| |
| |||||||
Log-Analyse und Auswertung: Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.02.2012, 08:55
| #1 |
 |  Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. Ich habe versucht, alles so zu befolgen wie es in den Anleitungen steht. Anbei also die Logfiles....Ich habe gerade gemerkt, dass ich keine gmer.txt habe. Muss ich dafür nochmal scannen? DANKE für eure Hilfe!!! Anhang 30083 Anhang 30084[ATTACH]Anhang 30086[/ATTACH][/ATTACH] Geändert von Morgensonne (21.02.2012 um 09:08 Uhr) |
|
21.02.2012, 10:08
| #2 |
| | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. Nachdem ich in anderen Beiträgen gelesen habe, habe ich Malwarebytes runtergeladen und einen Quickscan gemacht. Es gab 2 Funde, die ich entfernt habe. Hier der Report: (user-name wurde durch xy ersetzt)
__________________alwarebytes Anti-Malware 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.02.21.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 neu :: xy [Administrator] 21.02.2012 09:27:08 mbam-log-2012-02-21 (09-27-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 238745 Laufzeit: 12 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\xy\AppData\Local\Temp\0.9763775628601785.exe (Exploit.Drop.2) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\xy\AppData\Roaming\Microsoft\torrent.exe (Backdoor.Messa) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
21.02.2012, 12:08
| #3 |
| | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. So, und da ich ja nicht untätig rumsitzen kann, habe ich weiter in anderen Beiträgen gelesen. Da wurde auch ein kompletter Scan mit Malwarebytes vorgeschlagen, deshalb hab ich das auch noch gemacht. Und wieder gab es 2 Funde. Ich habe sie wieder entfernt. Hier der Report:
__________________Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.21.02 Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 xy :: NB-y[administrator] 21.02.2012 10:19:40 mbam-log-2012-02-21 (10-19-40).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 452740 Time elapsed: 1 hour(s), 30 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl|1 (Malware.Trace) -> Data: @biocpl.dll,-1 -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{328C6518-2901-11DF-A9DB-806E6F6E6963} (Trojan.ZbotR.Gen) -> Data: C:\Users\xy\AppData\Roaming\Microsoft\torrent.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
21.02.2012, 15:16
| #4 |
| |  Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. Liebes Tojaner-Board-Team, ich weiß, ich darf nicht ungeduldig sein. Ich möchte nur wissen, ob mir jemand Bescheid gibt, wenn mir nicht geholfen werden kann oder wenn ich etwas falsch gemacht habe. Ich sitze hier wie auf Kohlen und muss unbedingt eine Lösung finden.  Ich danke euch bereits jetzt vielmals für eure Mühen! Sandra |
|
21.02.2012, 19:25
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.02.2012, 12:50
| #6 |
| | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. Hallo cosinus, danke schon mal! Hier das ESET Ergebnis: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=91894d9a1d91c2489624ba958811c6ed # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-22 11:41:33 # local_time=2012-02-22 12:41:33 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 23538303 23538303 0 0 # compatibility_mode=5893 16776573 100 94 31089 81494148 0 0 # compatibility_mode=8192 67108863 100 0 3834 3834 0 0 # scanned=374992 # found=1 # cleaned=0 # scan_time=47936 C:\Users\sandra.langenberg\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I |
|
22.02.2012, 14:56
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.Zitat:
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2012, 09:24
| #8 |
| | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.Code:
ATTFilter OTL logfile created on: 22.02.2012 15:41:11 - Run 2 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\sandra.langenberg\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,90 Gb Total Physical Memory | 0,69 Gb Available Physical Memory | 36,45% Memory free 3,80 Gb Paging File | 1,99 Gb Available in Paging File | 52,49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 221,95 Gb Total Space | 100,22 Gb Free Space | 45,15% Space Free | Partition Type: NTFS Drive E: | 3,79 Gb Total Space | 3,48 Gb Free Space | 91,81% Space Free | Partition Type: FAT32 Drive Q: | 9,77 Gb Total Space | 2,91 Gb Free Space | 29,82% Space Free | Partition Type: NTFS Computer Name: NB-LANGENBERG | User Name: sandra.langenberg | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\sandra.langenberg\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\sandra.langenberg\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) PRC - C:\Programme\Memeo\AutoBackup\InstantBackup.exe () PRC - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Users\sandra.langenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Utilities\SCHTASK.EXE (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\DTS.exe () PRC - C:\Windows\System32\AtService.exe (AuthenTec, Inc.) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo) PRC - C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) PRC - C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Acronis\TrayMonitor\TrayMonitor.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Agent\agent.exe (Acronis) PRC - C:\Programme\Acronis\BackupAndRecovery\mms.exe (Acronis) PRC - C:\Programme\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis) PRC - C:\Programme\Lenovo\Lenovo Mouse Suite\PelService.exe () PRC - C:\Programme\Lenovo\Lenovo Mouse Suite\PelElvDm.exe () PRC - C:\Programme\Lenovo\Lenovo Mouse Suite\ICO.exe (Primax Electronics Ltd.) PRC - C:\Programme\Join Air\AssistantServices.exe () PRC - C:\Programme\Join Air\UIExec.exe () PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe () PRC - C:\Programme\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE () PRC - C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Messaging\a717cdb44ec0d3238c621efa420a9956\System.Messaging.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\79f80214eded08cc047324ffc7486bb8\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\2c2215e99c21daeec6bf697cf7bcf103\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Programme\Memeo\AutoBackup\de-DE\InstantBackup.resources.dll () MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.UI.dll () MOD - C:\Programme\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll () MOD - C:\Programme\Memeo\AutoBackup\InstantBackup.exe () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\ThinkPad\Utilities\GR\PWMRT32V.DLL () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () MOD - C:\Programme\Memeo\AutoBackup\sqlite3.dll () MOD - C:\Programme\Memeo\AutoBackup\Mono.Nat.dll () MOD - C:\Programme\Common Files\Memeo\ProfMan.dll () MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\Join Air\UIExec.exe () MOD - C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe () MOD - C:\Programme\Lenovo\Lenovo Mouse Suite\FSRremoS.EXE () ========== Win32 Services (SafeList) ========== SRV - (ApRunSvc) -- File not found SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll () SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (MemeoBackgroundService) -- C:\Programme\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (TGCM_ImportWiFiSvc) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica) SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (DozeSvc) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.) SRV - (PwmEWSvc) -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo) SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited) SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (dtsvc) -- C:\Windows\System32\DTS.exe () SRV - (ADMonitor) -- C:\Windows\System32\ADMonitor.exe () SRV - (ATService) -- C:\Windows\System32\AtService.exe (AuthenTec, Inc.) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited) SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo) SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (AcronisAgent) -- C:\Program Files\Common Files\Acronis\Agent\agent.exe (Acronis) SRV - (MMS) -- C:\Program Files\Acronis\BackupAndRecovery\mms.exe (Acronis) SRV - (PelService) -- C:\Programme\Lenovo\Lenovo Mouse Suite\PelService.exe () SRV - (UI Assistant Service) -- C:\Programme\Join Air\AssistantServices.exe () SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (RoxMediaDB10) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) SRV - (Lexware_Professional_Datenbank) -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (AdobeActiveFileMonitor5.0) -- C:\Programme\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (DozeHDD) -- C:\Windows\System32\DRIVERS\DozeHDD.sys (Lenovo.) DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS (Lenovo Group Limited) DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (NETwNs32) ___ Intel(R) -- C:\Windows\System32\drivers\NETwNs32.sys (Intel Corporation) DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (PCDSRVC{C4B36920-79E24793-06000000}_0) -- c:\Programme\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) DRV - (pelmoubt) -- C:\Windows\System32\drivers\PELMOUBT.SYS (Primax Electronics Ltd.) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (DgiVecp) -- C:\Windows\System32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (pelbtm) -- C:\Windows\System32\drivers\PELBTM.SYS (Primax Electronics Ltd.