Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.09.2012, 03:10   #1
Conny_1808
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Hallo zusammen!

Toll, dass es dieses Board gibt! Ich hoffe, dass ich mit eurer Hilfe mein Notebook "putzen" kann.

Über meine externe Festplatte, die ich zur Datenübertragung an einen anderen PC angeschlossen hatte, habe ich mir einen Virus namens "Worm.Dorkbot" eingefangen. Was mich aufmerksam gemacht hat, war, dass auf der Festplatte all meine Ordner nur noch als Verknüpfungen angezeigt wurden. Auf die Daten kann ich aber noch zugreifen, wenn ich die geschützten Systemdateien anzeigen lasse (unter Windows 7 in "Ordneroptionen").

Leider hat sich der Wurm, wie es scheint, trotz meines bezahlten Anti-Viren-Programms (Avira Antivirus Premium 2012) auf meinen Computer (Windows 7 Professional, 64 Bit, SP1) übertragen. Im Verzeichnis C:\User\Cornelia\AppData\Roaming finden sich mehrere .EXE-Dateien, allen voran "tlrsrl.ex". Außerdem finde ich nach jedem Neustart des Computers in den Prozessen im Task-Manager ein Programm mit dem vier Buchstaben "xxxx.exe", das etwa 25% meiner CPU-Leistung frisst und den PC sehr heiß laufen lässt und den Lüfter und Akku extrem belastet.

Bei einem erneuten Anstecken der Festplatte kommt von meinem Antivirus dann folgende Fehlermeldung:
"In der Datei 'E:\RECYCLER\e621ca05.exe' wurde ein Virus oder unerwünschtes Programm 'WORM/Dorkbot.A.2312' [worm] gefunden.
Ausgeführte Aktion: Zugriff verweigern"
Über den Eingabebefehl der Attributänderung habe ich die Ordner auf meiner externen Festplatte wieder hergestellt und die Verknüpfungen gelöscht. Nach dem Löschen der besagten Datei "e621ca05.exe" auf der externen Festplatte sah es auch gut aus. Beim erneuten Anstecken der Festplatte waren aber wieder alle Ordner zu Verknüpfungen geworden, und die Datei wieder da.

Beim googlen nach dem Wurm und dem Problem bin ich unter anderem auf folgenden Thread in Eurem Board gestoßen, bei dem mir das Problem ähnlich erscheint: http://www.trojaner-board.de/103380-...uepfungen.html

Ein kompletter Suchlauf mit Antivirus brachte heute 3 Funde, die ich erst in Quarantäne verschieben ließ und dann gelöscht habe. Dennoch sind die verdächtigen Dateien weiterhin im Verzeichnis "AppData\Roaming" vorhanden. Das LOG-File des AntivirusScans poste ich im Anhang.

Eure Anweisungen habe ich ebenfalls durchgeführt. Das LOG-File vom Defogger poste ich unten, ebenso wie die OTL.txt. Bei Ausführen dieser Programme hatte ich meine externe Festplatte, die den Virus übertrage hat, angeschlossen, damit sie gegebenenfalls mit durchsucht wird. Da sich auf dieser meine Datensicherungen (erstellt mit Acronis True Image Home) befinden, wäre es gut, wenn die Platte mit bereinigt werden könnte und ich sie nicht komplett formatieren muss.

Da ich zur Zeit in Chile studiere und unser Internet manchmal recht instabil ist, kann es sein, dass ich mit dem Antworten manchmal ein bisschen länger brauche (es kann natürlich auch an den 5 Stunden Zeitverschiebung nach Deutschland liegen).
Vielen Dank auf jeden Fall schon mal für Eure Bemühungen!!!
Herzliche Grüße, Cornelia

Hier die Datei "defogger_disable.log":
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:55 on 19/09/2012 (Cornelia)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-
         
Und hier die OTL.txt:
Code:
ATTFilter
OTL logfile created on: 19.09.2012 21:58:40 - Run 1
OTL by OldTimer - Version 3.2.64.0     Folder = C:\Users\Cornelia\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 2,38 Gb Available Physical Memory | 61,93% Memory free
7,69 Gb Paging File | 5,91 Gb Available in Paging File | 76,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 55,94 Gb Free Space | 57,28% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 14,83 Gb Free Space | 60,75% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 452,27 Gb Free Space | 48,55% Space Free | Partition Type: NTFS
Drive M: | 330,50 Gb Total Space | 69,99 Gb Free Space | 21,18% Space Free | Partition Type: NTFS
Drive Q: | 11,72 Gb Total Space | 2,26 Gb Free Space | 19,29% Space Free | Partition Type: NTFS
 
Computer Name: CORNELIA-THINK | User Name: Cornelia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.19 21:56:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.08 07:56:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.14 15:53:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.14 15:53:15 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.14 15:53:15 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012.05.14 15:53:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.31 14:03:00 | 000,062,824 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
PRC - [2011.08.11 06:04:16 | 000,328,552 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.07.25 18:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2011.07.12 05:03:34 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011.07.12 04:17:06 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.07.12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\micmute.exe
PRC - [2011.07.12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2011.05.31 05:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2011.05.31 05:48:34 | 000,040,808 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2011.05.31 05:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2011.05.25 09:21:32 | 000,281,960 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AutoLock\ALCKRESI.exe
PRC - [2011.02.21 23:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.21 23:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.03 18:17:06 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.03.23 12:22:46 | 001,549,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe
PRC - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.11 09:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.05.27 17:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
PRC - [2008.10.03 18:58:58 | 000,962,480 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008.10.03 18:55:12 | 004,378,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008.10.03 17:40:00 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008.01.10 07:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.04.06 04:05:16 | 002,085,888 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cv210.dll
MOD - [2010.04.06 04:04:06 | 002,201,088 | ---- | M] () -- C:\Programme\Lenovo\AutoLock\cxcore210.dll
MOD - [2010.03.23 12:26:48 | 000,201,512 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
MOD - [2009.05.27 17:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
MOD - [2005.09.21 02:57:56 | 004,325,376 | ---- | M] () -- C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.12.09 06:23:04 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)
SRV:64bit: - [2010.11.12 05:48:50 | 000,045,928 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2009.07.13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.07 12:14:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.14 15:53:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.14 15:53:15 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.14 15:53:15 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012.05.14 15:53:15 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 14:03:00 | 000,478,056 | ---- | M] (Lenovo.) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2011.08.31 14:03:00 | 000,173,416 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE -- (PwmEWSvc)
SRV - [2011.08.31 14:03:00 | 000,087,400 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2011.07.27 16:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.07.27 15:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.07.25 18:18:46 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2011.07.12 03:54:00 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)
SRV - [2011.07.12 03:53:42 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 03:53:26 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.07.12 03:53:20 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2011.07.08 12:53:20 | 000,144,232 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc)
SRV - [2011.05.31 05:48:36 | 000,059,240 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2011.05.31 05:48:18 | 000,041,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2011.05.18 16:31:14 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2011.02.21 23:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.21 23:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.12.03 18:17:04 | 000,965,408 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.09.22 13:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 09:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.11 09:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.03 17:41:22 | 000,743,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.01.10 07:13:50 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.12.14 11:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.11.17 09:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.14 15:53:16 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.14 15:53:16 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.01.22 09:31:01 | 001,580,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm140.sys -- (tdrpman140)
DRV:64bit: - [2012.01.22 09:30:58 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.01.22 09:30:58 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2012.01.22 09:30:56 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snman380.sys -- (snapman380)
DRV:64bit: - [2011.12.23 09:08:27 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.12.23 09:08:27 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.12.23 00:32:25 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)
DRV:64bit: - [2011.12.15 10:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.31 14:03:00 | 000,031,344 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2011.08.31 14:03:00 | 000,014,960 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2011.08.09 10:32:04 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.03 12:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.05.19 08:06:46 | 001,442,352 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.04.25 22:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.12.09 06:23:04 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)
DRV:64bit: - [2010.12.09 06:23:04 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)
DRV:64bit: - [2010.12.08 00:30:08 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010.12.01 08:15:30 | 000,426,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2010.11.24 08:24:24 | 000,145,448 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.11.20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 02:06:22 | 000,162,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.11.20 02:06:20 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.11.12 05:48:30 | 000,039,024 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2010.10.19 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 03:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.21 13:14:10 | 000,164,992 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877)
DRV:64bit: - [2010.09.07 01:09:36 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2010.08.26 23:14:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.06.23 04:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.03.23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.07.13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2011.07.08 12:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE)
DRV - [2009.07.13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.03.13 08:47:34 | 000,013,840 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.homitrlz.in
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112454&tt=060612_6_&babsrc=SP_ss&mntrId=942b238f000000000000081196ea00a0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE467
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.homitrlz.in"
FF - prefs.js..extensions.enabledAddons: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.6
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=942b238f000000000000081196ea00a0&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Cornelia\AppData\Local\Facebook\Messenger\2.1.4631.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 12:14:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 21:33:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 12:14:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.21 11:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Extensions
[2012.09.16 00:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions
[2012.08.21 10:06:49 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2012.08.18 10:54:58 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.01.22 17:21:29 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2012.01.22 09:23:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.16 00:48:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.22 17:21:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\engine@conduit.com
[2012.01.21 18:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default - Kopie\extensions
[2012.01.22 09:23:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default - Kopie\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.26 15:26:03 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\extensions\finder@meingutscheincode.de.xpi
[2011.05.16 17:21:21 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2010.09.10 05:54:17 | 000,002,354 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\searchplugins\ecosia.xml
[2012.09.07 12:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 12:14:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 12:14:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 12:14:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 21:27:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 17:43:40 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.08.28 20:26:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 21:27:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 21:27:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 21:27:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 21:27:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
 
