| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GData Boot CD findet Win32: Gremo und andere in .vhd / .vdi - DateienWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.10.2012, 21:48
| #1 |
| |  GData Boot CD findet Win32: Gremo und andere in .vhd / .vdi - Dateien Hallo, meine Geschichte der Reihe nach: 1. Ich bin GData Internet Security 2013 - Nutzer und habe vorgestern aus Neugier und um sicherzugehen, dass alles in Ordnung ist (habe keine direkten Anzeichen für Viren etc., bin halt vllt. etwas übervorsichtig), den Boot Scan der GData - Installations-CD ausprobiert. Nachdem ich es endlich geschafft hatte, die CD Upzudaten und den Scan zu starten, hat er mir in meinem Windows-Systemabbild einen Win32:Gremo gefunden. Ich habe leider kein Log von diesem Scan. 2. Ich habe mich gestern dem Problem nochmals angenommen. Dabei habe ich bemerkt, dass der Scan nach jedem Virusfund anhält, fragt, was er machen soll, und, unabhängig, was man auswählt, danach einfach nicht mehr weiterscant. Jedoch konnte ich dadurch ein Log des Virusfundes aufzeichnen: Code:
ATTFilter Virenprüfung mit G Data AntiVirus
Version 10.0 (02.02.2011)
Virensignaturen vom 10.10.2012
Startzeit: 10.10.2012 17:35
Engine(s): EngineA (AVA 22.6380) EngineB (AVB 22.1182)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
Prüfe Systembereiche....
Prüfung folgender Verzeichnisse und Dateien:
/mnt/
Objekt: c099986d-9a9d-11e1-816f-806e6f6e6963.vhd
Pfad: /mnt/F:/WindowsImageBackup/Lenovo-PC/Backup 2012-08-22 095349
Status: Virus gefunden
Virus: Win32:Gremo
Objekt:
Pfad: /mnt/F:/WindowsImageBackup/Lenovo-PC/Catalog/GlobalCatalog
Status:
Virus:
Analyse vorzeitig abgebrochen: 10.10.2012 18:12
216 Dateien geprüft
1 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
/mnt/F:/ ist meine zweite Partition D: neben /mnt/D:/ = C: /mnt/C:/ könnte die SYSTEM_DRV sein und /mnt/E:/ könnte die OEM-Partition sein (kommt später noch) Ich habe den Scan abgebrochen, da er nicht mehr weiterlief, steht auch hier: www.rokop-security.de/index.php?showtopic=22015&st=0&p=355140&#entry355140 . 3. In meiner Panik habe ich das Internet durchsucht, bin auf dieses Board gestoßen und habe mir OTL geholt und ausgeführt: OTL.txt: Code:
ATTFilter OTL logfile created on: 10.10.2012 20:41:56 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Normal\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 71,56% Memory free 15,93 Gb Paging File | 13,38 Gb Available in Paging File | 84,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 454,89 Gb Total Space | 252,58 Gb Free Space | 55,52% Space Free | Partition Type: NTFS Drive D: | 451,35 Gb Total Space | 363,38 Gb Free Space | 80,51% Space Free | Partition Type: NTFS Computer Name: LENOVO-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.10 19:13:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Normal\Downloads\OTL.exe PRC - [2012.09.17 05:24:09 | 000,995,352 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2012.08.23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2012.01.27 06:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2011.12.20 10:43:44 | 000,712,192 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Control Switch\LitModeSwitch.exe PRC - [2011.12.16 09:47:34 | 000,199,264 | ---- | M] (1206 Lab) -- C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe PRC - [2011.12.16 09:47:28 | 001,260,128 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe PRC - [2011.12.16 06:37:30 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.12.16 06:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2011.12.16 06:37:18 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2011.12.16 06:37:10 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2011.12.08 19:36:20 | 002,688,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpressServer.exe PRC - [2011.12.04 20:14:28 | 000,291,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.11.07 12:24:22 | 000,101,888 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Control Switch\LitModeCtrl.exe PRC - [2011.11.04 17:39:56 | 000,037,888 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Power Control Switch\LenovoCOMSvc.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.06.08 08:41:42 | 000,118,784 | ---- | M] (Lenovo) -- C:\Windows\jmesoft\hotkey.exe PRC - [2011.05.25 14:09:30 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe PRC - [2011.05.17 13:54:44 | 000,024,576 | ---- | M] () -- C:\Windows\jmesoft\JME_LOAD.exe PRC - [2011.03.15 20:47:40 | 000,032,768 | ---- | M] () -- C:\Windows\jmesoft\Service.exe PRC - [2009.12.04 16:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2012.07.15 21:20:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.07.15 21:20:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.07.15 21:20:13 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll MOD - [2012.07.15 21:20:12 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll MOD - [2012.07.15 21:20:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.07.15 21:20:06 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.07.15 21:19:45 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.07.15 21:19:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.07.15 21:19:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.07.15 21:19:39 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.05.11 00:23:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.12.16 09:47:38 | 000,031,328 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Rapidboot\FBServiceps.dll MOD - [2011.05.25 14:09:30 | 000,049,152 | ---- | M] () -- C:\Windows\SysWOW64\UMonit.exe MOD - [2011.05.17 14:53:20 | 001,031,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\Language\DEU\P2GRC.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.12.04 17:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll MOD - [2009.12.04 17:00:00 | 000,144,680 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLVistaAudioMixer.dll MOD - [2009.12.04 16:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.02.14 17:12:10 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.10.10 19:12:27 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.06 04:14:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.30 05:06:18 | 002,011,568 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2012.08.23 15:46:06 | 001,542,680 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2012.07.25 10:46:44 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2012.07.25 10:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.07.20 14:00:51 | 002,635,776 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- D:\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service) SRV - [2012.06.04 11:50:20 | 001,766,464 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2011.12.16 09:47:34 | 000,199,264 | ---- | M] (1206 Lab) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe -- (FastbootService) SRV - [2011.12.16 06:37:30 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011.12.16 06:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2011.12.16 06:37:18 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2011.12.16 06:37:10 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2011.12.08 16:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.11.07 12:24:22 | 000,101,888 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Programme\Lenovo\Power Control Switch\LitModeCtrl.exe -- (LitModeCtrl) SRV - [2011.11.04 17:39:56 | 000,037,888 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Power Control Switch\LenovoCOMSvc.exe -- (LenovoCOMSvc) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.15 