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f47c9e9a000000000000506313cb584d&tlver=1.4.19.19&ss=1&affID=17395 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\URLSearchHook: {26647ca4-a2a7-4eac-8a72-761aa9141de7} - No CLSID value found IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421; ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..network.proxy.no_proxies_on: "*.local,127.0.0.1:9421," FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/CCBPL: C:\Program Files\Canon\APU\npCCBPLFirefox.dll (Canon Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.02 20:26:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.17 14:21:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.06.02 20:26:52 | 000,000,000 | ---D | M] [2012.01.26 15:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sandra.langenberg\AppData\Roaming\mozilla\Extensions [2012.02.03 15:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.02.17 14:21:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.28 10:43:32 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.12.21 06:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found. O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Common Files\Acronis\Timounter\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe () O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupAndRecoveryMonitor.exe] C:\Programme\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe (Acronis) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [Daemon for Mouse Suite] C:\Programme\Lenovo\Lenovo Mouse Suite\ICO.exe (Primax Electronics Ltd.) O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4 - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.) O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [Mouse Suite 98 Daemon] ICO.EXE File not found O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [TrayMonitor.exe] C:\Programme\Acronis\TrayMonitor\TrayMonitor.exe (Acronis) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe () O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1003..\Run: [Akamai NetSession Interface] C:\Users\sandra.langenberg\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1003..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1003..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1003..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.) O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1007..\RunOnce: [] File not found O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1007..\RunOnce: [Lenovoautoqdrive] C:\Programme\Common Files\Lenovo\LenovoDrive\LenovoAutoRunReg.exe () O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sandra.langenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sandra.langenberg\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.de/s/v/66.31/uploader2.cab (UploadListView Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {A6616B31-4860-41E2-98E3-CA7649AF172F} file:///E:/launch.ocx (Launch Control) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CA03AFC-267D-415E-8CD1-D7C081329D45}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF51C740-5744-4219-B228-06167F4C9AEA}: DhcpNameServer = 10.1.10.10 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - Unable to obtain root file information for disk Q:\ O33 - MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\Shell - "" = AutoRun O33 - MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O33 - MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\Shell - "" = AutoRun O33 - MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.22 15:33:27 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\sandra.langenberg\Desktop\OTL.exe [2012.02.21 23:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.21 14:29:32 | 002,322,184 | ---- | C] (ESET) -- C:\Users\sandra.langenberg\Desktop\esetsmartinstaller_enu.exe [2012.02.21 10:17:47 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\AppData\Roaming\Malwarebytes [2012.02.21 09:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.21 09:25:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.02.21 09:25:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.21 09:25:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.07 11:35:08 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\Documents\Torte [2012.02.03 19:31:24 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\Documents\HP Photosmart Projects [2012.01.31 20:49:27 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\Documents\Outlook-Dateien [2012.01.31 09:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.01.31 09:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.01.31 09:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.01.27 13:41:19 | 000,000,000 | -H-D | C] -- C:\Users\sandra.langenberg\Desktop\.picasaoriginals [2012.01.26 20:09:02 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\AppData\Roaming\OpenOffice.org [2012.01.26 19:47:02 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3 [2012.01.26 19:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3 [2012.01.26 19:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\licenses [2012.01.26 19:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\readmes [2012.01.26 19:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\redist [2012.01.26 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\AppData\Roaming\Mozilla [2012.01.26 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\sandra.langenberg\AppData\Local\Mozilla [2 C:\Users\sandra.langenberg\Documents\*.tmp files -> C:\Users\sandra.langenberg\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\sandra.langenberg\Desktop\*.tmp files -> C:\Users\sandra.langenberg\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.22 15:41:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.22 15:33:42 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\sandra.langenberg\Desktop\OTL.exe [2012.02.22 15:32:06 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.22 15:32:06 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.22 15:32:06 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.22 15:32:06 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.22 15:30:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.22 09:41:06 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.22 08:46:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2012.02.21 23:21:07 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.21 23:21:07 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.21 23:11:43 | 1528,848,384 | -HS- | M] () -- C:\hiberfil.sys [2012.02.21 14:29:37 | 002,322,184 | ---- | M] (ESET) -- C:\Users\sandra.langenberg\Desktop\esetsmartinstaller_enu.exe [2012.02.21 09:25:21 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.21 07:04:10 | 543,761,876 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.02.21 01:16:25 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012.02.20 22:40:55 | 000,001,317 | ---- | M] () -- C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2012.02.17 16:48:53 | 001,585,268 | ---- | M] () -- C:\Users\sandra.langenberg\Desktop\maria0001.pdf [2012.02.17 16:24:44 | 008,866,678 | ---- | M] () -- C:\Users\sandra.langenberg\Documents\MariaStuart0001.pdf [2012.02.17 16:24:44 | 008,866,678 | ---- | M] () -- C:\Users\sandra.langenberg\Desktop\MariaStuart0001.pdf [2012.02.17 08:59:18 | 000,486,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.15 11:54:09 | 000,546,533 | ---- | M] () -- C:\Users\sandra.langenberg\Documents\Bestellformular_Fotos .pdf [2012.01.31 09:31:56 | 000,001,764 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.26 20:10:38 | 000,002,308 | ---- | M] () -- C:\Users\sandra.langenberg\Documents\Neue Datenbank.odb [2012.01.26 20:09:41 | 000,001,200 | ---- | M] () -- C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012.01.26 19:47:11 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2012.01.26 15:09:55 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2 C:\Users\sandra.langenberg\Documents\*.tmp files -> C:\Users\sandra.langenberg\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\sandra.langenberg\Desktop\*.tmp files -> C:\Users\sandra.langenberg\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.21 09:25:21 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.17 18:08:50 | 008,866,678 | ---- | C] () -- C:\Users\sandra.langenberg\Documents\MariaStuart0001.pdf [2012.02.17 16:48:53 | 001,585,268 | ---- | C] () -- C:\Users\sandra.langenberg\Desktop\maria0001.pdf [2012.02.17 16:24:44 | 008,866,678 | ---- | C] () -- C:\Users\sandra.langenberg\Desktop\MariaStuart0001.pdf [2012.02.15 11:54:08 | 000,546,533 | ---- | C] () -- C:\Users\sandra.langenberg\Documents\Bestellformular_Fotos .pdf [2012.01.31 09:31:56 | 000,001,764 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.01.26 20:10:18 | 000,002,308 | ---- | C] () -- C:\Users\sandra.langenberg\Documents\Neue Datenbank.odb [2012.01.26 20:09:41 | 000,001,200 | ---- | C] () -- C:\Users\sandra.langenberg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012.01.26 19:47:11 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk [2012.01.26 15:09:55 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.01.26 15:09:54 | 000,001,115 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.11.21 14:29:52 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll [2011.11.21 14:29:51 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe [2011.11.21 14:29:51 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe [2011.07.13 17:04:39 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll [2011.07.13 17:04:39 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll [2011.07.13 17:04:38 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011.07.13 17:04:35 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011.06.07 08:57:35 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.06.02 20:16:58 | 000,181,150 | ---- | C] () -- C:\Windows\hpoins32.dat [2011.06.02 20:16:58 | 000,000,850 | ---- | C] () -- C:\Windows\hpomdl32.dat [2011.05.13 09:04:16 