O1 HOSTS File: ([2009.06.10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [LTT] C:\Programme\PC-Doctor\EnableToolbarW32.exe (PC-Doctor, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Tlrsrl] C:\Users\Cornelia\AppData\Roaming\Tlrsrl.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0880508D-7E36-42E2-83F2-D7A2FE8C6012}: Domain = uni-tuebingen.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0880508D-7E36-42E2-83F2-D7A2FE8C6012}: NameServer = 134.2.200.1,134.2.200.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33E24BAF-9711-4E6E-86CB-541DF48FAB5D}: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk Q:\
O33 - MountPoints2\{43e6181b-ea58-11e1-965a-047d7b3145ea}\Shell - "" = AutoRun
O33 - MountPoints2\{43e6181b-ea58-11e1-965a-047d7b3145ea}\Shell\AutoRun\command - "" = F:\iLinker.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.19 21:56:33 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe
[2012.09.08 01:37:02 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.09.07 12:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.02 12:54:28 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\Facebook
[2012.08.30 10:52:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012.08.30 10:50:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.08.29 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{48E1F8FF-1C7B-4A56-9CED-376BB26251A2}
[2012.08.28 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{349B95A0-1296-4E8D-A8F8-FDE0E8F47A6B}
[2012.08.28 18:55:14 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\Macromedia
[3 C:\Users\Cornelia\AppData\Roaming\*.tmp files -> C:\Users\Cornelia\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.19 21:59:05 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job
[2012.09.19 21:57:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.19 21:57:15 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.19 21:57:15 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.19 21:57:15 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.19 21:57:15 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.19 21:56:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe
[2012.09.19 21:55:09 | 000,000,000 | ---- | M] () -- C:\Users\Cornelia\defogger_reenable
[2012.09.19 21:51:49 | 000,050,477 | ---- | M] () -- C:\Users\Cornelia\Desktop\Defogger.exe
[2012.09.19 21:46:26 | 000,167,936 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\Tlrsrl.exe
[2012.09.19 21:42:58 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 21:42:58 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.19 21:36:29 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\28B4.exe
[2012.09.19 21:36:07 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.19 21:35:29 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.09.19 21:35:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.19 21:35:19 | 3095,773,184 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.19 21:28:36 | 000,775,620 | ---- | M] () -- C:\Users\Cornelia\Desktop\Virenfunde_1.jpg
[2012.09.19 21:17:23 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.19 20:03:25 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\59DC.exe
[2012.09.19 13:02:53 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\5984.exe
[2012.09.19 12:59:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job
[2012.09.19 12:52:34 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\24DE.exe
[2012.09.19 12:04:08 | 000,110,592 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\ABF0.exe
[2012.09.16 17:42:02 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\930E.exe
[2012.09.16 16:50:08 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\C8F.exe
[2012.09.16 13:29:42 | 594,592,768 | ---- | M] () -- C:\Users\Cornelia\Desktop\Raphaels Audiodatei von EK-Projekt-Aufnahmegerät.WAV
[2012.09.16 12:47:47 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\2DEE.exe
[2012.09.16 12:12:22 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\BF05.exe
[2012.09.16 11:41:26 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\70A5.exe
[2012.09.16 03:49:21 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\3956.exe
[2012.09.16 02:58:55 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\F48.exe
[2012.09.16 00:46:02 | 000,003,605 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\64F3.exe
[2012.09.12 10:36:23 | 000,006,656 | ---- | M] () -- C:\Users\Cornelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.06 13:37:58 | 000,002,133 | ---- | M] () -- C:\Users\Cornelia\.recently-used.xbel
[2012.09.03 12:30:07 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.09.03 12:29:58 | 000,361,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.30 10:50:58 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[3 C:\Users\Cornelia\AppData\Roaming\*.tmp files -> C:\Users\Cornelia\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.19 21:55:09 | 000,000,000 | ---- | C] () -- C:\Users\Cornelia\defogger_reenable
[2012.09.19 21:51:49 | 000,050,477 | ---- | C] () -- C:\Users\Cornelia\Desktop\Defogger.exe
[2012.09.19 21:46:26 | 000,167,936 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\Tlrsrl.exe
[2012.09.19 21:36:29 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\28B4.exe
[2012.09.19 21:28:36 | 000,775,620 | ---- | C] () -- C:\Users\Cornelia\Desktop\Virenfunde_1.jpg
[2012.09.19 20:03:25 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\59DC.exe
[2012.09.19 13:02:53 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\5984.exe
[2012.09.19 12:52:34 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\24DE.exe
[2012.09.19 12:04:08 | 000,110,592 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\ABF0.exe
[2012.09.16 17:42:02 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\930E.exe
[2012.09.16 16:50:08 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\C8F.exe
[2012.09.16 12:47:47 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\2DEE.exe
[2012.09.16 12:22:38 | 594,592,768 | ---- | C] () -- C:\Users\Cornelia\Desktop\Raphaels Audiodatei von EK-Projekt-Aufnahmegerät.WAV
[2012.09.16 12:12:22 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\BF05.exe
[2012.09.16 11:41:26 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\70A5.exe
[2012.09.16 03:49:21 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\3956.exe
[2012.09.16 02:58:55 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\F48.exe
[2012.09.16 00:46:02 | 000,003,605 | ---- | C] () -- C:\Users\Cornelia\AppData\Roaming\64F3.exe
[2012.09.06 13:37:58 | 000,002,133 | ---- | C] () -- C:\Users\Cornelia\.recently-used.xbel
[2012.09.02 12:54:32 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job
[2012.09.02 12:54:32 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job
[2012.08.30 10:50:58 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.04.11 17:04:58 | 000,000,698 | ---- | C] () -- C:\Users\Cornelia\.ufrawrc
[2012.04.10 23:53:03 | 000,006,656 | ---- | C] () -- C:\Users\Cornelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.04 13:50:20 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.01.23 13:16:27 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.12.23 08:54:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.12.23 00:24:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.23 00:24:40 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.12.23 00:24:40 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.23 00:24:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.12.23 00:24:40 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.01.22 09:57:39 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Acronis
[2012.05.15 22:00:46 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Ahnenblatt
[2012.03.03 17:10:06 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\AnvSoft
[2012.06.23 17:43:36 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Babylon
[2012.04.04 14:16:01 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\DesktopIconForAmazon
[2012.06.11 21:13:03 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\DVDVideoSoft
[2012.01.21 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.07.07 21:49:26 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\FileZilla
[2012.01.21 16:55:28 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Flo & Seb Engineering
[2012.06.27 01:44:09 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Groovedown
[2012.08.22 13:08:35 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\gtk-2.0
[2012.04.12 19:53:51 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\hdbADS
[2012.09.19 21:56:56 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\ICQ
[2012.02.22 19:18:40 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\IrfanView
[2012.01.20 19:07:53 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Leadertech
[2012.01.20 19:18:32 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Lenovo
[2012.01.23 13:34:32 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\MAGIX
[2012.09.16 23:01:18 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\MediaMonkey
[2012.04.12 19:54:39 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\MrJobs
[2012.03.04 14:46:23 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Nvu
[2012.01.21 12:07:23 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\OpenOffice.org
[2012.01.20 19:28:54 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\PCDr
[2012.01.20 21:23:23 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\PwrMgr
[2012.01.22 08:54:45 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Thunderbird
[2012.01.21 10:42:06 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\Ulead Systems
[2012.06.23 22:41:03 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\uTorrent
[2012.04.04 14:14:40 | 000,000,000 | ---D | M] -- C:\Users\Cornelia\AppData\Roaming\VSO
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 20.09.2012, 08:10   #2
Psychotic
/// Malwareteam
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall uTorrent. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.[/color]



Schritt 1: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.



Schritt 2: aswMBR



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________

__________________

Alt 20.09.2012, 14:44   #3
Conny_1808
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Hallo Marius!

Vielen Dank, dass du mir hilfst!!!
Ich habe mich für die Bereinigung entschieden, unter anderem auch, da meine externe Festplatte mit den Datensicherungen ja ebenfalls infiziert ist und meine letzte Datensicherung leider auch schon ein paar Wochen alt. Hier in Chile verwende ich den PC nicht so intensiv, dass ich sie jede Woche mache... :/

Hier auch gleich eine Frage. Soll ich die externe Festplatte bei allem, was ich nach deinen Angaben ausführe, an den PC anschließen, damit sie mit gescant und bereinigt wird?

Das Tool uTorrent ist auf meinem PC nicht mehr vorhanden (oder jedenfalls von mir nicht auffindbar). Ich hatte es herunterladen müssen für einen Uni-Kurs hier in Chile im letzten Semester, habe es aber danach gleich wieder deinstalliert - aus eben den Gründen, die du genannt hast. Ich habe meinen PC jetzt auch danach suchen lassen, aber die "OTL.txt" ist die einzige File, wo das Programm auftaucht.

Kann ich dennoch mit Schritt 1 und 2 weitermachen?
__________________

Alt 20.09.2012, 14:54   #4
Psychotic
/// Malwareteam
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Schließe die Platte nur an, wenn ich es ausdrücklich sage und mache weiter mit Schritt 1 und 2.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 20.09.2012, 15:44   #5
Conny_1808
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



So, hier kommen die "Ergebnisse" aus Schritt 1 und Schritt 2.

