.0643 5616 vga - ok 21:49:00.0672 5616 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:49:00.0725 5616 VgaSave - ok 21:49:00.0778 5616 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 21:49:00.0804 5616 vhdmp - ok 21:49:00.0867 5616 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 21:49:00.0886 5616 viaide - ok 21:49:00.0928 5616 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 21:49:00.0956 5616 vmbus - ok 21:49:00.0995 5616 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 21:49:01.0040 5616 VMBusHID - ok 21:49:01.0082 5616 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 21:49:01.0109 5616 volmgr - ok 21:49:01.0147 5616 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 21:49:01.0176 5616 volmgrx - ok 21:49:01.0235 5616 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 21:49:01.0268 5616 volsnap - ok 21:49:01.0314 5616 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 21:49:01.0337 5616 vsmraid - ok 21:49:01.0367 5616 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 21:49:01.0405 5616 vwifibus - ok 21:49:01.0434 5616 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 21:49:01.0461 5616 vwififlt - ok 21:49:01.0513 5616 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 21:49:01.0553 5616 WacomPen - ok 21:49:01.0584 5616 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:49:01.0630 5616 WANARP - ok 21:49:01.0669 5616 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:49:01.0705 5616 Wanarpv6 - ok 21:49:01.0739 5616 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 21:49:01.0759 5616 Wd - ok 21:49:01.0806 5616 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:49:01.0852 5616 Wdf01000 - ok 21:49:01.0891 5616 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:49:01.0931 5616 WfpLwf - ok 21:49:01.0959 5616 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:49:01.0979 5616 WIMMount - ok 21:49:02.0029 5616 winachsf (1edbbf412a382550af6eb35f5e46928e) C:\Windows\system32\DRIVERS\CAX_CNXT.sys 21:49:02.0703 5616 winachsf - ok 21:49:02.0783 5616 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 21:49:02.0834 5616 WinUsb - ok 21:49:02.0866 5616 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 21:49:02.0885 5616 WmiAcpi - ok 21:49:02.0922 5616 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:49:02.0969 5616 ws2ifsl - ok 21:49:03.0007 5616 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 21:49:03.0058 5616 WudfPf - ok 21:49:03.0092 5616 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:49:03.0129 5616 WUDFRd - ok 21:49:03.0168 5616 WwanUsbServ (54f2b6007bcc2dc4c6a441efc719388c) C:\Windows\system32\DRIVERS\WwanUsbMp64.sys 21:49:03.0538 5616 WwanUsbServ - ok 21:49:03.0567 5616 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys 21:49:04.0237 5616 XAudio - ok 21:49:04.0296 5616 ZTEusbmdm6k (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 21:49:04.0326 5616 ZTEusbmdm6k - ok 21:49:04.0355 5616 ZTEusbnet (01cbeea25aa78c0f0272654048d61f34) C:\Windows\system32\DRIVERS\ZTEusbnet.sys 21:49:04.0379 5616 ZTEusbnet - ok 21:49:04.0425 5616 ZTEusbnmea (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 21:49:04.0478 5616 ZTEusbnmea - ok 21:49:04.0507 5616 ZTEusbser6k (31db70a61814e4f33181d48190d46845) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 21:49:04.0526 5616 ZTEusbser6k - ok 21:49:04.0571 5616 ZTEusbvoice (c9ada887bf326d8413e81fe80b1be7eb) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys 21:49:04.0591 5616 ZTEusbvoice - ok 21:49:04.0645 5616 MBR (0x1B8) (d4146ba26b1086a4368fe9b2dea195a9) \Device\Harddisk0\DR0 21:49:04.0651 5616 \Device\Harddisk0\DR0 - ok 21:49:04.0654 5616 Boot (0x1200) (95c3a21b964bc43c1cb3adb59460ab64) \Device\Harddisk0\DR0\Partition0 21:49:04.0654 5616 \Device\Harddisk0\DR0\Partition0 - ok 21:49:04.0657 5616 Boot (0x1200) (50b91d3acd09addfe85004a78c007a0c) \Device\Harddisk0\DR0\Partition1 21:49:04.0657 5616 \Device\Harddisk0\DR0\Partition1 - ok 21:49:04.0660 5616 Boot (0x1200) (c799165fdaa3bb3f6ecc0f2514f099c5) \Device\Harddisk0\DR0\Partition2 21:49:04.0661 5616 \Device\Harddisk0\DR0\Partition2 - ok 21:49:04.0664 5616 Boot (0x1200) (af2b4dfc55564a3bfd364096bdd81a4d) \Device\Harddisk0\DR0\Partition3 21:49:04.0664 5616 \Device\Harddisk0\DR0\Partition3 - ok 21:49:04.0665 5616 ============================================================ 21:49:04.0665 5616 Scan finished 21:49:04.0665 5616 ============================================================ 21:49:04.0673 2220 Detected object count: 0 21:49:04.0673 2220 Actual detected object count: 0 Bastian |