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll [2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2011.01.29 21:31:59 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.01.21 08:37:20 | 000,000,147 | ---- | C] () -- C:\Windows\ODBC.INI [2011.01.19 12:34:42 | 003,003,392 | ---- | C] () -- C:\Program Files\openofficeorg33.msi [2011.01.19 12:33:04 | 000,475,016 | ---- | C] () -- C:\Program Files\setup.exe [2011.01.19 12:30:10 | 142,700,671 | ---- | C] () -- C:\Program Files\openofficeorg1.cab [2011.01.19 11:15:26 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini [2010.10.21 02:07:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DTS.exe [2010.10.21 02:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ADMonitor.exe [2010.08.31 08:29:13 | 000,016,931 | ---- | C] () -- C:\Windows\LxFrame.ini [2010.06.28 08:15:57 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2010.06.28 08:15:20 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll [2010.05.06 14:14:52 | 000,000,000 | ---- | C] () -- C:\Users\sandra.langenberg\AppData\Local\rx_image32.Cache [2010.04.19 10:15:40 | 000,005,632 | ---- | C] () -- C:\Users\sandra.langenberg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.11 11:12:06 | 000,022,723 | ---- | C] () -- C:\Windows\System32\CLPA1l3.DLL [2010.04.01 09:34:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.06 19:13:34 | 000,657,676 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.03.06 19:13:34 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.03.06 19:13:34 | 000,131,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.03.06 19:13:34 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.03.06 19:08:03 | 003,486,208 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.03.06 19:08:03 | 000,232,448 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.03.06 19:08:03 | 000,196,608 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2010.03.06 19:08:03 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.03.06 19:08:03 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.03.06 10:30:26 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.03.06 10:30:26 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.03.06 10:30:26 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2010.03.06 10:30:26 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin ========== LOP Check ========== [2012.02.21 07:51:11 | 000,000,000 | ---D | M] -- C:\Users\neu\AppData\Roaming\Lexware [2012.02.21 01:12:03 | 000,000,000 | ---D | M] -- C:\Users\neu\AppData\Roaming\Memeo [2012.02.21 08:12:39 | 000,000,000 | ---D | M] -- C:\Users\neu\AppData\Roaming\PwrMgr [2010.04.13 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Acronis [2011.07.13 17:18:56 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\CachedFiles [2010.05.10 09:33:16 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Canon [2010.05.11 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\DataDesign [2012.02.22 15:50:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Dropbox [2011.01.30 20:40:21 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.26 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\elsterformular [2010.09.10 19:07:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\FileZilla [2011.01.24 15:48:19 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\GetRightToGo [2011.01.29 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\GMX [2010.10.14 17:16:06 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\InterVideo [2010.04.12 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\julitec [2010.08.31 09:17:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Lexware [2011.12.02 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Memeo [2010.06.30 21:01:03 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Nokia [2010.04.16 07:46:33 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Nokia Ovi Suite [2012.01.26 20:09:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\OpenOffice.org [2011.11.08 11:22:56 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Opera [2010.03.30 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\OPHM [2010.04.16 07:46:17 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\PC Suite [2011.07.14 16:58:14 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\PwrMgr [2011.02.25 13:14:06 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\TeamViewer [2011.12.28 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Telefónica [2011.12.28 16:37:40 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\TGCMLog [2010.11.11 14:45:18 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1 [2012.01.16 11:05:34 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job [2011.11.02 09:54:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.02.22 08:46:08 | 000,000,340 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.04.13 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Acronis [2011.06.16 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Adobe [2012.01.19 13:44:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Apple Computer [2011.05.25 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Avira [2011.07.13 17:18:56 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\CachedFiles [2010.05.10 09:33:16 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Canon [2010.05.11 18:42:54 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\DataDesign [2012.02.22 15:50:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Dropbox [2011.01.30 20:40:21 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.26 19:13:38 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\elsterformular [2010.09.10 19:07:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\FileZilla [2011.01.24 15:48:19 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\GetRightToGo [2011.01.29 18:05:11 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\GMX [2010.04.01 11:21:46 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Google [2011.06.02 20:29:22 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\HP [2012.01.11 12:23:23 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\HpUpdate [2010.03.30 11:50:32 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Identities [2010.03.30 12:44:12 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\InstallShield [2010.03.30 11:56:59 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Intel [2010.10.14 17:16:06 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\InterVideo [2010.04.12 13:02:30 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\julitec [2010.08.31 09:17:34 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Lexware [2010.03.30 11:58:28 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Macromedia [2012.02.21 10:17:47 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Malwarebytes [2009.07.21 12:47:43 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Media Center Programs [2011.12.02 12:07:35 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Memeo [2012.02.21 09:40:58 | 000,000,000 | --SD | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Microsoft [2012.01.26 15:13:42 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Mozilla [2010.06.30 21:01:03 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Nokia [2010.04.16 07:46:33 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Nokia Ovi Suite [2012.01.26 20:09:02 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\OpenOffice.org [2011.11.08 11:22:56 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Opera [2010.03.30 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\OPHM [2010.04.16 07:46:17 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\PC Suite [2011.07.14 16:58:14 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\PwrMgr [2010.05.06 14:14:31 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Roxio [2012.02.22 15:31:49 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Skype [2011.07.20 09:06:08 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\skypePM [2011.02.25 13:14:06 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\TeamViewer [2011.12.28 16:37:41 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Telefónica [2011.12.28 16:37:40 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\TGCMLog [2011.06.02 20:27:18 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Yahoo! [2010.11.11 14:45:18 | 000,000,000 | ---D | M] -- C:\Users\sandra.langenberg\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1 < %APPDATA%\*.exe /s > [2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\sandra.langenberg\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.05.25 21:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\sandra.langenberg\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.11.16 11:20:32 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\sandra.langenberg\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.08.06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys [2009.08.06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys [2009.08.06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1e7c6170b79c26b\iaStor.sys [2009.08.06 21:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_b3c2248a17d99099\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2010.03.06 19:16:05 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe [2010.03.06 19:16:05 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2011.05.19 10:28:56 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll < End of report> |
|
23.02.2012, 12:22
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local,127.0.0.1:9421,"
[2011.03.28 10:43:32 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {26647CA4-A2A7-4EAC-8A72-761AA9141DE7} - No CLSID value found.