Die LOG-File des TDSS-Killers:
Code:
ATTFilter
11:00:54.0770 0124  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
11:00:55.0410 0124  ============================================================
11:00:55.0410 0124  Current date / time: 2012/09/20 11:00:55.0410
11:00:55.0410 0124  SystemInfo:
11:00:55.0410 0124  
11:00:55.0410 0124  OS Version: 6.1.7601 ServicePack: 1.0
11:00:55.0410 0124  Product type: Workstation
11:00:55.0410 0124  ComputerName: CORNELIA-THINK
11:00:55.0410 0124  UserName: Cornelia
11:00:55.0410 0124  Windows directory: C:\Windows
11:00:55.0410 0124  System windows directory: C:\Windows
11:00:55.0410 0124  Running under WOW64
11:00:55.0410 0124  Processor architecture: Intel x64
11:00:55.0410 0124  Number of processors: 4
11:00:55.0410 0124  Page size: 0x1000
11:00:55.0410 0124  Boot type: Normal boot
11:00:55.0410 0124  ============================================================
11:00:55.0830 0124  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:00:55.0830 0124  ============================================================
11:00:55.0830 0124  \Device\Harddisk0\DR0:
11:00:55.0830 0124  MBR partitions:
11:00:55.0830 0124  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
11:00:55.0830 0124  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xC350000
11:00:55.0850 0124  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC63F000, BlocksNum 0x30D4000
11:00:55.0850 0124  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0xF713800, BlocksNum 0x29502000
11:00:55.0850 0124  \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x38C15800, BlocksNum 0x1770000
11:00:55.0850 0124  ============================================================
11:00:55.0880 0124  C: <-> \Device\Harddisk0\DR0\Partition2
11:00:55.0940 0124  Q: <-> \Device\Harddisk0\DR0\Partition5
11:00:55.0990 0124  D: <-> \Device\Harddisk0\DR0\Partition3
11:00:56.0040 0124  M: <-> \Device\Harddisk0\DR0\Partition4
11:00:56.0040 0124  ============================================================
11:00:56.0040 0124  Initialize success
11:00:56.0040 0124  ============================================================
11:01:01.0450 2728  ============================================================
11:01:01.0450 2728  Scan started
11:01:01.0450 2728  Mode: Manual; TDLFS; 
11:01:01.0450 2728  ============================================================
11:01:01.0770 2728  ================ Scan system memory ========================
11:01:01.0770 2728  System memory - ok
11:01:01.0770 2728  ================ Scan services =============================
11:01:01.0900 2728  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:01:01.0910 2728  1394ohci - ok
11:01:01.0940 2728  [ 54C861A113568012E48FA1350EA05122 ] 5U877           C:\Windows\system32\DRIVERS\5U877.sys
11:01:01.0940 2728  5U877 - ok
11:01:01.0960 2728  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:01:01.0970 2728  ACPI - ok
11:01:01.0980 2728  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:01:01.0980 2728  AcpiPmi - ok
11:01:02.0120 2728  [ D0EDA6533DD11F1384346A5680E5E42A ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
11:01:02.0130 2728  AcrSch2Svc - ok
11:01:02.0160 2728  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:01:02.0170 2728  adp94xx - ok
11:01:02.0180 2728  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:01:02.0180 2728  adpahci - ok
11:01:02.0190 2728  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:01:02.0190 2728  adpu320 - ok
11:01:02.0210 2728  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:01:02.0210 2728  AeLookupSvc - ok
11:01:02.0260 2728  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
11:01:02.0270 2728  AFD - ok
11:01:02.0280 2728  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:01:02.0280 2728  agp440 - ok
11:01:02.0310 2728  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
11:01:02.0310 2728  ALG - ok
11:01:02.0310 2728  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:01:02.0310 2728  aliide - ok
11:01:02.0320 2728  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
11:01:02.0320 2728  amdide - ok
11:01:02.0320 2728  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:01:02.0320 2728  AmdK8 - ok
11:01:02.0330 2728  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
11:01:02.0330 2728  AmdPPM - ok
11:01:02.0370 2728  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:01:02.0370 2728  amdsata - ok
11:01:02.0380 2728  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
11:01:02.0380 2728  amdsbs - ok
11:01:02.0400 2728  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:01:02.0400 2728  amdxata - ok
11:01:02.0460 2728  [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
11:01:02.0470 2728  AntiVirMailService - ok
11:01:02.0530 2728  [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:01:02.0530 2728  AntiVirSchedulerService - ok
11:01:02.0550 2728  [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:01:02.0550 2728  AntiVirService - ok
11:01:02.0580 2728  [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
11:01:02.0590 2728  AntiVirWebService - ok
11:01:02.0630 2728  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
11:01:02.0630 2728  AppID - ok
11:01:02.0650 2728  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:01:02.0650 2728  AppIDSvc - ok
11:01:02.0660 2728  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
11:01:02.0660 2728  Appinfo - ok
11:01:02.0690 2728  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
11:01:02.0690 2728  AppMgmt - ok
11:01:02.0700 2728  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
11:01:02.0700 2728  arc - ok
11:01:02.0710 2728  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:01:02.0710 2728  arcsas - ok
11:01:02.0720 2728  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:01:02.0720 2728  AsyncMac - ok
11:01:02.0740 2728  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
11:01:02.0740 2728  atapi - ok
11:01:02.0760 2728  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:01:02.0760 2728  AudioEndpointBuilder - ok
11:01:02.0780 2728  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
11:01:02.0790 2728  AudioSrv - ok
11:01:02.0830 2728  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:01:02.0830 2728  avgntflt - ok
11:01:02.0860 2728  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:01:02.0870 2728  avipbb - ok
11:01:02.0890 2728  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:01:02.0890 2728  avkmgr - ok
11:01:02.0910 2728  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:01:02.0910 2728  AxInstSV - ok
11:01:02.0930 2728  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
11:01:02.0930 2728  b06bdrv - ok
11:01:02.0950 2728  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
11:01:02.0950 2728  b57nd60a - ok
11:01:02.0970 2728  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
11:01:02.0980 2728  BDESVC - ok
11:01:02.0980 2728  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:01:02.0980 2728  Beep - ok
11:01:03.0020 2728  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
11:01:03.0020 2728  BFE - ok
11:01:03.0060 2728  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
11:01:03.0070 2728  BITS - ok
11:01:03.0090 2728  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:01:03.0090 2728  blbdrive - ok
11:01:03.0130 2728  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:01:03.0130 2728  bowser - ok
11:01:03.0140 2728  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
11:01:03.0140 2728  BrFiltLo - ok
11:01:03.0140 2728  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
11:01:03.0140 2728  BrFiltUp - ok
11:01:03.0150 2728  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
11:01:03.0150 2728  Browser - ok
11:01:03.0170 2728  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:01:03.0170 2728  Brserid - ok
11:01:03.0170 2728  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:01:03.0170 2728  BrSerWdm - ok
11:01:03.0180 2728  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:01:03.0180 2728  BrUsbMdm - ok
11:01:03.0180 2728  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:01:03.0180 2728  BrUsbSer - ok
11:01:03.0210 2728  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
11:01:03.0210 2728  BthEnum - ok
11:01:03.0220 2728  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:01:03.0220 2728  BTHMODEM - ok
11:01:03.0230 2728  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:01:03.0240 2728  BthPan - ok
11:01:03.0260 2728  [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
11:01:03.0270 2728  BTHPORT - ok
11:01:03.0280 2728  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
11:01:03.0280 2728  bthserv - ok
11:01:03.0290 2728  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
11:01:03.0290 2728  BTHUSB - ok
11:01:03.0330 2728  [ 292E3842E75E4AEA1A9CE7DA4B1C55F4 ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
11:01:03.0330 2728  BTWAMPFL - ok
11:01:03.0340 2728  [ D9B09128791A8D65B2156F9C2CFB54A8 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:01:03.0340 2728  btwaudio - ok
11:01:03.0360 2728  [ 3432DD66AE75AB2DE6D0527AD78DBFC7 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
11:01:03.0360 2728  btwavdt - ok
11:01:03.0440 2728  [ DE7717E59DFB6D169B646827CC02E361 ] btwdins         C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
11:01:03.0450 2728  btwdins - ok
11:01:03.0470 2728  [ D5088E57A32DFBC1B497B264E5AB5FBA ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
11:01:03.0470 2728  btwl2cap - ok
11:01:03.0480 2728  [ 13A9C2CEDD44C175E6CA39A536795CA6 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:01:03.0480 2728  btwrchid - ok
11:01:03.0500 2728  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:01:03.0500 2728  cdfs - ok
11:01:03.0540 2728  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:01:03.0540 2728  cdrom - ok
11:01:03.0580 2728  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
11:01:03.0580 2728  CertPropSvc - ok
11:01:03.0600 2728  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
11:01:03.0600 2728  circlass - ok
11:01:03.0620 2728  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
11:01:03.0620 2728  CLFS - ok
11:01:03.0710 2728  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:01:03.0720 2728  clr_optimization_v2.0.50727_32 - ok
11:01:03.0760 2728  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:01:03.0770 2728  clr_optimization_v2.0.50727_64 - ok
11:01:03.0810 2728  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:01:03.0820 2728  clr_optimization_v4.0.30319_32 - ok
11:01:03.0850 2728  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:01:03.0860 2728  clr_optimization_v4.0.30319_64 - ok
11:01:03.0890 2728  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:01:03.0890 2728  CmBatt - ok
11:01:03.0910 2728  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:01:03.0910 2728  cmdide - ok
11:01:03.0960 2728  [ C4943B6C962E4B82197542447AD599F4 ] CNG             C:\Windows\system32\Drivers\cng.sys
11:01:03.0970 2728  CNG - ok
11:01:03.0990 2728  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
11:01:03.0990 2728  Compbatt - ok
11:01:04.0020 2728  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
11:01:04.0020 2728  CompositeBus - ok
11:01:04.0030 2728  COMSysApp - ok
11:01:04.0040 2728  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:01:04.0040 2728  crcdisk - ok
11:01:04.0070 2728  [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:01:04.0080 2728  CryptSvc - ok
11:01:04.0100 2728  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
11:01:04.0100 2728  CSC - ok
11:01:04.0130 2728  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
11:01:04.0130 2728  CscService - ok
11:01:04.0160 2728  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
11:01:04.0160 2728  CVirtA - ok
11:01:04.0210 2728  [ 66257CB4E4FB69887CDDC71663741435 ] CVPND           C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
11:01:04.0230 2728  CVPND - ok
11:01:04.0260 2728  [ CC8E52DAA9826064BA464DBE531F2BB5 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
11:01:04.0260 2728  CVPNDRVA - ok
11:01:04.0300 2728  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:01:04.0300 2728  DcomLaunch - ok
11:01:04.0330 2728  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
11:01:04.0330 2728  defragsvc - ok
11:01:04.0350 2728  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:01:04.0350 2728  DfsC - ok
11:01:04.0380 2728  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:01:04.0380 2728  Dhcp - ok
11:01:04.0400 2728  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
11:01:04.0400 2728  discache - ok
11:01:04.0420 2728  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
11:01:04.0420 2728  Disk - ok
11:01:04.0440 2728  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
11:01:04.0440 2728  dmvsc - ok
11:01:04.0460 2728  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
11:01:04.0470 2728  DNE - ok
11:01:04.0480 2728  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:01:04.0490 2728  Dnscache - ok
11:01:04.0500 2728  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:01:04.0500 2728  dot3svc - ok
11:01:04.0550 2728  [ 277247B79DA2230D0C3AEB83E6CD8CA7 ] DozeSvc         C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
11:01:04.0550 2728  DozeSvc - ok
11:01:04.0560 2728  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
11:01:04.0560 2728  DPS - ok
11:01:04.0570 2728  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:01:04.0570 2728  drmkaud - ok
11:01:04.0600 2728  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:01:04.0610 2728  DXGKrnl - ok
11:01:04.0630 2728  [ CE4CFFD9F64B86BCEB1C343FC9924D72 ] DzHDD64         C:\Windows\system32\DRIVERS\DzHDD64.sys
11:01:04.0630 2728  DzHDD64 - ok
11:01:04.0650 2728  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
11:01:04.0650 2728  EapHost - ok
11:01:04.0720 2728  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
11:01:04.0750 2728  ebdrv - ok
11:01:04.0790 2728  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
11:01:04.0790 2728  EFS - ok
11:01:04.0830 2728  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:01:04.0840 2728  ehRecvr - ok
11:01:04.0850 2728  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
11:01:04.0850 2728  ehSched - ok
11:01:04.0880 2728  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:01:04.0890 2728  elxstor - ok
11:01:04.0890 2728  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:01:04.0890 2728  ErrDev - ok
11:01:04.0910 2728  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
11:01:04.0910 2728  EventSystem - ok
11:01:05.0010 2728  [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:01:05.0020 2728  EvtEng - ok
11:01:05.0040 2728  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
11:01:05.0050 2728  exfat - ok
11:01:05.0060 2728  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:01:05.0070 2728  fastfat - ok
11:01:05.0090 2728  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
11:01:05.0100 2728  Fax - ok
11:01:05.0100 2728  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
11:01:05.0110 2728  fdc - ok
11:01:05.0120 2728  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
11:01:05.0130 2728  fdPHost - ok
11:01:05.0140 2728  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:01:05.0140 2728  FDResPub - ok
11:01:05.0170 2728  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:01:05.0170 2728  FileInfo - ok
11:01:05.0190 2728  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:01:05.0190 2728  Filetrace - ok
11:01:05.0290 2728  [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe
11:01:05.0320 2728  FirebirdServerMAGIXInstance - ok
11:01:05.0320 2728  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
11:01:05.0320 2728  flpydisk - ok
11:01:05.0340 2728  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:01:05.0340 2728  FltMgr - ok
11:01:05.0380 2728  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
11:01:05.0390 2728  FontCache - ok
11:01:05.0460 2728  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:01:05.0460 2728  FontCache3.0.0.0 - ok
11:01:05.0480 2728  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:01:05.0480 2728  FsDepends - ok
11:01:05.0490 2728  [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:01:05.0490 2728  Fs_Rec - ok
11:01:05.0510 2728  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:01:05.0510 2728  fvevol - ok
11:01:05.0530 2728  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:01:05.0530 2728  gagp30kx - ok
11:01:05.0570 2728  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
11:01:05.0570 2728  gpsvc - ok
11:01:05.0620 2728  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:01:05.0620 2728  gupdate - ok
11:01:05.0640 2728  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:01:05.0640 2728  gupdatem - ok
11:01:05.0660 2728  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:01:05.0660 2728  hcw85cir - ok
11:01:05.0680 2728  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:01:05.0680 2728  HdAudAddService - ok
11:01:05.0700 2728  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:01:05.0700 2728  HDAudBus - ok
11:01:05.0700 2728  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
11:01:05.0700 2728  HidBatt - ok
11:01:05.0710 2728  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:01:05.0710 2728  HidBth - ok
11:01:05.0710 2728  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:01:05.0710 2728  HidIr - ok
11:01:05.0730 2728  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
11:01:05.0730 2728  hidserv - ok
11:01:05.0750 2728  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:01:05.0750 2728  HidUsb - ok
11:01:05.0770 2728  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:01:05.0780 2728  hkmsvc - ok
11:01:05.0780 2728  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:01:05.0780 2728  HomeGroupListener - ok
11:01:05.0800 2728  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:01:05.0800 2728  HomeGroupProvider - ok
11:01:05.0810 2728  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:01:05.0810 2728  HpSAMD - ok
11:01:05.0830 2728  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:01:05.0840 2728  HTTP - ok
11:01:05.0850 2728  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:01:05.0850 2728  hwpolicy - ok
11:01:05.0900 2728  [ E935C8099F9196BF19224D9EE4808612 ] HyperW7Svc      C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
11:01:05.0910 2728  HyperW7Svc - ok
11:01:05.0920 2728  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:01:05.0930 2728  i8042prt - ok
11:01:05.0970 2728  [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:01:05.0970 2728  iaStor - ok
11:01:06.0000 2728  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:01:06.0010 2728  iaStorV - ok
11:01:06.0030 2728  [ 29ED470689B7C597A9701D6A4C57A578 ] IBMPMDRV        C:\Windows\system32\DRIVERS\ibmpmdrv.sys
11:01:06.0030 2728  IBMPMDRV - ok
11:01:06.0040 2728  [ BC7AF43EEC24E995D770EC92A441D5D8 ] IBMPMSVC        C:\Windows\system32\ibmpmsvc.exe
11:01:06.0050 2728  IBMPMSVC - ok
11:01:06.0100 2728  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:01:06.0100 2728  idsvc - ok
11:01:06.0340 2728  [ 33FAA40B288002C89529DBD14F3AB72C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
11:01:06.0390 2728  igfx - ok
11:01:06.0420 2728  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:01:06.0420 2728  iirsp - ok
11:01:06.0450 2728  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:01:06.0450 2728  IKEEXT - ok
11:01:06.0550 2728  [ DDFADF2FA49C078A9C8270F29D6958B1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:01:06.0570 2728  IntcAzAudAddService - ok
11:01:06.0600 2728  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
11:01:06.0600 2728  IntcDAud - ok
11:01:06.0610 2728  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
11:01:06.0610 2728  intelide - ok
11:01:06.0620 2728  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:01:06.0620 2728  intelppm - ok
11:01:06.0650 2728  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:01:06.0660 2728  IPBusEnum - ok
11:01:06.0660 2728  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:01:06.0660 2728  IpFilterDriver - ok
11:01:06.0670 2728  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:01:06.0670 2728  iphlpsvc - ok
11:01:06.0680 2728  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:01:06.0680 2728  IPMIDRV - ok
11:01:06.0690 2728  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:01:06.0690 2728  IPNAT - ok
11:01:06.0710 2728  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:01:06.0710 2728  IRENUM - ok
11:01:06.0720 2728  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:01:06.0720 2728  isapnp - ok
11:01:06.0730 2728  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:01:06.0730 2728  iScsiPrt - ok
11:01:06.0770 2728  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:01:06.0770 2728  kbdclass - ok
11:01:06.0770 2728  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:01:06.0780 2728  kbdhid - ok
11:01:06.0790 2728  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
11:01:06.0790 2728  KeyIso - ok
11:01:06.0810 2728  [ DA1E991A61CFDD755A589E206B97644B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:01:06.0810 2728  KSecDD - ok
11:01:06.0840 2728  [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:01:06.0840 2728  KSecPkg - ok
11:01:06.0850 2728  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
11:01:06.0850 2728  ksthunk - ok
11:01:06.0870 2728  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:01:06.0880 2728  KtmRm - ok
11:01:06.0940 2728  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:01:06.0940 2728  LanmanServer - ok
11:01:06.0960 2728  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:01:06.0960 2728  LanmanWorkstation - ok
11:01:07.0000 2728  [ 56B74943929BC575914631EDC0E72220 ] LENOVO.CAMMUTE  C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
11:01:07.0000 2728  LENOVO.CAMMUTE - ok
11:01:07.0060 2728  [ 340288B3B2EDC8AFD5FF127DF85142A7 ] LENOVO.MICMUTE  C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
11:01:07.0060 2728  LENOVO.MICMUTE - ok
11:01:07.0070 2728  [ 2B9D8555DC004E240082D18E7725CE20 ] lenovo.smi      C:\Windows\system32\DRIVERS\smiifx64.sys
11:01:07.0070 2728  lenovo.smi - ok
11:01:07.0090 2728  [ F9B51B2A5DA1222A910021C71E9EA559 ] LENOVO.TPKNRSVC C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
11:01:07.0090 2728  LENOVO.TPKNRSVC - ok
11:01:07.0110 2728  [ F7DE50781DC4D162C1005EB30D98F931 ] Lenovo.VIRTSCRLSVC C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
11:01:07.0110 2728  Lenovo.VIRTSCRLSVC - ok
11:01:07.0140 2728  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:01:07.0150 2728  lltdio - ok
11:01:07.0180 2728  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:01:07.0180 2728  lltdsvc - ok
11:01:07.0200 2728  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:01:07.0200 2728  lmhosts - ok
11:01:07.0250 2728  [ E7859BA062DB5E23C6DD34AD66B09F50 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:01:07.0250 2728  LMS - ok
11:01:07.0270 2728  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:01:07.0280 2728  LSI_FC - ok
11:01:07.0290 2728  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:01:07.0290 2728  LSI_SAS - ok
11:01:07.0300 2728  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
11:01:07.0300 2728  LSI_SAS2 - ok
11:01:07.0320 2728  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:01:07.0320 2728  LSI_SCSI - ok
11:01:07.0340 2728  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:01:07.0340 2728  luafv - ok
11:01:07.0350 2728  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:01:07.0350 2728  Mcx2Svc - ok
11:01:07.0360 2728  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:01:07.0360 2728  megasas - ok
11:01:07.0360 2728  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
11:01:07.0370 2728  MegaSR - ok
11:01:07.0380 2728  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
11:01:07.0380 2728  MEIx64 - ok
11:01:07.0390 2728  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
11:01:07.0390 2728  MMCSS - ok
11:01:07.0400 2728  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
11:01:07.0400 2728  Modem - ok
11:01:07.0420 2728  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:01:07.0420 2728  monitor - ok
11:01:07.0430 2728  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:01:07.0440 2728  mouclass - ok
11:01:07.0460 2728  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:01:07.0460 2728  mouhid - ok
11:01:07.0480 2728  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:01:07.0480 2728  mountmgr - ok
11:01:07.0520 2728  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:01:07.0520 2728  MozillaMaintenance - ok
11:01:07.0530 2728  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:01:07.0530 2728  mpio - ok
11:01:07.0550 2728  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:01:07.0550 2728  mpsdrv - ok
11:01:07.0590 2728  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:01:07.0590 2728  MpsSvc - ok
11:01:07.0600 2728  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:01:07.0600 2728  MRxDAV - ok
11:01:07.0630 2728  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:01:07.0630 2728  mrxsmb - ok
11:01:07.0650 2728  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:01:07.0650 2728  mrxsmb10 - ok
11:01:07.0670 2728  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:01:07.0670 2728  mrxsmb20 - ok
11:01:07.0670 2728  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:01:07.0680 2728  msahci - ok
11:01:07.0680 2728  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:01:07.0680 2728  msdsm - ok
11:01:07.0700 2728  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
11:01:07.0700 2728  MSDTC - ok
11:01:07.0720 2728  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:01:07.0720 2728  Msfs - ok
11:01:07.0730 2728  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:01:07.0730 2728  mshidkmdf - ok
11:01:07.0740 2728  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:01:07.0740 2728  msisadrv - ok
11:01:07.0770 2728  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:01:07.0770 2728  MSiSCSI - ok
11:01:07.0770 2728  msiserver - ok
11:01:07.0800 2728  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:01:07.0800 2728  MSKSSRV - ok
11:01:07.0800 2728  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:01:07.0810 2728  MSPCLOCK - ok
11:01:07.0820 2728  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:01:07.0820 2728  MSPQM - ok
11:01:07.0840 2728  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:01:07.0840 2728  MsRPC - ok
11:01:07.0850 2728  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:01:07.0850 2728  mssmbios - ok
11:01:07.0860 2728  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:01:07.0860 2728  MSTEE - ok
11:01:07.0870 2728  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
11:01:07.0870 2728  MTConfig - ok
11:01:07.0870 2728  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:01:07.0870 2728  Mup - ok
11:01:07.0900 2728  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
11:01:07.0900 2728  napagent - ok
11:01:07.0930 2728  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:01:07.0930 2728  NativeWifiP - ok
11:01:07.0980 2728  [ C38B8AE57F78915905064A9A24DC1586 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:01:07.0980 2728  NDIS - ok
11:01:08.0000 2728  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:01:08.0000 2728  NdisCap - ok