21.12.2011, 21:52 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.12.2011, 23:08 | #11 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Hallo Arne, hier der LOG-File von Combofix: Code:
ATTFilter ComboFix 11-12-21.02 - Bastian 21.12.2011 22:51:37.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3992.2320 [GMT 1:00] ausgeführt von:: c:\users\Bastian\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk c:\programdata\NOTEPAD.EXE-x.txt c:\programdata\RUNDLL32.EXE-x.txt c:\swtools\APPS\CBED\CBE\ACTIVATION_104\_desktop.ini c:\swtools\APPS\CBED\CBE\ACTIVATION_104\BIN\_desktop.ini c:\windows\security\Database\tmp.edb c:\windows\system32\java.exe c:\windows\system32\jucheck.exe c:\windows\system32\jusched.exe c:\windows\system32\Thumbs.db . . ((((((((((((((((((((((( Dateien erstellt von 2011-11-21 bis 2011-12-21 )))))))))))))))))))))))))))))) . . 2011-12-20 22:54 . 2011-09-30 17:14 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll 2011-12-20 22:54 . 2011-09-30 17:16 393264 ----a-w- c:\windows\system32\drivers\SynTP.sys 2011-12-20 22:54 . 2011-09-30 17:14 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll 2011-12-20 22:54 . 2011-09-30 17:14 226600 ----a-w- c:\windows\system32\SynTPAPI.dll 2011-12-20 22:54 . 2011-09-30 17:14 148264 ----a-w- c:\windows\system32\SynTPCo9.dll 2011-12-20 22:54 . 2011-09-30 17:14 276776 ----a-w- c:\windows\system32\SynCtrl.dll 2011-12-20 22:54 . 2011-09-30 17:14 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll 2011-12-20 22:54 . 2011-09-30 17:14 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll 2011-12-20 22:54 . 2011-09-14 17:11 1048576 ----a-w- c:\windows\system32\syndata.bin 2011-12-20 22:54 . 2011-12-20 22:54 -------- d-----w- C:\DRIVERS 2011-12-20 22:47 . 2011-12-20 22:47 -------- d-----w- c:\users\Bastian\AppData\Local\Akamai 2011-12-20 22:20 . 2011-12-20 22:20 -------- d-----w- C:\_OTL 2011-12-19 22:02 . 2011-12-19 22:02 -------- d-----w- c:\program files (x86)\ESET 2011-12-17 16:07 . 2011-12-17 16:07 -------- d-----w- c:\users\Bastian\AppData\Roaming\Malwarebytes 2011-12-17 16:07 . 2011-12-17 16:07 -------- d-----w- c:\programdata\Malwarebytes 2011-12-17 16:07 . 2011-12-17 16:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-17 16:07 . 2011-08-31 16:00 25416 ------w- c:\windows\system32\drivers\mbam.sys 2011-12-17 13:51 . 2011-12-17 13:51 -------- d-----w- C:\83a370baaa6d703eb4bf237a 2011-12-16 14:10 . 2011-11-30 01:21 8822856 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6AF6121-F53F-4D64-9B24-FC720608DA0C}\mpengine.dll 2011-12-14 00:06 . 2011-10-26 05:21 43520 ------w- c:\windows\system32\csrsrv.dll 2011-12-14 00:00 . 2011-11-24 04:52 3145216 ------w- c:\windows\system32\win32k.sys 2011-12-14 00:00 . 2011-10-15 06:31 723456 ------w- c:\windows\system32\EncDec.dll 2011-12-14 00:00 . 2011-10-15 05:38 534528 ------w- c:\windows\SysWow64\EncDec.dll 2011-12-14 00:00 . 2011-11-05 05:32 2048 ------w- c:\windows\system32\tzres.dll 2011-12-14 00:00 . 2011-11-05 04:26 2048 ------w- c:\windows\SysWow64\tzres.dll 2011-12-12 22:32 . 2011-08-13 05:27 6144 ------w- c:\program files\Internet Explorer\iecompat.dll 2011-12-12 22:32 . 2011-08-13 04:18 6144 ------w- c:\program files (x86)\Internet Explorer\iecompat.dll 2011-12-09 23:24 . 2011-12-09 23:24 -------- d-----w- c:\windows\Sun 2011-12-01 22:50 . 2011-12-01 22:50 414368 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-01 22:49 . 2011-12-01 22:49 -------- d-----w- c:\windows\system32\Macromed . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-18 15:22 . 2011-11-18 15:22 608 --sh--w- c:\windows\system32\winzvprt5.sys 2011-11-15 13:29 . 2011-03-01 16:11 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-10-24 13:29 . 2011-10-24 13:29 94208 ------w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ------w- c:\windows\SysWow64\QuickTime.qts 2011-09-30 17:14 . 2010-04-22 22:13 415528 ----a-w- c:\windows\system32\SynCOM.dll 2011-09-29 16:29 . 2011-11-08 22:13 1923952 ------w- c:\windows\system32\drivers\tcpip.sys . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Akamai NetSession Interface"="c:\users\Bastian\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2009-08-23 876832] "Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-01 281768] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-04-20 2327552] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "ToolboxFX"="c:\program files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe" [2010-10-25 58936] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] . c:\users\Bastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 1079584] Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2010-9-1 50688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424] R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 e36gbus;F3607gw Mobile Broadband Device driver (Win7);c:\windows\system32\DRIVERS\e36gbus.sys [x] R3 e36gmdfl;F3607gw Mobile Broadband Data Modem Filter (Win7);c:\windows\system32\DRIVERS\e36gmdfl.sys [x] R3 e36gmdm;F3607gw Mobile Broadband Data Modem Driver (Win7);c:\windows\system32\DRIVERS\e36gmdm.sys [x] R3 e36gmgmt;F3607gw Mobile Broadband Device Management Drivers (Win7);c:\windows\system32\DRIVERS\e36gmgmt.sys [x] R3 e36wgps;Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\e36wgps64.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-09 1436424] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter.sys [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 PCDSRVC{127174DC-C366ED8B-06020200}_0;PCDSRVC{127174DC-C366ED8B-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms [2011-06-27 25584] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-04 1124848] R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp64.sys [x] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x] R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys [x] S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [x] S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-07-09 131336] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-07-09 567464] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-07-09 340136] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-27 136360] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-07-09 428200] S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\ATService.exe [x] S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [x] S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 Megatech-Software-Protection;Megatech-Software-Protection;c:\megatech\MProtect\MPSERV.EXE [2007-12-12 36864] S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-08-04 2058776] S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-04-20 9216] S2 WMCoreService;Mobile Broadband Core Service;c:\program files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x] S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x] S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x] S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 LenovoRd;LenovoRd;c:\windows\system32\Drivers\LenovoRd.sys [x] S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2011-12-20 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . 2011-12-21 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X] "FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752] "picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424] "TpShocks"="TpShocks.exe" [2009-07-08 380704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 365592] "AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-06 186904] "IaNvSrv"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-08-20 33304] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632] "HP LaserJet Professional CM1410 Series Fax"="c:\program files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe" [2010-08-24 3706424] "combofix"="c:\combofix\CF28628.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp:// mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 172.22.1.125 TCP: Interfaces\{D2BC3353-8F8C-4A0C-82FF-403037C0D436}: NameServer = 139.7.30.125 139.7.30.126 FF - ProfilePath - c:\users\Bastian\AppData\Roaming\Mozilla\Firefox\Profiles\4u1ipfn5.default\ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020200}_0] "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Mobile Broadband Drivers\WMCore\mini_WMCore.exe c:\program files (x86)\Lenovo\Access Connections\AcSvc.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files (x86)\Intel\AMT\LMS.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Lenovo\System Update\SUService.exe c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe . ************************************************************************** . Zeit der Fertigstellung: 2011-12-21 23:03:22 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2011-12-21 22:03 . Vor Suchlauf: 16 Verzeichnis(se), 72.274.079.744 Bytes frei Nach Suchlauf: 20 Verzeichnis(se), 71.938.490.368 Bytes frei . - - End Of File - - 6BC7083E10F2598C51A810107466C580 Bastian |