O3 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-122105967-2606870672-40869185-1007..\RunOnce: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\Shell - "" = AutoRun
O33 - MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2009.08.10 22:01:24 | 000,267,576 | -HS- | M] (Lenovo Group Limited)
O33 - MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\Shell - "" = AutoRun
O33 - MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Install.exe
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2012, 13:02
| #10 |
| | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: "*.local,127.0.0.1:9421," removed from network.proxy.no_proxies_on
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Programme\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26647CA4-A2A7-4EAC-8A72-761AA9141DE7}\ not found.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1007\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCAD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-122105967-2606870672-40869185-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisallowCpl deleted successfully.
C:\autoexec.bat moved successfully.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b119e6-313f-11e1-9b44-506313cb584d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10b119e6-313f-11e1-9b44-506313cb584d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10b119e6-313f-11e1-9b44-506313cb584d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328c6519-2901-11df-a9db-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{328c6519-2901-11df-a9db-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{328c6519-2901-11df-a9db-806e6f6e6963}\ not found.
Q:\LenovoQDrive.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7872727d-316d-11e1-9a8f-506313cb584d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7872727d-316d-11e1-9a8f-506313cb584d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7872727d-316d-11e1-9a8f-506313cb584d}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\Install.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Acronis Agent User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: neu
->Temp folder emptied: 1338073 bytes
->Temporary Internet Files folder emptied: 223237 bytes
->FireFox cache emptied: 54071124 bytes
->Apple Safari cache emptied: 3315712 bytes
->Flash cache emptied: 56931 bytes
User: Public
User: sandra.langenberg
->Temp folder emptied: 232139722 bytes
->Temporary Internet Files folder emptied: 1667782149 bytes
->Java cache emptied: 27044644 bytes
->FireFox cache emptied: 76347840 bytes
->Apple Safari cache emptied: 85085184 bytes
->Flash cache emptied: 60582 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 425407053 bytes
RecycleBin emptied: 3265506953 bytes
Total Files Cleaned = 5.568,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.33.2 log created on 02232012_124508
Files\Folders moved on Reboot...
File\Folder C:\Users\sandra.langenberg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\22ASCS48\Angebot 27 5. not found!
File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
23.02.2012, 13:26
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2012, 15:12
| #12 |
| | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.Code:
ATTFilter 13:33:18.0116 5016 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:33:18.0595 5016 ============================================================
13:33:18.0595 5016 Current date / time: 2012/02/23 13:33:18.0595
13:33:18.0595 5016 SystemInfo:
13:33:18.0595 5016
13:33:18.0595 5016 OS Version: 6.1.7601 ServicePack: 1.0
13:33:18.0595 5016 Product type: Workstation
13:33:18.0595 5016 ComputerName: NB-LANGENBERG
13:33:18.0595 5016 UserName: sandra.langenberg
13:33:18.0595 5016 Windows directory: C:\Windows
13:33:18.0595 5016 System windows directory: C:\Windows
13:33:18.0595 5016 Processor architecture: Intel x86
13:33:18.0595 5016 Number of processors: 2
13:33:18.0595 5016 Page size: 0x1000
13:33:18.0595 5016 Boot type: Normal boot
13:33:18.0595 5016 ============================================================
13:33:19.0346 5016 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
13:33:19.0349 5016 \Device\Harddisk0\DR0:
13:33:19.0349 5016 MBR used
13:33:19.0349 5016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
13:33:19.0349 5016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x1BBE47F8
13:33:19.0349 5016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BE3D000, BlocksNum 0x1388000
13:33:19.0500 5016 Initialize success
13:33:19.0500 5016 ============================================================
13:35:54.0457 6324 ============================================================
13:35:54.0457 6324 Scan started
13:35:54.0457 6324 Mode: Manual;
13:35:54.0457 6324 ============================================================
13:35:56.0938 6324 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
13:35:56.0938 6324 1394ohci - ok
13:35:56.0985 6324 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
13:35:57.0000 6324 ACPI - ok
13:35:57.0047 6324 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
13:35:57.0047 6324 AcpiPmi - ok
13:35:57.0281 6324 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:35:57.0281 6324 adp94xx - ok
13:35:57.0312 6324 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:35:57.0328 6324 adpahci - ok
13:35:57.0359 6324 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:35:57.0359 6324 adpu320 - ok
13:35:57.0453 6324 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
13:35:57.0453 6324 AFD - ok
13:35:57.0515 6324 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
13:35:57.0515 6324 agp440 - ok
13:35:57.0562 6324 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:35:57.0562 6324 aic78xx - ok
13:35:57.0733 6324 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
13:35:57.0749 6324 aliide - ok
13:35:57.0796 6324 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
13:35:57.0796 6324 amdagp - ok
13:35:57.0843 6324 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
13:35:57.0843 6324 amdide - ok
13:35:57.0874 6324 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:35:57.0874 6324 AmdK8 - ok
13:35:57.0905 6324 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:35:57.0905 6324 AmdPPM - ok
13:35:57.0967 6324 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
13:35:57.0967 6324 amdsata - ok
13:35:58.0014 6324 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:35:58.0014 6324 amdsbs - ok
13:35:58.0030 6324 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
13:35:58.0030 6324 amdxata - ok
13:35:58.0233 6324 ApfiltrService (4526b5c48f44aa1a2ad9abb0a4635f70) C:\Windows\system32\DRIVERS\Apfiltr.sys
13:35:58.0248 6324 ApfiltrService - ok
13:35:58.0311 6324 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
13:35:58.0311 6324 AppID - ok
13:35:58.0451 6324 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:35:58.0451 6324 arc - ok
13:35:58.0467 6324 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:35:58.0482 6324 arcsas - ok
13:35:58.0513 6324 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:35:58.0513 6324 AsyncMac - ok
13:35:58.0576 6324 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
13:35:58.0591 6324 atapi - ok
13:35:58.0669 6324 ATSwpWDF (51d379db1c53c2a55fdf9372e748e5c7) C:\Windows\system32\Drivers\ATSwpWDF.sys
13:35:58.0685 6324 ATSwpWDF - ok
13:35:58.0825 6324 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
13:35:58.0825 6324 avgntflt - ok
13:35:58.0903 6324 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
13:35:58.0903 6324 avipbb - ok
13:35:59.0028 6324 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:35:59.0044 6324 b06bdrv - ok
13:35:59.0091 6324 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:35:59.0091 6324 b57nd60x - ok
13:35:59.0247 6324 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:35:59.0247 6324 Beep - ok