11:01:08.0020 2728  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:01:08.0020 2728  NdisTapi - ok
11:01:08.0020 2728  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:01:08.0020 2728  Ndisuio - ok
11:01:08.0030 2728  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:01:08.0040 2728  NdisWan - ok
11:01:08.0050 2728  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:01:08.0050 2728  NDProxy - ok
11:01:08.0070 2728  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:01:08.0070 2728  NetBIOS - ok
11:01:08.0080 2728  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:01:08.0080 2728  NetBT - ok
11:01:08.0100 2728  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
11:01:08.0100 2728  Netlogon - ok
11:01:08.0130 2728  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
11:01:08.0130 2728  Netman - ok
11:01:08.0140 2728  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
11:01:08.0140 2728  netprofm - ok
11:01:08.0160 2728  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:01:08.0160 2728  NetTcpPortSharing - ok
11:01:08.0320 2728  [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
11:01:08.0350 2728  NETwNs64 - ok
11:01:08.0380 2728  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:01:08.0380 2728  nfrd960 - ok
11:01:08.0400 2728  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:01:08.0400 2728  NlaSvc - ok
11:01:08.0410 2728  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:01:08.0410 2728  Npfs - ok
11:01:08.0420 2728  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
11:01:08.0420 2728  nsi - ok
11:01:08.0450 2728  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:01:08.0450 2728  nsiproxy - ok
11:01:08.0490 2728  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:01:08.0500 2728  Ntfs - ok
11:01:08.0510 2728  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
11:01:08.0510 2728  Null - ok
11:01:08.0520 2728  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:01:08.0520 2728  nvraid - ok
11:01:08.0540 2728  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:01:08.0540 2728  nvstor - ok
11:01:08.0550 2728  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:01:08.0550 2728  nv_agp - ok
11:01:08.0550 2728  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:01:08.0560 2728  ohci1394 - ok
11:01:08.0570 2728  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:01:08.0580 2728  p2pimsvc - ok
11:01:08.0590 2728  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:01:08.0590 2728  p2psvc - ok
11:01:08.0600 2728  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
11:01:08.0600 2728  Parport - ok
11:01:08.0610 2728  [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:01:08.0610 2728  partmgr - ok
11:01:08.0630 2728  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:01:08.0630 2728  PcaSvc - ok
11:01:08.0640 2728  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
11:01:08.0640 2728  pci - ok
11:01:08.0650 2728  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
11:01:08.0660 2728  pciide - ok
11:01:08.0660 2728  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:01:08.0660 2728  pcmcia - ok
11:01:08.0680 2728  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:01:08.0680 2728  pcw - ok
11:01:08.0700 2728  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:01:08.0700 2728  PEAUTH - ok
11:01:08.0740 2728  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
11:01:08.0740 2728  PeerDistSvc - ok
11:01:08.0800 2728  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
11:01:08.0810 2728  PerfHost - ok
11:01:08.0850 2728  [ 52C9F4359AF4A25969B882AECC6F3BDA ] PHCORE          C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
11:01:08.0850 2728  PHCORE - ok
11:01:08.0900 2728  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
11:01:08.0920 2728  pla - ok
11:01:08.0980 2728  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:01:08.0980 2728  PlugPlay - ok
11:01:09.0000 2728  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:01:09.0000 2728  PNRPAutoReg - ok
11:01:09.0020 2728  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:01:09.0030 2728  PNRPsvc - ok
11:01:09.0060 2728  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:01:09.0060 2728  PolicyAgent - ok
11:01:09.0100 2728  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
11:01:09.0100 2728  Power - ok
11:01:09.0120 2728  [ 0BF1D6B41E4D4376BE4E4FA31D1A88C0 ] Power Manager DBC Service C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
11:01:09.0120 2728  Power Manager DBC Service - ok
11:01:09.0140 2728  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:01:09.0140 2728  PptpMiniport - ok
11:01:09.0170 2728  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
11:01:09.0170 2728  Processor - ok
11:01:09.0190 2728  [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc         C:\Windows\system32\profsvc.dll
11:01:09.0190 2728  ProfSvc - ok
11:01:09.0200 2728  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:01:09.0200 2728  ProtectedStorage - ok
11:01:09.0220 2728  [ B8035AF9CC0CCBA9A09AC0A0D9801797 ] psadd           C:\Windows\system32\DRIVERS\psadd.sys
11:01:09.0220 2728  psadd - ok
11:01:09.0250 2728  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:01:09.0250 2728  Psched - ok
11:01:09.0280 2728  [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2       C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
11:01:09.0280 2728  PSI_SVC_2 - ok
11:01:09.0300 2728  [ D20BF8B293EB90E3C4ED2F38B51948A1 ] PwmEWSvc        C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
11:01:09.0300 2728  PwmEWSvc - ok
11:01:09.0330 2728  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:01:09.0340 2728  ql2300 - ok
11:01:09.0350 2728  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:01:09.0350 2728  ql40xx - ok
11:01:09.0360 2728  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
11:01:09.0370 2728  QWAVE - ok
11:01:09.0370 2728  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:01:09.0370 2728  QWAVEdrv - ok
11:01:09.0380 2728  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:01:09.0380 2728  RasAcd - ok
11:01:09.0400 2728  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:01:09.0400 2728  RasAgileVpn - ok
11:01:09.0410 2728  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
11:01:09.0410 2728  RasAuto - ok
11:01:09.0430 2728  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:01:09.0430 2728  Rasl2tp - ok
11:01:09.0450 2728  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
11:01:09.0450 2728  RasMan - ok
11:01:09.0460 2728  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:01:09.0460 2728  RasPppoe - ok
11:01:09.0470 2728  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:01:09.0470 2728  RasSstp - ok
11:01:09.0490 2728  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:01:09.0490 2728  rdbss - ok
11:01:09.0500 2728  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:01:09.0500 2728  rdpbus - ok
11:01:09.0510 2728  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:01:09.0510 2728  RDPCDD - ok
11:01:09.0530 2728  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
11:01:09.0530 2728  RDPDR - ok
11:01:09.0550 2728  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:01:09.0550 2728  RDPENCDD - ok
11:01:09.0570 2728  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:01:09.0570 2728  RDPREFMP - ok
11:01:09.0590 2728  [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:01:09.0590 2728  RDPWD - ok
11:01:09.0600 2728  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:01:09.0610 2728  rdyboost - ok
11:01:09.0650 2728  [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:01:09.0660 2728  RegSrvc - ok
11:01:09.0700 2728  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:01:09.0700 2728  RemoteAccess - ok
11:01:09.0700 2728  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:01:09.0710 2728  RemoteRegistry - ok
11:01:09.0730 2728  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:01:09.0730 2728  RFCOMM - ok
11:01:09.0740 2728  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:01:09.0740 2728  RpcEptMapper - ok
11:01:09.0760 2728  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
11:01:09.0760 2728  RpcLocator - ok
11:01:09.0770 2728  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
11:01:09.0780 2728  RpcSs - ok
11:01:09.0810 2728  [ CA327A84085F68200452E6761F943298 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
11:01:09.0810 2728  RSPCIESTOR - ok
11:01:09.0830 2728  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:01:09.0830 2728  rspndr - ok
11:01:09.0860 2728  [ 5D63CCD46688B775382AA68EF844510C ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
11:01:09.0870 2728  RtkAudioService - ok
11:01:09.0900 2728  [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
11:01:09.0900 2728  RTL8167 - ok
11:01:09.0910 2728  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
11:01:09.0920 2728  s3cap - ok
11:01:09.0930 2728  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
11:01:09.0930 2728  SamSs - ok
11:01:09.0930 2728  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:01:09.0930 2728  sbp2port - ok
11:01:09.0960 2728  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:01:09.0960 2728  SCardSvr - ok
11:01:09.0960 2728  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:01:09.0960 2728  scfilter - ok
11:01:09.0990 2728  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
11:01:10.0000 2728  Schedule - ok
11:01:10.0020 2728  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:01:10.0020 2728  SCPolicySvc - ok
11:01:10.0030 2728  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:01:10.0030 2728  SDRSVC - ok
11:01:10.0050 2728  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:01:10.0050 2728  secdrv - ok
11:01:10.0060 2728  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
11:01:10.0060 2728  seclogon - ok
11:01:10.0070 2728  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
11:01:10.0070 2728  SENS - ok
11:01:10.0080 2728  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:01:10.0080 2728  SensrSvc - ok
11:01:10.0090 2728  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:01:10.0090 2728  Serenum - ok
11:01:10.0100 2728  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
11:01:10.0100 2728  Serial - ok
11:01:10.0120 2728  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:01:10.0120 2728  sermouse - ok
11:01:10.0150 2728  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:01:10.0150 2728  SessionEnv - ok
11:01:10.0150 2728  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:01:10.0150 2728  sffdisk - ok
11:01:10.0160 2728  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:01:10.0160 2728  sffp_mmc - ok
11:01:10.0160 2728  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:01:10.0160 2728  sffp_sd - ok
11:01:10.0160 2728  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:01:10.0170 2728  sfloppy - ok
11:01:10.0190 2728  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:01:10.0190 2728  SharedAccess - ok
11:01:10.0200 2728  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:01:10.0210 2728  ShellHWDetection - ok
11:01:10.0260 2728  [ E404D81FEE72B22F51BF806DA999B9FF ] Shockprf        C:\Windows\system32\DRIVERS\Apsx64.sys
11:01:10.0260 2728  Shockprf - ok
11:01:10.0270 2728  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
11:01:10.0270 2728  SiSRaid2 - ok
11:01:10.0270 2728  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:01:10.0270 2728  SiSRaid4 - ok
11:01:10.0420 2728  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:01:10.0430 2728  Skype C2C Service - ok
11:01:10.0490 2728  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
11:01:10.0500 2728  SkypeUpdate - ok
11:01:10.0500 2728  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:01:10.0510 2728  Smb - ok
11:01:10.0540 2728  [ C5B1A19B14F19B08AE72FCB20A3075B6 ] smihlp          C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
11:01:10.0540 2728  smihlp - ok
11:01:10.0590 2728  [ 001901F10423616CA0D4AECDCCE8B855 ] snapman380      C:\Windows\system32\DRIVERS\snman380.sys
11:01:10.0590 2728  snapman380 - ok
11:01:10.0610 2728  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:01:10.0610 2728  SNMPTRAP - ok
11:01:10.0620 2728  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:01:10.0620 2728  spldr - ok
11:01:10.0640 2728  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
11:01:10.0650 2728  Spooler - ok
11:01:10.0700 2728  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
11:01:10.0720 2728  sppsvc - ok
11:01:10.0730 2728  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:01:10.0730 2728  sppuinotify - ok
11:01:10.0750 2728  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:01:10.0760 2728  srv - ok
11:01:10.0790 2728  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:01:10.0790 2728  srv2 - ok
11:01:10.0800 2728  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:01:10.0800 2728  srvnet - ok
11:01:10.0820 2728  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:01:10.0820 2728  SSDPSRV - ok
11:01:10.0830 2728  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:01:10.0830 2728  SstpSvc - ok
11:01:10.0850 2728  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
11:01:10.0850 2728  stexstor - ok
11:01:10.0880 2728  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
11:01:10.0890 2728  stisvc - ok
11:01:10.0900 2728  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
11:01:10.0900 2728  storflt - ok
11:01:10.0920 2728  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
11:01:10.0920 2728  StorSvc - ok
11:01:10.0930 2728  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
11:01:10.0930 2728  storvsc - ok
11:01:11.0000 2728  [ 6EA2F517373771CAC5188E82617C9C0B ] SUService       C:\Program Files (x86)\Lenovo\System Update\SUService.exe
11:01:11.0000 2728  SUService - ok
11:01:11.0020 2728  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:01:11.0020 2728  swenum - ok
11:01:11.0040 2728  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
11:01:11.0050 2728  swprv - ok
11:01:11.0100 2728  [ FFDD13B42D4B106AC9FAFBB0E1F7FAA5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:01:11.0120 2728  SynTP - ok
11:01:11.0170 2728  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
11:01:11.0180 2728  SysMain - ok
11:01:11.0220 2728  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:01:11.0220 2728  TabletInputService - ok
11:01:11.0240 2728  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:01:11.0250 2728  TapiSrv - ok
11:01:11.0260 2728  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
11:01:11.0260 2728  TBS - ok
11:01:11.0340 2728  [ FC62769E7BFF2896035AEED399108162 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:01:11.0360 2728  Tcpip - ok
11:01:11.0430 2728  [ FC62769E7BFF2896035AEED399108162 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:01:11.0450 2728  TCPIP6 - ok
11:01:11.0490 2728  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:01:11.0490 2728  tcpipreg - ok
11:01:11.0500 2728  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:01:11.0500 2728  TDPIPE - ok
11:01:11.0550 2728  [ D9762122F529646563AF0B3B30918296 ] tdrpman140      C:\Windows\system32\DRIVERS\tdrpm140.sys
11:01:11.0560 2728  tdrpman140 - ok
11:01:11.0580 2728  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:01:11.0580 2728  TDTCP - ok
11:01:11.0600 2728  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:01:11.0600 2728  tdx - ok
11:01:11.0610 2728  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:01:11.0610 2728  TermDD - ok
11:01:11.0640 2728  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
11:01:11.0640 2728  TermService - ok
11:01:11.0680 2728  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
11:01:11.0680 2728  Themes - ok
11:01:11.0690 2728  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
11:01:11.0690 2728  THREADORDER - ok
11:01:11.0700 2728  [ 156EF5E1164BBA862EEE84400C7BA034 ] tifsfilter      C:\Windows\system32\DRIVERS\tifsfilt.sys
11:01:11.0700 2728  tifsfilter - ok
11:01:11.0720 2728  [ 8A474022C0465797B13A4EA7535D4C5B ] timounter       C:\Windows\system32\DRIVERS\timntr.sys
11:01:11.0730 2728  timounter - ok
11:01:11.0760 2728  [ 92B8DE0C00A2D21A4A2D43FC5F908575 ] TPDIGIMN        C:\Windows\system32\DRIVERS\ApsHM64.sys
11:01:11.0760 2728  TPDIGIMN - ok
11:01:11.0790 2728  [ 9DCB5AF2BCB68A087C6231FE086A47D6 ] TPHDEXLGSVC     C:\Windows\system32\TPHDEXLG64.exe
11:01:11.0790 2728  TPHDEXLGSVC - ok
11:01:11.0830 2728  [ 83415782D47F8064FCAFEA308ABB2246 ] TPHKLOAD        C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
11:01:11.0830 2728  TPHKLOAD - ok
11:01:11.0840 2728  [ C04BB65441913AB621C58A8BD3169B23 ] TPHKSVC         C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
11:01:11.0840 2728  TPHKSVC - ok
11:01:11.0870 2728  [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM             C:\Windows\system32\drivers\tpm.sys
11:01:11.0870 2728  TPM - ok
11:01:11.0890 2728  [ 7165B5A9B4867F64A6D6935F57D4196B ] TPPWRIF         C:\Windows\system32\drivers\Tppwr64v.sys
11:01:11.0890 2728  TPPWRIF - ok
11:01:11.0910 2728  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
11:01:11.0910 2728  TrkWks - ok
11:01:11.0950 2728  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:01:11.0950 2728  TrustedInstaller - ok
11:01:11.0970 2728  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:01:11.0980 2728  tssecsrv - ok
11:01:11.0990 2728  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:01:11.0990 2728  TsUsbFlt - ok
11:01:11.0990 2728  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
11:01:12.0000 2728  TsUsbGD - ok
11:01:12.0020 2728  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:01:12.0020 2728  tunnel - ok
11:01:12.0030 2728  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:01:12.0030 2728  uagp35 - ok
11:01:12.0050 2728  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:01:12.0050 2728  udfs - ok
11:01:12.0060 2728  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:01:12.0060 2728  UI0Detect - ok
11:01:12.0110 2728  [ BE788A747457E6916586C410EC0111E7 ] UleadBurningHelper C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
11:01:12.0110 2728  UleadBurningHelper - ok
11:01:12.0130 2728  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:01:12.0130 2728  uliagpkx - ok
11:01:12.0150 2728  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:01:12.0150 2728  umbus - ok
11:01:12.0160 2728  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
11:01:12.0160 2728  UmPass - ok
11:01:12.0180 2728  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
11:01:12.0180 2728  UmRdpService - ok
11:01:12.0280 2728  [ E91F8AFBD7FB96C94B266579D6BFA77A ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:01:12.0290 2728  UNS - ok
11:01:12.0320 2728  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
11:01:12.0320 2728  upnphost - ok
11:01:12.0380 2728  [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService     C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
11:01:12.0390 2728  UPnPService - ok
11:01:12.0410 2728  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:01:12.0420 2728  usbccgp - ok
11:01:12.0430 2728  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:01:12.0430 2728  usbcir - ok
11:01:12.0440 2728  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:01:12.0440 2728  usbehci - ok
11:01:12.0480 2728  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:01:12.0480 2728  usbhub - ok
11:01:12.0500 2728  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:01:12.0500 2728  usbohci - ok
11:01:12.0520 2728  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:01:12.0520 2728  usbprint - ok
11:01:12.0540 2728  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:01:12.0550 2728  USBSTOR - ok
11:01:12.0550 2728  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
11:01:12.0550 2728  usbuhci - ok
11:01:12.0570 2728  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:01:12.0570 2728  usbvideo - ok
11:01:12.0590 2728  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
11:01:12.0590 2728  UxSms - ok
11:01:12.0600 2728  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
11:01:12.0600 2728  VaultSvc - ok
11:01:12.0610 2728  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:01:12.0610 2728  vdrvroot - ok
11:01:12.0630 2728  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
11:01:12.0640 2728  vds - ok
11:01:12.0650 2728  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:01:12.0650 2728  vga - ok
11:01:12.0680 2728  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:01:12.0680 2728  VgaSave - ok
11:01:12.0690 2728  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:01:12.0690 2728  vhdmp - ok
11:01:12.0690 2728  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:01:12.0690 2728  viaide - ok
11:01:12.0710 2728  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
11:01:12.0710 2728  vmbus - ok
11:01:12.0720 2728  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
11:01:12.0720 2728  VMBusHID - ok
11:01:12.0730 2728  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:01:12.0730 2728  volmgr - ok
11:01:12.0750 2728  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:01:12.0750 2728  volmgrx - ok
11:01:12.0760 2728  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:01:12.0760 2728  volsnap - ok
11:01:12.0790 2728  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:01:12.0790 2728  vsmraid - ok
11:01:12.0820 2728  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
11:01:12.0830 2728  VSS - ok
11:01:12.0840 2728  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:01:12.0850 2728  vwifibus - ok
11:01:12.0850 2728  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:01:12.0850 2728  vwififlt - ok
11:01:12.0870 2728  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
11:01:12.0870 2728  W32Time - ok
11:01:12.0880 2728  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:01:12.0880 2728  WacomPen - ok
11:01:12.0900 2728  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:01:12.0900 2728  WANARP - ok
11:01:12.0900 2728  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:01:12.0900 2728  Wanarpv6 - ok
11:01:12.0970 2728  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:01:12.0980 2728  WatAdminSvc - ok
11:01:13.0030 2728  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
11:01:13.0030 2728  wbengine - ok
11:01:13.0060 2728  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:01:13.0060 2728  WbioSrvc - ok
11:01:13.0080 2728  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:01:13.0080 2728  wcncsvc - ok
11:01:13.0090 2728  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:01:13.0090 2728  WcsPlugInService - ok
11:01:13.0100 2728  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
11:01:13.0100 2728  Wd - ok
11:01:13.0120 2728  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:01:13.0120 2728  Wdf01000 - ok
11:01:13.0130 2728  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:01:13.0130 2728  WdiServiceHost - ok
11:01:13.0140 2728  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:01:13.0140 2728  WdiSystemHost - ok
11:01:13.0150 2728  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
11:01:13.0150 2728  WebClient - ok
11:01:13.0170 2728  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:01:13.0170 2728  Wecsvc - ok
11:01:13.0180 2728  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:01:13.0180 2728  wercplsupport - ok
11:01:13.0200 2728  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:01:13.0200 2728  WerSvc - ok
11:01:13.0210 2728  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:01:13.0210 2728  WfpLwf - ok
11:01:13.0220 2728  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:01:13.0220 2728  WIMMount - ok
11:01:13.0240 2728  WinDefend - ok
11:01:13.0240 2728  WinHttpAutoProxySvc - ok
11:01:13.0280 2728  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:01:13.0290 2728  Winmgmt - ok
11:01:13.0350 2728  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
11:01:13.0360 2728  WinRM - ok
11:01:13.0390 2728  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUSB.sys
11:01:13.0390 2728  WinUsb - ok
11:01:13.0410 2728  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:01:13.0420 2728  Wlansvc - ok
11:01:13.0440 2728  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:01:13.0440 2728  wlcrasvc - ok
11:01:13.0520 2728  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:01:13.0540 2728  wlidsvc - ok
11:01:13.0570 2728  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
11:01:13.0570 2728  WmiAcpi - ok
11:01:13.0590 2728  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:01:13.0590 2728  wmiApSrv - ok
11:01:13.0620 2728  WMPNetworkSvc - ok
11:01:13.0640 2728  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:01:13.0650 2728  WPCSvc - ok
11:01:13.0660 2728  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:01:13.0660 2728  WPDBusEnum - ok
11:01:13.0680 2728  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:01:13.0680 2728  ws2ifsl - ok
11:01:13.0690 2728  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
11:01:13.0700 2728  wscsvc - ok
11:01:13.0700 2728  WSearch - ok
11:01:13.0780 2728  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:01:13.0800 2728  wuauserv - ok
11:01:13.0810 2728  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:01:13.0810 2728  WudfPf - ok
11:01:13.0820 2728  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:01:13.0820 2728  WUDFRd - ok
11:01:13.0830 2728  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:01:13.0830 2728  wudfsvc - ok
11:01:13.0850 2728  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:01:13.0850 2728  WwanSvc - ok
11:01:13.0870 2728  ================ Scan global ===============================
11:01:13.0880 2728  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:01:13.0900 2728  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:01:13.0910 2728  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
11:01:13.0930 2728  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:01:13.0950 2728  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:01:13.0950 2728  [Global] - ok
11:01:13.0950 2728  ================ Scan MBR ==================================
11:01:13.0960 2728  [ 3C83718EDA6F2BC4CC0E8B0F1C0200A1 ] \Device\Harddisk0\DR0
11:01:14.0330 2728  \Device\Harddisk0\DR0 - ok
11:01:14.0330 2728  ================ Scan VBR ==================================
11:01:14.0350 2728  [ B81F8FB15778141CB83C4972119A39C2 ] \Device\Harddisk0\DR0\Partition1
11:01:14.0360 2728  \Device\Harddisk0\DR0\Partition1 - ok
11:01:14.0370 2728  [ FD2E862C5774DD0AA8464B77B48F9939 ] \Device\Harddisk0\DR0\Partition2
11:01:14.0380 2728  \Device\Harddisk0\DR0\Partition2 - ok
11:01:14.0400 2728  [ BAC542FD64C411BEE6F661425DCCAACB ] \Device\Harddisk0\DR0\Partition3
11:01:14.0400 2728  \Device\Harddisk0\DR0\Partition3 - ok
11:01:14.0420 2728  [ DBE37500E7C1E15074AD66991035B807 ] \Device\Harddisk0\DR0\Partition4
11:01:14.0430 2728  \Device\Harddisk0\DR0\Partition4 - ok
11:01:14.0460 2728  [ DA9FD0755BBFFF57B784CB07FAB4D986 ] \Device\Harddisk0\DR0\Partition5
11:01:14.0470 2728  \Device\Harddisk0\DR0\Partition5 - ok
11:01:14.0470 2728  ============================================================
11:01:14.0470 2728  Scan finished
11:01:14.0470 2728  ============================================================
11:01:14.0490 8324  Detected object count: 0
11:01:14.0490 8324  Actual detected object count: 0
11:01:19.0680 7536  Deinitialize success
         