22.12.2011, 09:17 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
22.12.2011, 22:27 | #13 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Hallo Arne, habe aswMBR einen Scan machen lassen und dabei war auf einmal ein Blue Screen und Windows wurde neu gestartet. Ich führe jetzt noch mal einen Scan durch. Grüße, Bastian |
22.12.2011, 22:38 | #14 |
| Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Hallo Arne, jetzt hat es geklappt. Nicht wundern, dass in dem Log-File zwei Scans drin sind. Hatte aswMBR vorhin ausgeführt als ich noch nicht im W-LAN drin war, deshalb steht beim ersten Scan etwas von "download error". Hier der LOG-File: Code:
ATTFilter aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-22 20:39:08 ----------------------------- 20:39:08.298 OS Version: Windows x64 6.1.7601 Service Pack 1 20:39:08.298 Number of processors: 2 586 0x170A 20:39:08.298 ComputerName: BASTIAN-W500 UserName: Bastian 20:39:10.482 Initialize success 20:39:20.608 AVAST engine download error: 0 20:39:43.181 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:39:43.197 Disk 0 Vendor: Size: 0MB BusType: 0 20:39:43.197 Disk 1 \Device\Harddisk1\DR1 -> \Device\RobsonImd-0 20:39:43.197 Disk 1 Vendor: Size: 1405MB BusType: 0 20:39:43.213 Disk 0 MBR read successfully 20:39:43.213 Disk 0 MBR scan 20:39:43.213 Disk 0 unknown MBR code 20:39:43.213 Disk 0 MBR hidden 20:39:43.228 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048 20:39:43.228 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 179879 MB offset 2459648 20:39:43.228 Disk 0 Partition - 00 0F Extended LBA 114163 MB offset 370853888 20:39:43.228 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712 20:39:43.228 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 114162 MB offset 370855936 20:39:43.681 Service scanning 20:39:47.627 Modules scanning 20:39:47.627 Disk 0 trace - called modules: 20:39:47.627 20:39:47.627 Scan finished successfully 20:40:02.744 Disk 0 MBR has been saved successfully to "C:\Users\Bastian\Desktop\MBR.dat" 20:40:02.744 The log file has been saved successfully to "C:\Users\Bastian\Desktop\aswMBR.txt" aswMBR version 0.9.9.1116 Copyright(c) 2011 AVAST Software Run date: 2011-12-22 22:28:10 ----------------------------- 22:28:10.216 OS Version: Windows x64 6.1.7601 Service Pack 1 22:28:10.216 Number of processors: 2 586 0x170A 22:28:10.216 ComputerName: BASTIAN-W500 UserName: Bastian 22:28:11.542 Initialize success 22:28:15.348 AVAST engine defs: 11122200 22:28:38.499 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:28:38.530 Disk 0 Vendor: Size: 0MB BusType: 0 22:28:38.530 Disk 1 \Device\Harddisk1\DR1 -> \Device\RobsonImd-0 22:28:38.530 Disk 1 Vendor: Size: 1405MB BusType: 0 22:28:38.530 Disk 0 MBR read successfully 22:28:38.546 Disk 0 MBR scan 22:28:38.561 Disk 0 unknown MBR code 22:28:38.561 Disk 0 MBR hidden 22:28:38.561 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048 22:28:38.561 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 179879 MB offset 2459648 22:28:38.577 Disk 0 Partition - 00 0F Extended LBA 114163 MB offset 370853888 22:28:38.577 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 604659712 22:28:38.577 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 114162 MB offset 370855936 22:28:38.592 Service scanning 22:28:39.762 Modules scanning 22:28:39.762 Disk 0 trace - called modules: 22:28:39.762 22:28:40.511 AVAST engine scan C:\Windows 22:28:44.224 AVAST engine scan C:\Windows\system32 22:30:23.864 AVAST engine scan C:\Windows\system32\drivers 22:30:32.226 AVAST engine scan C:\Users\Bastian 22:34:20.490 AVAST engine scan C:\ProgramData 22:35:05.265 Scan finished successfully 22:35:31.254 Disk 0 MBR has been saved successfully to "C:\Users\Bastian\Desktop\MBR.dat" 22:35:31.270 The log file has been saved successfully to "C:\Users\Bastian\Desktop\aswMBR.txt" Bastian |
22.12.2011, 23:01 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. |
64-bit, 7-zip, achtung!, aus sicherheitsgründen wurde ihr windowssystem blockiert, autorun, avira, backdoor.agent, bho, bildschirm, blockiert, c:\windows\system32\rundll32.exe, chdrt64.sys, desktop, device driver, error, excel, fehler, festplatte, firefox, flash player, google, home, igdpmd64.sys, install.exe, internet, lenovo, logfile, microsoft office 2003, microsoft office word, mozilla, nicht gefunden, nicht mehr öffnen, nt.dll, office 2007, plug-in, problem, programm, pwmtr64v.dll, registry, saving, security, server, software, taskmanager, trojan.zbotr.gen, version=1.0, vodafone, webcheck, wurde ihr |