13:35:59.0434 6324 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:35:59.0449 6324 blbdrive - ok
13:36:00.0058 6324 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
13:36:00.0058 6324 bowser - ok
13:36:00.0261 6324 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:36:00.0261 6324 BrFiltLo - ok
13:36:00.0354 6324 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:36:00.0354 6324 BrFiltUp - ok
13:36:00.0417 6324 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:36:00.0417 6324 Brserid - ok
13:36:00.0463 6324 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:36:00.0463 6324 BrSerWdm - ok
13:36:00.0495 6324 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:36:00.0495 6324 BrUsbMdm - ok
13:36:00.0541 6324 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:36:00.0541 6324 BrUsbSer - ok
13:36:00.0604 6324 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
13:36:00.0604 6324 BthEnum - ok
13:36:00.0635 6324 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:36:00.0651 6324 BTHMODEM - ok
13:36:00.0666 6324 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
13:36:00.0682 6324 BthPan - ok
13:36:00.0729 6324 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
13:36:00.0744 6324 BTHPORT - ok
13:36:00.0963 6324 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
13:36:00.0963 6324 BTHUSB - ok
13:36:01.0041 6324 btusbflt (dd5361cf05025bd61a5d0115ecc2566f) C:\Windows\system32\drivers\btusbflt.sys
13:36:01.0056 6324 btusbflt - ok
13:36:01.0134 6324 btwaudio (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys
13:36:01.0150 6324 btwaudio - ok
13:36:01.0197 6324 btwavdt (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\DRIVERS\btwavdt.sys
13:36:01.0197 6324 btwavdt - ok
13:36:01.0290 6324 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
13:36:01.0290 6324 btwl2cap - ok
13:36:01.0337 6324 btwrchid (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys
13:36:01.0337 6324 btwrchid - ok
13:36:01.0399 6324 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:36:01.0415 6324 cdfs - ok
13:36:01.0493 6324 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
13:36:01.0509 6324 cdrom - ok
13:36:01.0602 6324 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:36:01.0602 6324 circlass - ok
13:36:01.0649 6324 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:36:01.0649 6324 CLFS - ok
13:36:01.0727 6324 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:36:01.0727 6324 CmBatt - ok
13:36:01.0805 6324 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
13:36:01.0805 6324 cmdide - ok
13:36:01.0867 6324 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
13:36:01.0867 6324 CNG - ok
13:36:01.0977 6324 CnxtHdAudService (726803d911045d283509d3cdd91d8e52) C:\Windows\system32\drivers\CHDRT32.sys
13:36:01.0992 6324 CnxtHdAudService - ok
13:36:02.0039 6324 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:36:02.0039 6324 Compbatt - ok
13:36:02.0133 6324 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
13:36:02.0133 6324 CompositeBus - ok
13:36:02.0195 6324 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:36:02.0195 6324 crcdisk - ok
13:36:02.0335 6324 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
13:36:02.0460 6324 CSC - ok
13:36:02.0569 6324 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
13:36:02.0585 6324 DfsC - ok
13:36:02.0632 6324 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\Windows\system32\Drivers\DgiVecp.sys
13:36:02.0632 6324 DgiVecp - ok
13:36:02.0694 6324 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:36:02.0694 6324 discache - ok
13:36:02.0772 6324 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:36:02.0772 6324 Disk - ok
13:36:02.0866 6324 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
13:36:02.0866 6324 Dot4 - ok
13:36:02.0944 6324 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
13:36:02.0944 6324 Dot4Print - ok
13:36:03.0022 6324 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
13:36:03.0022 6324 dot4usb - ok
13:36:03.0084 6324 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
13:36:03.0084 6324 DozeHDD - ok
13:36:03.0115 6324 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:36:03.0115 6324 drmkaud - ok
13:36:03.0209 6324 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
13:36:03.0225 6324 DXGKrnl - ok
13:36:03.0381 6324 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:36:03.0630 6324 ebdrv - ok
13:36:03.0771 6324 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:36:03.0786 6324 elxstor - ok
13:36:03.0833 6324 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
13:36:03.0833 6324 ErrDev - ok
13:36:04.0005 6324 ewusbnet (5b250a1be34d4fde35287eec297104a7) C:\Windows\system32\DRIVERS\ewusbnet.sys
13:36:04.0005 6324 ewusbnet - ok
13:36:04.0036 6324 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
13:36:04.0036 6324 ew_hwusbdev - ok
13:36:04.0083 6324 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:36:04.0083 6324 exfat - ok
13:36:04.0114 6324 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:36:04.0114 6324 fastfat - ok
13:36:04.0161 6324 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:36:04.0161 6324 fdc - ok
13:36:04.0192 6324 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:36:04.0192 6324 FileInfo - ok
13:36:04.0223 6324 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:36:04.0223 6324 Filetrace - ok
13:36:04.0254 6324 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:04.0254 6324 flpydisk - ok
13:36:04.0301 6324 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:36:04.0301 6324 FltMgr - ok
13:36:04.0332 6324 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:36:04.0332 6324 FsDepends - ok
13:36:04.0348 6324 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:36:04.0348 6324 Fs_Rec - ok
13:36:04.0426 6324 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
13:36:04.0426 6324 fvevol - ok
13:36:04.0504 6324 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:36:04.0504 6324 gagp30kx - ok
13:36:04.0566 6324 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:36:04.0566 6324 GEARAspiWDM - ok
13:36:04.0660 6324 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:36:04.0660 6324 hcw85cir - ok
13:36:04.0738 6324 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
13:36:04.0738 6324 HdAudAddService - ok
13:36:04.0800 6324 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
13:36:04.0816 6324 HDAudBus - ok
13:36:04.0909 6324 HECI (30d57ee84e1e169d41a6e873b549a096) C:\Windows\system32\DRIVERS\HECI.sys
13:36:04.0909 6324 HECI - ok
13:36:04.0941 6324 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:36:04.0941 6324 HidBatt - ok
13:36:04.0972 6324 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:36:04.0972 6324 HidBth - ok
13:36:05.0003 6324 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:36:05.0019 6324 HidIr - ok
13:36:05.0159 6324 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
13:36:05.0159 6324 HidUsb - ok
13:36:05.0268 6324 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
13:36:05.0268 6324 HpSAMD - ok
13:36:05.0346 6324 HSF_DPV (c761b4a8391f5e47f7c51a691ce773f4) C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:36:05.0377 6324 HSF_DPV - ok
13:36:05.0424 6324 HSXHWAZL (50b42ef358a2e5363be6b77138a22391) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:36:05.0424 6324 HSXHWAZL - ok
13:36:05.0518 6324 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
13:36:05.0533 6324 HTTP - ok
13:36:05.0596 6324 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
13:36:05.0596 6324 huawei_enumerator - ok
13:36:05.0658 6324 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:36:05.0658 6324 hwdatacard - ok
13:36:05.0721 6324 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
13:36:05.0721 6324 hwpolicy - ok
13:36:05.0861 6324 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