Und hier die aswMBR.txt:
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 11:02:12
-----------------------------
11:02:12.790    OS Version: Windows x64 6.1.7601 Service Pack 1
11:02:12.790    Number of processors: 4 586 0x2A07
11:02:12.790    ComputerName: CORNELIA-THINK  UserName: Cornelia
11:02:15.420    Initialize success
11:13:11.620    AVAST engine defs: 12092000
11:22:25.176    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:22:25.176    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
11:22:25.196    Disk 0 MBR read successfully
11:22:25.196    Disk 0 MBR scan
11:22:25.226    Disk 0 unknown MBR code
11:22:25.246    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS         1500 MB offset 2048
11:22:25.266    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       100000 MB offset 3074048
11:22:25.276    Disk 0 Partition - 00     0F Extended LBA            363438 MB offset 207874048
11:22:25.306    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        12000 MB offset 952195072
11:22:25.356    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        25000 MB offset 207876096
11:22:25.366    Disk 0 Partition - 00     05     Extended            338437 MB offset 259076096
11:22:25.386    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS       338436 MB offset 259078144
11:22:25.426    Disk 0 scanning C:\Windows\system32\drivers
11:22:34.586    Service scanning
11:22:54.326    Modules scanning
11:22:54.326    Disk 0 trace - called modules:
11:22:54.376    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
11:22:54.376    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006d34060]
11:22:54.386    3 CLASSPNP.SYS[fffff8800155343f] -> nt!IofCallDriver -> [0xfffffa80044b4e40]
11:22:54.386    5 ACPI.sys[fffff88000d557a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044b3050]
11:22:57.186    AVAST engine scan C:\Windows
11:23:00.156    AVAST engine scan C:\Windows\system32
11:26:30.036    AVAST engine scan C:\Windows\system32\drivers
11:26:44.796    AVAST engine scan C:\Users\Cornelia
11:30:26.647    File: C:\Users\Cornelia\AppData\Local\Temp\{E667ADF4-0048-6307-81EC-486A3D848F02}\Addons\bcool_extension.exe  **INFECTED** Win32:BHO-AFC [Adw]
11:30:33.697    File: C:\Users\Cornelia\AppData\Roaming\9DAD.tmp  **INFECTED** Win32:Malware-gen
11:32:49.007    AVAST engine scan C:\ProgramData
11:36:14.298    Scan finished successfully
11:38:49.649    Disk 0 MBR has been saved successfully to "C:\Users\Cornelia\Desktop\MBR.dat"
11:38:49.649    The log file has been saved successfully to "C:\Users\Cornelia\Desktop\aswMBR.txt"
         


Alt 21.09.2012, 06:30   #6
Psychotic
/// Malwareteam
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte

Alt 24.09.2012, 06:33   #7
Conny_1808
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Hallo!

Hier kommt endlich die Logdatei von Combofix. :-)

Code:
ATTFilter
ComboFix 12-09-23.03 - Cornelia 24.09.2012   0:57.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3936.2510 [GMT -4:00]
ausgeführt von:: c:\users\Cornelia\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\programdata\Roaming
c:\users\Cornelia\AppData\Roaming\107D.exe
c:\users\Cornelia\AppData\Roaming\28C.tmp
c:\users\Cornelia\AppData\Roaming\2DEE.exe
c:\users\Cornelia\AppData\Roaming\3956.exe
c:\users\Cornelia\AppData\Roaming\64F3.exe
c:\users\Cornelia\AppData\Roaming\70A5.exe
c:\users\Cornelia\AppData\Roaming\930E.exe
c:\users\Cornelia\AppData\Roaming\BF05.exe
c:\users\Cornelia\AppData\Roaming\C8F.exe
c:\users\Cornelia\AppData\Roaming\CD23.tmp
c:\users\Cornelia\AppData\Roaming\F48.exe
c:\users\Cornelia\AppData\Roaming\Tlrsrl.exe
c:\windows\SysWow64\DEBUG.log
Q:\AUTORUN.INF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-24 bis 2012-09-24  ))))))))))))))))))))))))))))))
.
.
2012-09-24 05:20 . 2012-09-24 05:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-02 16:54 . 2012-09-02 16:54	--------	d-----w-	c:\users\Cornelia\AppData\Local\Facebook
2012-08-28 22:55 . 2012-08-28 22:55	--------	d-----w-	c:\users\Cornelia\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 15:58 . 2012-07-15 17:49	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A68C79FF-DBD5-4DF6-991B-676BE8A493BF}\offreg.dll
2012-08-28 22:52 . 2012-04-09 14:09	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 22:52 . 2012-01-22 20:24	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 15:07 . 2012-07-06 15:07	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-07-06 15:07 . 2012-01-21 15:20	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
"ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2012-01-21 127040]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Facebook Update"="c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-02 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-03 4378000]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-03 962480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-3 1202976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-01 426536]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-27 39464]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-08-31 31344]
S0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\DRIVERS\tdrpm140.sys [2012-01-22 1580576]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-09 23664]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-05-18 199272]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-09-21 164992]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-08-31 478056]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 37898999
*NewlyCreated* - 69128825
*NewlyCreated* - ASWMBR
*Deregistered* - 37898999
*Deregistered* - 69128825
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job
- c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-02 16:54]
.
2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job
- c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-02 16:54]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 04:35]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 04:35]
.
2012-09-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-09-23 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-11 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-11 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-03 165144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://gmusicaonline.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4
FF - ProfilePath - c:\users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cugr.de/|hxxp://www.google.de/|hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=942b238f000000000000081196ea00a0&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-Tlrsrl - c:\users\Cornelia\AppData\Roaming\Tlrsrl.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-24  02:21:03
ComboFix-quarantined-files.txt  2012-09-24 06:20
.
Vor Suchlauf: 11 Verzeichnis(se), 58.147.663.872 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 58.576.560.128 Bytes frei
.
- - End Of File - - 3257EACC773EE249BA181F9BE0896605
         
Gruß

Alt 24.09.2012, 06:44   #8
Psychotic
/// Malwareteam
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Schritt 1: CF-Script



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
FF - ProfilePath - c:\users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=942b238f000000000000081196ea00a0&q=
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.



Schritt 2: MBAM



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 24.09.2012, 19:57   #9
Conny_1808
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Hallo!

Hier kommen die ComboFix.txt
Code:
ATTFilter
ComboFix 12-09-24.01 - Cornelia 24.09.2012  12:41:48.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3936.2521 [GMT -4:00]
ausgeführt von:: c:\users\Cornelia\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Cornelia\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-24 bis 2012-09-24  ))))))))))))))))))))))))))))))
.
.
2012-09-24 16:56 . 2012-09-24 16:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-02 16:54 . 2012-09-02 16:54	--------	d-----w-	c:\users\Cornelia\AppData\Local\Facebook
2012-08-28 22:55 . 2012-08-28 22:55	--------	d-----w-	c:\users\Cornelia\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 15:58 . 2012-07-15 17:49	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A68C79FF-DBD5-4DF6-991B-676BE8A493BF}\offreg.dll
2012-08-28 22:52 . 2012-04-09 14:09	696520	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-28 22:52 . 2012-01-22 20:24	73416	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 15:07 . 2012-07-06 15:07	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-07-06 15:07 . 2012-01-21 15:20	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTT"="c:\program files\PC-Doctor\EnableToolbarW32.exe" [2011-06-27 23120]
"ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2012-01-21 127040]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Facebook Update"="c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-02 138096]
"RESTART_STICKY_NOTES"="c:\windows\system32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-08-31 1629544]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-13 4351712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-03 4378000]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-03 962480]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-12-3 1202976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [2011-07-08 144232]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2010-12-01 426536]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-27 39464]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [2011-08-31 87400]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [2011-08-31 173416]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys [2011-08-31 31344]
S0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\DRIVERS\tdrpm140.sys [2012-01-22 1580576]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys [2010-12-09 23664]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys [2010-09-07 15472]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [2011-07-08 32104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-14 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-14 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-14 465360]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2011-05-31 41320]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-05-31 59240]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 133992]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-05-18 199272]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2009-03-13 13840]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 145256]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2010-09-21 164992]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-08-31 478056]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job
- c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-02 16:54]
.
2012-09-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job
- c:\users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-02 16:54]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 04:35]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-23 04:35]
.
2012-09-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
2012-09-24 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TpShocks"="TpShocks.exe" [2010-12-09 380776]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-11 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-11 416024]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-05-31 40808]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2011-05-25 281960]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-03 165144]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://gmusicaonline.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4
FF - ProfilePath - c:\users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cugr.de/|hxxp://www.google.de/|hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=942b238f000000000000081196ea00a0&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-24  13:43:45
ComboFix-quarantined-files.txt  2012-09-24 17:43
ComboFix2.txt  2012-09-24 06:21
.
Vor Suchlauf: 14 Verzeichnis(se), 58.489.012.224 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 58.455.879.680 Bytes frei
.
- - End Of File - - 0B58D8DB9FAB1DA97BA6F14B5BD91C5F
         
und die LOGFile von Malwarbytes (das Programm hatte mir übrigens zurückgemeldet, dass es keine Funde gab):
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.24.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cornelia :: CORNELIA-THINK [Administrator]

Schutz: Aktiviert

24.09.2012 15:49:24
mbam-log-2012-09-24 (15-49-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202034
Laufzeit: 2 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Geändert von Conny_1808 (24.09.2012 um 20:14 Uhr)

Alt 25.09.2012, 09:52   #10
Psychotic
/// Malwareteam
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Scan mit adwcleaner


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 25.09.2012, 16:06   #11
Conny_1808
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Hier die txt von AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 09/25/2012 um 12:03:57 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Cornelia - CORNELIA-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Cornelia\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\Cornelia\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\Conduit
Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\ConduitEngine
Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\CT2319825
Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Ordner Gefunden : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\engine@conduit.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKU\S-1-5-21-2381052501-1893717735-1428292057-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\prefs.js

Gefunden : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gefunden : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112454&tt=06061[...]
Gefunden : user_pref("extensions.enabledAddons", "engine@conduit.com:3.3.3.2,{5384767E-00D9-40E9-B72F-9CC39D655[...]
Gefunden : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=9[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.8] : homepage = "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0",
Gefunden [l.1170] : homepage = "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0",

*************************

AdwCleaner[R1].txt - [3435 octets] - [25/09/2012 12:03:57]

########## EOF - C:\AdwCleaner[R1].txt - [3495 octets] ##########
         

Alt 26.09.2012, 06:31   #12
Psychotic
/// Malwareteam
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Schritt 1: Fix mit adwcleaner

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2: OTL


Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
  • Doppelklick auf die OTL.exe
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 27.09.2012, 04:48   #13
Conny_1808
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Guten Morgen!

Hier die File von AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.003 - Datei am 09/27/2012 um 00:30:56 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Cornelia - CORNELIA-THINK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Cornelia\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Cornelia\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\Conduit
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\ConduitEngine
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\CT2319825
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
Ordner Gelöscht : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\extensions\engine@conduit.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Cornelia\AppData\Roaming\Mozilla\Firefox\Profiles\wtjljg6x.default\prefs.js

Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112454&tt=06061[...]
Gelöscht : user_pref("extensions.enabledAddons", "engine@conduit.com:3.3.3.2,{5384767E-00D9-40E9-B72F-9CC39D655[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=KW_ss&mntrId=9[...]