13:36:05.0861 6324 i8042prt - ok
13:36:05.0939 6324 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
13:36:05.0955 6324 iaStor - ok
13:36:06.0017 6324 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
13:36:06.0017 6324 iaStorV - ok
13:36:06.0079 6324 IBMPMDRV (fa3d0a6da7bb7968efe5c5bc267f0e55) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
13:36:06.0079 6324 IBMPMDRV - ok
13:36:06.0282 6324 igfx (a70c995199a47f326eef4f9f5e6267a1) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:36:06.0454 6324 igfx - ok
13:36:06.0532 6324 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:36:06.0532 6324 iirsp - ok
13:36:06.0594 6324 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
13:36:06.0594 6324 intelide - ok
13:36:06.0625 6324 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:36:06.0641 6324 intelppm - ok
13:36:06.0672 6324 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:06.0688 6324 IpFilterDriver - ok
13:36:06.0750 6324 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
13:36:06.0750 6324 IPMIDRV - ok
13:36:06.0813 6324 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:36:06.0813 6324 IPNAT - ok
13:36:06.0875 6324 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:36:06.0875 6324 IRENUM - ok
13:36:06.0922 6324 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
13:36:06.0922 6324 isapnp - ok
13:36:06.0953 6324 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
13:36:06.0984 6324 iScsiPrt - ok
13:36:07.0109 6324 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
13:36:07.0109 6324 kbdclass - ok
13:36:07.0156 6324 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
13:36:07.0171 6324 kbdhid - ok
13:36:07.0234 6324 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
13:36:07.0234 6324 KSecDD - ok
13:36:07.0296 6324 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
13:36:07.0296 6324 KSecPkg - ok
13:36:07.0374 6324 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
13:36:07.0374 6324 lenovo.smi - ok
13:36:07.0546 6324 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:36:07.0546 6324 lltdio - ok
13:36:07.0577 6324 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:36:07.0593 6324 LSI_FC - ok
13:36:07.0608 6324 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:36:07.0608 6324 LSI_SAS - ok
13:36:07.0639 6324 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:36:07.0639 6324 LSI_SAS2 - ok
13:36:07.0671 6324 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:36:07.0671 6324 LSI_SCSI - ok
13:36:07.0702 6324 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:36:07.0717 6324 luafv - ok
13:36:07.0764 6324 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys
13:36:07.0780 6324 massfilter - ok
13:36:07.0827 6324 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:36:07.0827 6324 mdmxsdk - ok
13:36:07.0873 6324 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:36:07.0873 6324 megasas - ok
13:36:07.0905 6324 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:36:07.0905 6324 MegaSR - ok
13:36:08.0029 6324 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:36:08.0029 6324 Modem - ok
13:36:08.0076 6324 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:36:08.0076 6324 monitor - ok
13:36:08.0123 6324 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
13:36:08.0139 6324 mouclass - ok
13:36:08.0154 6324 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:36:08.0170 6324 mouhid - ok
13:36:08.0217 6324 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
13:36:08.0217 6324 mountmgr - ok
13:36:08.0248 6324 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
13:36:08.0263 6324 mpio - ok
13:36:08.0279 6324 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:36:08.0279 6324 mpsdrv - ok
13:36:08.0326 6324 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
13:36:08.0341 6324 MRxDAV - ok
13:36:08.0388 6324 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:08.0404 6324 mrxsmb - ok
13:36:08.0451 6324 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:08.0451 6324 mrxsmb10 - ok
13:36:08.0466 6324 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:08.0482 6324 mrxsmb20 - ok
13:36:08.0513 6324 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
13:36:08.0513 6324 msahci - ok
13:36:08.0575 6324 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
13:36:08.0575 6324 msdsm - ok
13:36:08.0622 6324 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:36:08.0638 6324 Msfs - ok
13:36:08.0653 6324 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:36:08.0653 6324 mshidkmdf - ok
13:36:08.0700 6324 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
13:36:08.0700 6324 msisadrv - ok
13:36:08.0731 6324 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:36:08.0731 6324 MSKSSRV - ok
13:36:08.0763 6324 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:08.0763 6324 MSPCLOCK - ok
13:36:08.0778 6324 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:36:08.0778 6324 MSPQM - ok
13:36:08.0825 6324 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:36:08.0825 6324 MsRPC - ok
13:36:08.0856 6324 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
13:36:08.0856 6324 mssmbios - ok
13:36:08.0872 6324 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:36:08.0872 6324 MSTEE - ok
13:36:08.0903 6324 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:36:08.0903 6324 MTConfig - ok
13:36:08.0934 6324 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:36:08.0934 6324 Mup - ok
13:36:08.0981 6324 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:36:08.0997 6324 NativeWifiP - ok
13:36:09.0059 6324 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
13:36:09.0090 6324 NDIS - ok
13:36:09.0121 6324 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:36:09.0121 6324 NdisCap - ok
13:36:09.0168 6324 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:09.0168 6324 NdisTapi - ok
13:36:09.0231 6324 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:09.0231 6324 Ndisuio - ok
13:36:09.0277 6324 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:09.0277 6324 NdisWan - ok
13:36:09.0340 6324 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
13:36:09.0340 6324 NDProxy - ok
13:36:09.0402 6324 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:36:09.0418 6324 NetBIOS - ok
13:36:09.0465 6324 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
13:36:09.0465 6324 NetBT - ok
13:36:09.0667 6324 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
13:36:09.0808 6324 NETw5s32 - ok
13:36:09.0933 6324 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
13:36:10.0042 6324 netw5v32 - ok
13:36:10.0307 6324 NETwNs32 (83553135ad346d247c482f1b8aca921f) C:\Windows\system32\DRIVERS\NETwNs32.sys
13:36:10.0463 6324 NETwNs32 - ok
13:36:10.0510 6324 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:36:10.0525 6324 nfrd960 - ok
13:36:10.0557 6324 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:36:10.0557 6324 Npfs - ok
13:36:10.0588 6324 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:36:10.0588 6324 nsiproxy - ok
13:36:10.0666 6324 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
13:36:10.0713 6324 Ntfs - ok
13:36:10.0728 6324 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:36:10.0728 6324 Null - ok
13:36:10.0806 6324 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
13:36:10.0822 6324 nvraid - ok
13:36:10.0869 6324 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
13:36:10.0869 6324 nvstor - ok
13:36:10.0931 6324 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
13:36:10.0931 6324 nv_agp - ok
13:36:10.0962 6324 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
13:36:10.0962 6324 ohci1394 - ok
13:36:11.0103 6324 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:36:11.0118 6324 Parport - ok
13:36:11.0165 6324 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
13:36:11.0165 6324 partmgr - ok