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.8] : homepage = "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0",
Gelöscht [l.1170] : homepage = "hxxp://search.babylon.com/?affID=112454&tt=060612_6_&babsrc=HP_ss&mntrId=942b238f000000000000081196ea00a0",

*************************

AdwCleaner[R1].txt - [3562 octets] - [25/09/2012 12:03:57]
AdwCleaner[S1].txt - [3992 octets] - [27/09/2012 00:30:56]

########## EOF - C:\AdwCleaner[S1].txt - [4052 octets] ##########
         
Und hier kommen die beiden Logfiles des OTL-Scans.
Nr 1 - OTL.txt:
Code:
ATTFilter
OTL logfile created on: 27.09.2012 00:38:10 - Run 2
OTL by OldTimer - Version 3.2.64.0     Folder = C:\Users\Cornelia\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,47% Memory free
7,69 Gb Paging File | 5,47 Gb Available in Paging File | 71,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 53,17 Gb Free Space | 54,45% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 14,83 Gb Free Space | 60,75% Space Free | Partition Type: NTFS
Drive M: | 330,50 Gb Total Space | 69,20 Gb Free Space | 20,94% Space Free | Partition Type: NTFS
Drive Q: | 11,72 Gb Total Space | 2,26 Gb Free Space | 19,29% Space Free | Partition Type: NTFS
 
Computer Name: CORNELIA-THINK | User Name: Cornelia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Cornelia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Lenovo\AutoLock\cv210.dll ()
MOD - C:\Programme\Lenovo\AutoLock\cxcore210.dll ()
MOD - C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll ()
MOD - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
MOD - C:\Program Files (x86)\Cisco Systems\VPN Client\qt-mt335.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (PwmEWSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE (Lenovo Group Limited)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (CVPND) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (UPnPService) -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (tdrpman140) -- C:\Windows\SysNative\drivers\tdrpm140.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (tifsfilter) -- C:\Windows\SysNative\drivers\tifsfilt.sys (Acronis)
DRV:64bit: - (snapman380) -- C:\Windows\SysNative\drivers\snman380.sys (Acronis)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys ()
DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.)
DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gmusicaonline.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_deDE467
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.cugr.de/|hxxp://www.google.de/|hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
FF - prefs.js..extensions.enabledAddons: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.6
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Cornelia\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 12:14:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.17 21:33:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 12:14:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.21 11:06:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Extensions
[2012.09.27 00:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions
[2012.08.18 10:54:58 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.01.22 09:23:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.16 00:48:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.21 18:41:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default - Kopie\extensions
[2012.01.22 09:23:30 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Cornelia\AppData\Roaming\mozilla\Firefox\Profiles\wtjljg6x.default - Kopie\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.09.26 15:26:03 | 000,105,020 | ---- | M] () (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\extensions\finder@meingutscheincode.de.xpi
[2011.05.16 17:21:21 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi
[2010.09.10 05:54:17 | 000,002,354 | ---- | M] () -- C:\Users\Cornelia\AppData\Roaming\mozilla\firefox\profiles\wtjljg6x.default\searchplugins\ecosia.xml
[2012.09.07 12:14:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.07 12:14:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.07 12:14:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.09.07 12:14:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.17 21:27:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.28 20:26:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.17 21:27:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 21:27:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 21:27:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 21:27:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\Cornelia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
 
O1 HOSTS File: ([2012.09.24 01:20:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.)
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Cornelia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [LTT] C:\Programme\PC-Doctor\EnableToolbarW32.exe (PC-Doctor, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Cornelia\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0880508D-7E36-42E2-83F2-D7A2FE8C6012}: Domain = uni-tuebingen.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0880508D-7E36-42E2-83F2-D7A2FE8C6012}: NameServer = 134.2.200.1,134.2.200.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33E24BAF-9711-4E6E-86CB-541DF48FAB5D}: DhcpNameServer = 190.160.0.11 200.74.121.11 200.83.1.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.26 19:00:05 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.09.24 17:06:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.09.24 15:46:25 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Roaming\Malwarebytes
[2012.09.24 15:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.24 15:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.24 15:45:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.24 15:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.24 15:44:14 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Cornelia\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.24 13:44:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.09.24 12:41:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.09.24 11:08:39 | 004,756,479 | R--- | C] (Swearware) -- C:\Users\Cornelia\Desktop\ComboFix.exe
[2012.09.24 00:56:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.09.24 00:56:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.09.24 00:56:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.24 00:56:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.09.23 22:29:28 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\Desktop\GMER
[2012.09.22 23:55:05 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\Desktop\VideoMau
[2012.09.22 23:44:46 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{C86674A6-0B53-4B76-BA0D-ADF8D80C6B59}
[2012.09.22 23:43:57 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{87F9DB20-F009-4130-A46F-C29D3E088D0B}
[2012.09.20 10:49:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Cornelia\Desktop\aswMBR.exe
[2012.09.20 10:47:47 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cornelia\Desktop\tdsskiller.exe
[2012.09.19 21:56:33 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe
[2012.09.07 12:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.09.02 12:54:28 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\Facebook
[2012.08.30 10:52:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012.08.30 10:50:58 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.08.29 12:52:52 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{48E1F8FF-1C7B-4A56-9CED-376BB26251A2}
[2012.08.28 22:01:07 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\{349B95A0-1296-4E8D-A8F8-FDE0E8F47A6B}
[2012.08.28 18:55:14 | 000,000,000 | ---D | C] -- C:\Users\Cornelia\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.27 00:40:09 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 00:40:09 | 000,031,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 00:37:59 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.27 00:37:59 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.27 00:37:59 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.27 00:37:59 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.27 00:37:59 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.27 00:32:51 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.27 00:32:31 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012.09.27 00:32:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.27 00:32:24 | 3095,773,184 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.27 00:17:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.26 21:59:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job
[2012.09.26 12:59:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job
[2012.09.25 12:03:21 | 000,513,501 | ---- | M] () -- C:\Users\Cornelia\Desktop\adwcleaner.exe
[2012.09.24 15:45:59 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 15:44:57 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Cornelia\Desktop\mbam-setup-1.65.0.1400.exe
[2012.09.24 11:10:01 | 004,756,479 | R--- | M] (Swearware) -- C:\Users\Cornelia\Desktop\ComboFix.exe
[2012.09.24 01:20:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.09.23 23:09:20 | 014,553,967 | ---- | M] () -- C:\Users\Cornelia\Desktop\AVSUPINF.ZIP
[2012.09.23 22:52:02 | 000,131,030 | ---- | M] () -- C:\Users\Cornelia\Desktop\Tlrsrl.zip
[2012.09.23 22:43:58 | 000,600,864 | ---- | M] () -- C:\Users\Cornelia\Desktop\avira_support_collector_de.exe
[2012.09.23 22:28:33 | 000,294,245 | ---- | M] () -- C:\Users\Cornelia\Desktop\GMER.zip
[2012.09.20 11:38:49 | 000,000,512 | ---- | M] () -- C:\Users\Cornelia\Desktop\MBR.dat
[2012.09.20 10:50:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Cornelia\Desktop\aswMBR.exe
[2012.09.20 10:48:48 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cornelia\Desktop\tdsskiller.exe
[2012.09.19 23:03:26 | 000,016,851 | ---- | M] () -- C:\Users\Cornelia\Desktop\Logfiles.zip
[2012.09.19 21:56:35 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Cornelia\Desktop\OTL.exe
[2012.09.19 21:55:09 | 000,000,000 | ---- | M] () -- C:\Users\Cornelia\defogger_reenable
[2012.09.19 21:51:49 | 000,050,477 | ---- | M] () -- C:\Users\Cornelia\Desktop\Defogger.exe
[2012.09.19 21:28:36 | 000,775,620 | ---- | M] () -- C:\Users\Cornelia\Desktop\Virenfunde_1.jpg
[2012.09.16 13:29:42 | 594,592,768 | ---- | M] () -- C:\Users\Cornelia\Desktop\Raphaels Audiodatei von EK-Projekt-Aufnahmegerät.WAV
[2012.09.12 10:36:23 | 000,006,656 | ---- | M] () -- C:\Users\Cornelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.06 13:37:58 | 000,002,133 | ---- | M] () -- C:\Users\Cornelia\.recently-used.xbel
[2012.09.03 12:30:07 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.09.03 12:29:58 | 000,361,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.30 10:50:58 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.08.28 18:52:39 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.28 18:52:39 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2012.09.25 12:03:18 | 000,513,501 | ---- | C] () -- C:\Users\Cornelia\Desktop\adwcleaner.exe
[2012.09.24 15:45:59 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.24 00:56:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.09.24 00:56:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.09.24 00:56:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.09.24 00:56:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.09.24 00:56:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.09.23 23:09:20 | 014,553,967 | ---- | C] () -- C:\Users\Cornelia\Desktop\AVSUPINF.ZIP
[2012.09.23 22:52:02 | 000,131,030 | ---- | C] () -- C:\Users\Cornelia\Desktop\Tlrsrl.zip
[2012.09.23 22:43:55 | 000,600,864 | ---- | C] () -- C:\Users\Cornelia\Desktop\avira_support_collector_de.exe
[2012.09.23 22:28:27 | 000,294,245 | ---- | C] () -- C:\Users\Cornelia\Desktop\GMER.zip
[2012.09.20 11:38:49 | 000,000,512 | ---- | C] () -- C:\Users\Cornelia\Desktop\MBR.dat
[2012.09.19 23:03:26 | 000,016,851 | ---- | C] () -- C:\Users\Cornelia\Desktop\Logfiles.zip
[2012.09.19 21:55:09 | 000,000,000 | ---- | C] () -- C:\Users\Cornelia\defogger_reenable
[2012.09.19 21:51:49 | 000,050,477 | ---- | C] () -- C:\Users\Cornelia\Desktop\Defogger.exe
[2012.09.19 21:28:36 | 000,775,620 | ---- | C] () -- C:\Users\Cornelia\Desktop\Virenfunde_1.jpg
[2012.09.16 12:22:38 | 594,592,768 | ---- | C] () -- C:\Users\Cornelia\Desktop\Raphaels Audiodatei von EK-Projekt-Aufnahmegerät.WAV
[2012.09.06 13:37:58 | 000,002,133 | ---- | C] () -- C:\Users\Cornelia\.recently-used.xbel
[2012.09.02 12:54:32 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000UA.job
[2012.09.02 12:54:32 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2381052501-1893717735-1428292057-1000Core.job
[2012.08.30 10:50:58 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.lnk
[2012.04.11 17:04:58 | 000,000,698 | ---- | C] () -- C:\Users\Cornelia\.ufrawrc
[2012.04.10 23:53:03 | 000,006,656 | ---- | C] () -- C:\Users\Cornelia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.04 13:50:20 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.01.23 13:16:27 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.12.23 08:54:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.12.23 00:24:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.12.23 00:24:40 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.12.23 00:24:40 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.12.23 00:24:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.12.23 00:24:40 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

< End of report >
         
Nr 2 - Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 27.09.2012 00:38:10 - Run 2
OTL by OldTimer - Version 3.2.64.0     Folder = C:\Users\Cornelia\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,84 Gb Total Physical Memory | 1,86 Gb Available Physical Memory | 48,47% Memory free
7,69 Gb Paging File | 5,47 Gb Available in Paging File | 71,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 53,17 Gb Free Space | 54,45% Space Free | Partition Type: NTFS
Drive D: | 24,41 Gb Total Space | 14,83 Gb Free Space | 60,75% Space Free | Partition Type: NTFS
Drive M: | 330,50 Gb Total Space | 69,20 Gb Free Space | 20,94% Space Free | Partition Type: NTFS
Drive Q: | 11,72 Gb Total Space | 2,26 Gb Free Space | 19,29% Space Free | Partition Type: NTFS
 