13:36:11.0196 6324 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:36:11.0196 6324 Parvdm - ok
13:36:11.0259 6324 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:36:11.0259 6324 pccsmcfd - ok
13:36:11.0368 6324 PCDSRVC{C4B36920-79E24793-06000000}_0 (a88f42ad20418620d08a13ad1a70c083) c:\progra~1\pc-doc~1\pcdsrvc.pkms
13:36:11.0820 6324 PCDSRVC{C4B36920-79E24793-06000000}_0 - ok
13:36:11.0914 6324 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
13:36:11.0914 6324 pci - ok
13:36:11.0961 6324 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
13:36:11.0976 6324 pciide - ok
13:36:12.0007 6324 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:36:12.0023 6324 pcmcia - ok
13:36:12.0039 6324 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:36:12.0054 6324 pcw - ok
13:36:12.0085 6324 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:36:12.0101 6324 PEAUTH - ok
13:36:12.0148 6324 pelbtm (9246f6089b874d7499e8a3352283da13) C:\Windows\system32\DRIVERS\pelbtm.sys
13:36:12.0148 6324 pelbtm - ok
13:36:12.0179 6324 pelmoubt (6c5d87fdbf7f8bebac5901ce629ad73d) C:\Windows\system32\DRIVERS\pelmoubt.sys
13:36:12.0179 6324 pelmoubt - ok
13:36:12.0335 6324 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:36:12.0335 6324 PptpMiniport - ok
13:36:12.0366 6324 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:36:12.0366 6324 Processor - ok
13:36:12.0429 6324 psadd (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
13:36:12.0429 6324 psadd - ok
13:36:12.0460 6324 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:36:12.0475 6324 Psched - ok
13:36:12.0522 6324 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
13:36:12.0522 6324 PxHelp20 - ok
13:36:12.0585 6324 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:36:12.0647 6324 ql2300 - ok
13:36:12.0678 6324 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:36:12.0678 6324 ql40xx - ok
13:36:12.0709 6324 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:36:12.0709 6324 QWAVEdrv - ok
13:36:12.0741 6324 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:36:12.0741 6324 RasAcd - ok
13:36:12.0772 6324 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:36:12.0787 6324 RasAgileVpn - ok
13:36:12.0803 6324 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:12.0803 6324 Rasl2tp - ok
13:36:12.0850 6324 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:12.0850 6324 RasPppoe - ok
13:36:12.0881 6324 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:36:12.0881 6324 RasSstp - ok
13:36:12.0928 6324 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
13:36:12.0928 6324 rdbss - ok
13:36:12.0959 6324 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:36:12.0959 6324 rdpbus - ok
13:36:13.0006 6324 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:13.0006 6324 RDPCDD - ok
13:36:13.0037 6324 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
13:36:13.0053 6324 RDPDR - ok
13:36:13.0084 6324 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:36:13.0084 6324 RDPENCDD - ok
13:36:13.0115 6324 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:36:13.0115 6324 RDPREFMP - ok
13:36:13.0177 6324 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
13:36:13.0193 6324 RDPWD - ok
13:36:13.0255 6324 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
13:36:13.0255 6324 rdyboost - ok
13:36:13.0302 6324 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
13:36:13.0318 6324 regi - ok
13:36:13.0365 6324 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
13:36:13.0380 6324 RFCOMM - ok
13:36:13.0411 6324 rimmptsk (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
13:36:13.0411 6324 rimmptsk - ok
13:36:13.0443 6324 rimsptsk (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys
13:36:13.0443 6324 rimsptsk - ok
13:36:13.0458 6324 rismxdp (3f400c3ccd0818858602ddb37b5de719) C:\Windows\system32\DRIVERS\rixdptsk.sys
13:36:13.0458 6324 rismxdp - ok
13:36:13.0521 6324 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:36:13.0521 6324 rspndr - ok
13:36:13.0583 6324 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
13:36:13.0583 6324 s3cap - ok
13:36:13.0630 6324 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
13:36:13.0630 6324 sbp2port - ok
13:36:13.0692 6324 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
13:36:13.0692 6324 scfilter - ok
13:36:13.0723 6324 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
13:36:13.0739 6324 sdbus - ok
13:36:13.0770 6324 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:36:13.0770 6324 secdrv - ok
13:36:13.0817 6324 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:36:13.0817 6324 Serenum - ok
13:36:13.0848 6324 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:36:13.0848 6324 Serial - ok
13:36:13.0895 6324 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:36:13.0911 6324 sermouse - ok
13:36:13.0973 6324 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
13:36:13.0973 6324 sffdisk - ok
13:36:13.0989 6324 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
13:36:14.0004 6324 sffp_mmc - ok
13:36:14.0020 6324 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:36:14.0035 6324 sffp_sd - ok
13:36:14.0067 6324 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:36:14.0067 6324 sfloppy - ok
13:36:14.0113 6324 Shockprf (df6a84dd19d3c0858d707b5e64938d60) C:\Windows\system32\DRIVERS\Apsx86.sys
13:36:14.0113 6324 Shockprf - ok
13:36:14.0176 6324 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
13:36:14.0176 6324 sisagp - ok
13:36:14.0223 6324 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:36:14.0223 6324 SiSRaid2 - ok
13:36:14.0254 6324 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:36:14.0254 6324 SiSRaid4 - ok
13:36:14.0285 6324 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:36:14.0285 6324 Smb - ok
13:36:14.0332 6324 snapman (6fab49fc4e09616da76f1f993a7cb4df) C:\Windows\system32\DRIVERS\snapman.sys
13:36:14.0332 6324 snapman - ok
13:36:14.0457 6324 SNP2UVC (a10c0f1f8d394e7d392fad72b7a01c1b) C:\Windows\system32\DRIVERS\snp2uvc.sys
13:36:14.0566 6324 SNP2UVC - ok
13:36:14.0628 6324 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:36:14.0628 6324 spldr - ok
13:36:14.0737 6324 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
13:36:14.0753 6324 srv - ok
13:36:14.0815 6324 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
13:36:14.0815 6324 srv2 - ok
13:36:14.0862 6324 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
13:36:14.0862 6324 SrvHsfHDA - ok
13:36:14.0909 6324 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
13:36:14.0940 6324 SrvHsfV92 - ok
13:36:14.0987 6324 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
13:36:15.0018 6324 SrvHsfWinac - ok
13:36:15.0065 6324 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
13:36:15.0065 6324 srvnet - ok
13:36:15.0159 6324 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:36:15.0159 6324 ssmdrv - ok
13:36:15.0190 6324 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
13:36:15.0190 6324 SSPORT - ok
13:36:15.0237 6324 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:36:15.0237 6324 stexstor - ok
13:36:15.0299 6324 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
13:36:15.0299 6324 storflt - ok
13:36:15.0361 6324 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
13:36:15.0361 6324 storvsc - ok
13:36:15.0439 6324 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
13:36:15.0439 6324 swenum - ok
13:36:15.0549 6324 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
13:36:15.0611 6324 Tcpip - ok
13:36:15.0689 6324 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
13:36:15.0705 6324 TCPIP6 - ok
13:36:15.0767 6324 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
13:36:15.0767 6324 tcpipreg - ok
13:36:15.0829 6324 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
13:36:15.0829 6324 TDPIPE - ok
13:36:15.0876 6324 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