Computer Name: CORNELIA-THINK | User Name: Cornelia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E457AF-2F86-492D-B585-569D227AE6AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0989B5BE-2250-4F2B-B051-AB8C0539DF47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{116A4885-4D20-4D32-B329-F89EBC08F1B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{121B6EAD-1B87-4869-ACB0-ABAB66C1B1A0}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{26733762-646B-4970-95D4-F07EFE2B17AE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{42453629-3674-4105-955A-DF54EBE64B32}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4A04191C-1520-499C-80FD-DE8066A844B4}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{65A4C20E-E1A7-400E-A184-0CC824ECD4DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72B3D077-05AC-491C-8AA0-8DD95E3C04B0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{746A8080-3E59-4E10-BC34-9263934A973F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7F704ECD-03F3-4973-8611-60A0EBADF9CB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{806A087C-5597-45E0-A1A7-B3C13DAFD199}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{8BC766B9-3A70-4EF4-8B9C-FCADACFCFC3D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8DFBDF3C-A8A6-474A-8500-239E48AFFE6F}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{929FBF82-26A6-4DDA-9ACC-6ED89C131FB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9B3F2546-FA21-4618-8D61-332273D0D678}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AA0AE140-A8BE-4AAF-B056-7E76E3852FF9}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{B3B74164-73CD-468A-8E15-866C5686DA9B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B58A5564-140A-4DC5-82C3-0DD946A36139}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{BE744D2E-BFED-4770-8275-DDEC92066000}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C851E316-08E7-458D-93B9-0AC558986FFB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C968CDD9-DD9F-4DEB-8EB7-02EB563F654D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EB35478E-320D-45B4-9DA9-04875B153478}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F571D193-031E-4093-9E61-8FA4BB1EB2C1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004D01E0-89DE-4408-8377-C835433BD3DD}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{01CC34D1-8538-4C7F-B4BE-7768B07DA93E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe | 
"{0C5B4376-EC33-45D8-AB3D-961D8FFF2B67}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | 
"{2DD0E60B-2425-47CF-A3B7-AC829B8C5E85}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{320D1B4B-84E0-4BC3-9367-78F486197CF9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3380C042-6AE7-4B02-B834-5C45E8166CDD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{3DD6ABDB-94E8-4822-B7F9-2D9E7D22852C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4B482E16-0750-4BE8-AAD1-01AEF24E1276}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54C2D9E9-3F15-49E6-97BE-7FB5F057F0B5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\magix shared\upnpservice\upnpservice.exe | 
"{73646F3E-E9DF-441A-A750-DD85102841CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8040D42A-0E60-45F4-AFAE-EEBC8B907DAB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{87CE04CC-A0EF-4429-90CC-0D0026D7E5EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8D857ACC-8158-4E7B-BE12-7CF8D9BC8F2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8DC75D03-B660-4944-B25E-C21D19859FD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8F755E63-1FE7-4870-B124-824D5BB6CB91}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{92AA014D-E7CA-42FE-8167-D7A856B58AE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{963D32B8-96F9-46AB-B34D-DFFFE768B1C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9F3128F0-D7C8-442C-87F0-486C97F1BD36}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{A1735CFD-45A2-4230-8480-91CAC5CDB967}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{A555D386-9699-4D10-9836-FED03EC8886E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{AFEC3BD9-1C25-46A0-8FD8-B9B52464E418}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B816811E-BA40-42B5-9C9C-EF2862246A43}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{BFDA7A78-0CC7-4124-8DF2-5AED77284E32}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{CC10969E-978B-40D4-A131-5C4B217F6EDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CF94B830-984F-4861-8D3B-C8C28A5E3D4F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D980223B-15A5-481A-8CED-08F0DD940F18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DF25673C-2B43-474A-9487-B2D667957E7C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{E7022AB1-359C-4643-911D-0A330F4398DB}" = protocol=6 | dir=out | app=system | 
"{FB4256F5-4813-4404-A390-653235935AFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{FC199175-7DC9-422D-97FA-A7912C40EFF7}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"TCP Query User{32C48A3C-DD47-4F5E-8846-47DEFEB9FAF2}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
"UDP Query User{00EEAE3F-B337-4473-9466-9FD680AFEBBB}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi-Software
"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5E2652DF-743F-482B-A593-C95F431A5769}" = RapidBoot
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1" = ThinkVantage AutoLock
"{EFC9FE7C-ECE8-4282-8F77-FEDCAD374C77}" = Lenovo SimpleTap
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"466E9B20D871055D6D3CDA2CDD1D355E978A61AF" = Windows-Treiberpaket - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11)
"95D0E47871170F0763151CFD697BBAB47A5794F7" = Windows-Treiberpaket - Intel (iaStor) hdc  (04/26/2011 10.5.0.1026)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"DDD8A532E361E9A878EBEF69C338B306810DF059" = Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0)
"DisableAMTPopup" = Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7
"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
"Karteikasten .Net_is1" = Karteikasten 2.3.1
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2CA6F37-1602-4823-81B5-0384B6888AA6}" = Integrated Camera Driver Installer Package Ver.1.1.0.1132
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB3B7C24-30A1-4961-8039-94919F5ED2EE}" = Noiseware Community Edition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4911E92-A059-4901-8AB3-8638B6D96456}_is1" = Groovedown Version 0.84
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F2672232-FF17-4DC9-8F24-A1E1829FE086}" = BisonCam Twain Pro
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ahnenblatt_is1" = Ahnenblatt 2.69
"Any Video Converter_is1" = Any Video Converter 3.3.5
"Avira AntiVir Desktop" = Avira Antivirus Premium 2012
"FileZilla Client" = FileZilla Client 3.5.3
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Studio_is1" = Free Studio version 5.3.3
"Google Chrome" = Google Chrome
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"IrfanView" = IrfanView (remove only)
"Lenovo Welcome_is1" = Lenovo Welcome
"MAGIX Fotos auf CD & DVD 6.5 D" = MAGIX Fotos auf CD & DVD 6.5 6.5.0.21 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nvu_is1" = Nvu 1.0
"ProInst" = Intel PROSet Wireless
"UFRaw_is1" = UFRaw 0.18
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.07.2012 19:58:19 | Computer Name = Cornelia-THINK | Source = PC-Doctor | ID = 1
Description = (23484) Asapi: (19:58:19:5960)(23484) S3LogPusherPlugin.Helper - Error
 -- 340 Unable to storage the test log to medium 
 
Error - 02.07.2012 17:29:56 | Computer Name = Cornelia-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.9.0.123, Zeitstempel:
 0x4fce1530  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x1100  Startzeit der fehlerhaften Anwendung: 0x01cd523e94d43855  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 1139b4c4-c48d-11e1-b3cf-047d7b3145ea
 
Error - 03.07.2012 18:10:36 | Computer Name = Cornelia-THINK | Source = PC-Doctor | ID = 1
Description = (25768) Asapi: (18:10:36:0580)(25768) S3LogPusherPlugin.Helper - Error
 -- 340 Unable to storage the test log to medium 
 
Error - 04.07.2012 11:22:50 | Computer Name = Cornelia-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.07.2012 19:52:31 | Computer Name = Cornelia-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.10.0.114, Zeitstempel:
 0x4fd0ef26  Name des fehlerhaften Moduls: 5U877.ax, Version: 1.1.0.1132, Zeitstempel:
 0x4c9875c5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000374c  ID des fehlerhaften Prozesses:
 0x1b40  Startzeit der fehlerhaften Anwendung: 0x01cd59f9ee6a7166  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\5U877.ax  Berichtskennung: 7bd98108-c6fc-11e1-a976-047d7b3145ea
 
Error - 05.07.2012 20:59:29 | Computer Name = Cornelia-THINK | Source = PC-Doctor | ID = 1
Description = (6876) Asapi: (20:59:29:0050)(6876) S3LogPusherPlugin.Helper - Error
 -- 340 Unable to storage the test log to medium 
 
Error - 09.07.2012 10:51:31 | Computer Name = Cornelia-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.10.0.114, Zeitstempel:
 0x4fd0ef26  Name des fehlerhaften Moduls: 5U877.ax, Version: 1.1.0.1132, Zeitstempel:
 0x4c9875c5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00009297  ID des fehlerhaften Prozesses:
 0x24d8  Startzeit der fehlerhaften Anwendung: 0x01cd5b0945d66098  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\5U877.ax  Berichtskennung: 9160bf91-c9d5-11e1-a976-047d7b3145ea
 
Error - 10.07.2012 18:26:49 | Computer Name = Cornelia-THINK | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.07.2012 21:34:34 | Computer Name = Cornelia-THINK | Source = PC-Doctor | ID = 1
Description = (5628) Asapi: (21:34:34:5730)(5628) S3LogPusherPlugin.Helper - Error
 -- 340 Unable to storage the test log to medium 
 
Error - 15.07.2012 15:13:03 | Computer Name = Cornelia-THINK | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.10.0.115, Zeitstempel:
 0x4ff2e373  Name des fehlerhaften Moduls: 5U877.ax, Version: 1.1.0.1132, Zeitstempel:
 0x4c9875c5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000373b  ID des fehlerhaften Prozesses:
 0x186c  Startzeit der fehlerhaften Anwendung: 0x01cd5f6fa763ce76  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Skype\Phone\Skype.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\5U877.ax  Berichtskennung: 1956de29-ceb1-11e1-83a4-047d7b3145ea
 
Error - 15.07.2012 16:00:24 | Computer Name = Cornelia-THINK | Source = PC-Doctor | ID = 1
Description = (15792) Asapi: (16:00:24:0740)(15792) S3LogPusherPlugin.Helper - Error
 -- 340 Unable to storage the test log to medium 
 
[ Lenovo-Message Center Plus/Admin Events ]
Error - 31.01.2012 05:53:52 | Computer Name = Cornelia-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (401) Nicht autorisiert.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (401) Nicht
 autorisiert.
 
Error - 01.02.2012 19:04:40 | Computer Name = Cornelia-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Der Remoteserver hat einen Fehler zurückgegeben: (401) Nicht autorisiert.
 -> Exception message: Der Remoteserver hat einen Fehler zurückgegeben: (401) Nicht
 autorisiert.
 
Error - 20.09.2012 09:59:28 | Computer Name = Cornelia-THINK | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
 does not have a Lenovo Digital Signature. The file will be deleted
 
[ System Events ]
Error - 12.08.2012 16:27:20 | Computer Name = Cornelia-THINK | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 16.08.2012 09:58:16 | Computer Name = Cornelia-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 17.08.2012 11:44:58 | Computer Name = Cornelia-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 19.08.2012 10:36:01 | Computer Name = Cornelia-THINK | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 19.08.2012 12:13:07 | Computer Name = Cornelia-THINK | Source = Schannel | ID = 36887
Description = Es wurde eine schwerwiegende Warnung empfangen: 80.
 
Error - 21.08.2012 10:04:17 | Computer Name = Cornelia-THINK | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 23.08.2012 23:38:33 | Computer Name = Cornelia-THINK | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.0.104  registriert werden. Der Computer mit IP-Adresse 192.168.0.107
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 24.08.2012 10:42:43 | Computer Name = Cornelia-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst eventlog erreicht.
 
Error - 26.08.2012 10:46:01 | Computer Name = Cornelia-THINK | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 29.08.2012 16:39:09 | Computer Name = Cornelia-THINK | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?08.?2012 um 16:36:15 unerwartet heruntergefahren.
 
 
< End of report >
         
Danke!

Alt 27.09.2012, 11:56   #14
Psychotic
/// Malwareteam
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Macht dein Rechner noch Probleme?
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 27.09.2012, 12:50   #15
Conny_1808
 
WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Standard

WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte



Hallo!
Nein, es sieht gut aus. Er öffnet keine komischen Programme mehr beim Hochfahren und im Verzeichnis AppData\Roaming ist auch nichts mehr zu sehen.
Ebenso findet auch mein Avira AntiVirus absolut nichts mehr.

VIELEN DANK schon mal!

Allerdings hab ich mich natürlich noch nicht getraut, die externe Festplatte wieder anzuschließen. ;-)

Grüße!!!

Antwort

Themen zu WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte
antivirus, avg, avira, bho, computer, converter, fehlermeldung, festplatte, firefox, google, home, internet, lenovo, logfile, mozilla, mp3, plug-in, problem, prozesse, pwmtr64v.dll, realtek, registry, rundll, search the web, software, virus, windows, worm.dorkbot, wurm, übertragung




Ähnliche Themen: WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte


  1. Virusbefall auf externer Festplatte und nun auf dem Notebook?
    Log-Analyse und Auswertung - 11.08.2015 (36)
  2. keine Internetconnektivität nach Anschluss externer Festplatte und gleichzeitiger Software-Installation auf neuem win7-rechner
    Plagegeister aller Art und deren Bekämpfung - 03.01.2015 (15)
  3. Win 7, Zonealarm findet Trojan-Spy.Win32.VB.qu und Worm.Win32.VB.fp auf externer Festplatte
    Plagegeister aller Art und deren Bekämpfung - 02.03.2014 (9)
  4. Avira Antivir findet WORM/Dorkbot.I.388
    Log-Analyse und Auswertung - 01.11.2012 (13)
  5. Worm.Dorkbot ; Malware.Trace ; Stolen.Data was ist damit zu tun?
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (3)
  6. WORM/Dorkbot.A.894 auf externen Laufwerken
    Plagegeister aller Art und deren Bekämpfung - 10.10.2012 (4)
  7. Daten auf Externer Festplatte durch Virus unsichtbar
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (6)
  8. WORM/Dorkbot.A.2325
    Log-Analyse und Auswertung - 22.09.2012 (1)
  9. Archivbomben auf externer Festplatte durch Avast gemeldet
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (12)
  10. WORM/Kido.IX und WORM/Confick.164228 auf externer Festplatte
    Log-Analyse und Auswertung - 03.06.2012 (16)
  11. Vista Home Premium friert ein bei Anschluss externer Festplatte
    Alles rund um Windows - 18.02.2012 (0)
  12. USB-Fuckup nach Anschluss externer Festplatte
    Alles rund um Windows - 22.11.2011 (10)
  13. Dorkbot.D Worm - Dateien auf USB-Stick nur noch Verknüpfungen
    Log-Analyse und Auswertung - 16.10.2011 (27)
  14. Gefahr für Mac durch Trojaner/Malware auf externer Festplatte?
    Alles rund um Mac OSX & Linux - 07.04.2011 (39)
  15. "WORM/Conficker.AK" & "WORM/Kido.IH.40" nach USB-Stick-Anschluss durch AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (28)
  16. Daten von verseuchtem Vista-Notebook vor Neuaufsetzen mittels externer Festplatte retten - aber wie?
    Plagegeister aller Art und deren Bekämpfung - 02.08.2010 (19)
  17. autorun.inf auf externer Festplatte (WORM/Kido.IX)
    Plagegeister aller Art und deren Bekämpfung - 11.12.2009 (2)

Zum Thema WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte - Hallo zusammen! Toll, dass es dieses Board gibt! Ich hoffe, dass ich mit eurer Hilfe mein Notebook "putzen" kann. Über meine externe Festplatte, die ich zur Datenübertragung an einen anderen - WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte...
Archiv
Du betrachtest: WORM/Dorkbot.A.893 auf dem Notebook durch Anschluss von externer Festplatte auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.