13:36:15.0892 6324 TDTCP - ok
13:36:15.0939 6324 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
13:36:15.0939 6324 tdx - ok
13:36:16.0001 6324 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
13:36:16.0001 6324 TermDD - ok
13:36:16.0110 6324 timounter (1dcf2395cf531057a698c0b6af2b87c1) C:\Windows\system32\DRIVERS\timntr.sys
13:36:16.0110 6324 timounter - ok
13:36:16.0141 6324 TPDIGIMN (50b570e4209f6d401893720fc8ddce46) C:\Windows\system32\DRIVERS\ApsHM86.sys
13:36:16.0157 6324 TPDIGIMN - ok
13:36:16.0204 6324 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
13:36:16.0204 6324 TPM - ok
13:36:16.0266 6324 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
13:36:16.0266 6324 TPPWRIF - ok
13:36:16.0329 6324 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:36:16.0329 6324 tssecsrv - ok
13:36:16.0391 6324 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
13:36:16.0391 6324 TsUsbFlt - ok
13:36:16.0453 6324 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
13:36:16.0453 6324 tunnel - ok
13:36:16.0485 6324 TVTI2C (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys
13:36:16.0485 6324 TVTI2C - ok
13:36:16.0531 6324 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:36:16.0531 6324 uagp35 - ok
13:36:16.0594 6324 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
13:36:16.0594 6324 udfs - ok
13:36:16.0687 6324 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
13:36:16.0703 6324 uliagpkx - ok
13:36:16.0765 6324 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
13:36:16.0765 6324 umbus - ok
13:36:16.0812 6324 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:36:16.0812 6324 UmPass - ok
13:36:16.0875 6324 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
13:36:16.0890 6324 USBAAPL - ok
13:36:16.0953 6324 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
13:36:16.0968 6324 usbccgp - ok
13:36:17.0031 6324 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
13:36:17.0046 6324 usbcir - ok
13:36:17.0093 6324 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
13:36:17.0093 6324 usbehci - ok
13:36:17.0140 6324 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
13:36:17.0140 6324 usbhub - ok
13:36:17.0171 6324 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
13:36:17.0171 6324 usbohci - ok
13:36:17.0202 6324 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:36:17.0202 6324 usbprint - ok
13:36:17.0266 6324 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:36:17.0266 6324 usbscan - ok
13:36:17.0344 6324 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:36:17.0344 6324 USBSTOR - ok
13:36:17.0390 6324 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:36:17.0390 6324 usbuhci - ok
13:36:17.0437 6324 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
13:36:17.0437 6324 usbvideo - ok
13:36:17.0484 6324 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
13:36:17.0484 6324 vdrvroot - ok
13:36:17.0546 6324 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:36:17.0546 6324 vga - ok
13:36:17.0593 6324 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:36:17.0593 6324 VgaSave - ok
13:36:17.0624 6324 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
13:36:17.0640 6324 vhdmp - ok
13:36:17.0702 6324 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
13:36:17.0702 6324 viaagp - ok
13:36:17.0749 6324 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:36:17.0749 6324 ViaC7 - ok
13:36:17.0780 6324 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
13:36:17.0780 6324 viaide - ok
13:36:17.0812 6324 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
13:36:17.0812 6324 vmbus - ok
13:36:17.0827 6324 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
13:36:17.0827 6324 VMBusHID - ok
13:36:17.0858 6324 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
13:36:17.0858 6324 volmgr - ok
13:36:17.0890 6324 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:36:17.0890 6324 volmgrx - ok
13:36:17.0921 6324 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
13:36:17.0921 6324 volsnap - ok
13:36:17.0952 6324 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:36:17.0968 6324 vsmraid - ok
13:36:17.0999 6324 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
13:36:17.0999 6324 vwifibus - ok
13:36:18.0030 6324 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
13:36:18.0030 6324 vwififlt - ok
13:36:18.0077 6324 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:36:18.0077 6324 WacomPen - ok
13:36:18.0139 6324 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:36:18.0155 6324 WANARP - ok
13:36:18.0155 6324 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
13:36:18.0155 6324 Wanarpv6 - ok
13:36:18.0202 6324 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:36:18.0202 6324 Wd - ok
13:36:18.0233 6324 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:36:18.0248 6324 Wdf01000 - ok
13:36:18.0295 6324 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:36:18.0295 6324 WfpLwf - ok
13:36:18.0326 6324 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:36:18.0326 6324 WIMMount - ok
13:36:18.0389 6324 winachsf (253a9c2df9a2a7b3b23146014959f2cd) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:36:18.0404 6324 winachsf - ok
13:36:18.0576 6324 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
13:36:18.0576 6324 WinUsb - ok
13:36:18.0654 6324 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
13:36:18.0654 6324 WmiAcpi - ok
13:36:18.0716 6324 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:36:18.0732 6324 ws2ifsl - ok
13:36:18.0794 6324 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
13:36:18.0794 6324 WudfPf - ok
13:36:18.0857 6324 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:36:18.0857 6324 WUDFRd - ok
13:36:18.0919 6324 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
13:36:18.0935 6324 XAudio - ok
13:36:18.0997 6324 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
13:36:18.0997 6324 ZTEusbmdm6k - ok
13:36:19.0028 6324 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
13:36:19.0044 6324 ZTEusbnmea - ok
13:36:19.0122 6324 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
13:36:19.0122 6324 ZTEusbser6k - ok
13:36:19.0169 6324 MBR (0x1B8) (d4bd9bf8b5bd3bd8985ec47a3843fc0d) \Device\Harddisk0\DR0
13:36:19.0216 6324 \Device\Harddisk0\DR0 - ok
13:36:19.0262 6324 Boot (0x1200) (afb8b4724c7b622ea97fa4e2dbc4d06d) \Device\Harddisk0\DR0\Partition0
13:36:19.0262 6324 \Device\Harddisk0\DR0\Partition0 - ok
13:36:19.0278 6324 Boot (0x1200) (a6149aaafa0862d21d379a576c5ff62f) \Device\Harddisk0\DR0\Partition1
13:36:19.0278 6324 \Device\Harddisk0\DR0\Partition1 - ok
13:36:19.0325 6324 Boot (0x1200) (c3a32dcd44bdfce32ee892d1e3800b5a) \Device\Harddisk0\DR0\Partition2
13:36:19.0325 6324 \Device\Harddisk0\DR0\Partition2 - ok
13:36:19.0325 6324 ============================================================
13:36:19.0325 6324 Scan finished
13:36:19.0325 6324 ============================================================
13:36:19.0340 5744 Detected object count: 0
13:36:19.0340 5744 Actual detected object count: 0
13:36:27.0889 5668 Deinitialize success
|
|
23.02.2012, 17:15
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2012, 17:28
| #14 |
| | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. Hallo cosinus, combifix wurde automtisch installiert, ich konnte den Speicherort nicht wählen (Firefox) und ist jetzt nicht auf dem Desktop. Ist das schlimm? |
|
23.02.2012, 17:49
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir.Zitat:
Pack die combofix.exe bitte auf dem Desktop!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Aus Sicherheitsgrüden wurde Ihr Windowssystem blockiert. - leider auch bei mir. |
| anbei, anleitungen, gemerkt, hilfe!, hilfe!!, scan, scanne, scannen, versuch, versucht, windowssystem, wurde ihr |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