20:47:40 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\jmesoft\Service.exe -- (JME Keyboard) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.26 19:37:01 | 000,060,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2012.09.25 19:34:31 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.09.25 19:34:31 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.09.25 19:34:31 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.09.20 20:31:36 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD) DRV:64bit: - [2012.09.20 20:29:06 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.09.20 20:17:49 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon) DRV:64bit: - [2012.09.07 17:38:22 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012.08.06 14:55:38 | 000,878,696 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.05.11 00:31:26 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.05.11 00:31:26 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.14 21:05:24 | 010,493,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.02.14 16:34:46 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.12.04 20:13:24 | 000,785,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2011.12.04 20:13:24 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2011.12.04 20:13:24 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.18 07:50:02 | 000,058,368 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GeneStor.sys -- (GeneStor) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.07.21 14:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2010.09.16 17:02:59 | 000,045,664 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- D:\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys -- (TelekomNM6) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LEND IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {906305f7-aafc-45e9-8bbd-941950a84dad}:1.1.11215.1124 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: https-everywhere@eff.org:2.0.3 FF - prefs.js..extensions.enabledAddons: trackerblock@privacychoice.org:2.2 FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.10 19:13:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.19 22:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions [2012.10.10 19:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\z0hcw6oc.default\extensions [2012.10.10 19:18:10 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\z0hcw6oc.default\extensions\firefox@ghostery.com [2012.10.10 19:18:11 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\z0hcw6oc.default\extensions\https-everywhere@eff.org [2012.10.10 19:18:11 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\z0hcw6oc.default\extensions\trackerblock@privacychoice.org.xpi [2012.10.10 19:18:11 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\z0hcw6oc.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi [2012.10.10 19:18:11 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\z0hcw6oc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.10.10 19:15:15 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\z0hcw6oc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.10 19:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.25 19:34:31 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2012.10.06 04:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.06 05:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.06 05:22:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.06 05:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.06 05:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.06 05:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.06 05:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND CHR - default_search_provider: Bing (Enabled) CHR - default_search_provider: search_url = hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: SiteAdvisor = C:\Users\Daniel\AppData\Local\jGoogle\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.1_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UMonit] C:\Windows\SysWOW64\UMonit.exe () O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\Rapidboot\FBConsole.exe (Lenovo) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe (Lenovo) O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\Power Control Switch\LitModeSwitch.exe (Lenovo) O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_Plugin.exe -update plugin File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data] O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{091960D9-1195-42D0-9EC2-32B603D6F85A}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\sacore - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.10 00:23:35 | 000,000,000 | ---D | C] -- C:\gdbootcd [2012.10.08 22:31:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2012.10.08 22:31:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Canon [2012.10.08 22:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup [2012.10.08 22:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5100 series Benutzerregistrierung [2012.10.08 22:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2012.10.08 22:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2012.10.08 22:23:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2012.10.08 22:23:42 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2012.10.08 22:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5100 series [2012.10.08 22:22:31 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2012.10.08 22:08:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV [2012.10.08 22:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5100 series Manual [2012.10.08 22:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2012.10.04 18:26:36 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Wireshark [2012.10.04 18:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2012.10.04 18:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2012.10.04 18:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark [2012.10.01 22:58:29 | 000,027,388 | ---- | C] (Immersion Corporation) -- C:\Windows\SysWow64\drivers\ihidfilt.sys [2012.10.01 22:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Logitech [2012.10.01 22:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.10.01 22:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2012.10.01 20:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer [2012.10.01 20:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Packet Tracer 5.3.3 [2012.09.30 20:13:42 | 000,000,000 | ---D | C] -- C:\Alte FP [2012.09.25 21:54:55 | 000,000,000 | ---D | C] -- C:\Windows Isos [2012.09.25 20:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.09.25 20:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.09.25 20:27:36 | 000,000,000 | ---D | C] -- C:\AMD [2012.09.24 23:49:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Microsoft Game Studios [2012.09.24 23:06:08 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Flight Simulator X-Dateien [2012.09.24 23:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2012.09.24 23:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games [2012.09.24 22:19:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games [2012.09.24 21:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iometer.org [2012.09.23 20:15:29 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\pdfforge [2012.09.23 20:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.09.23 20:15:25 | 000,096,768 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.09.23 20:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.09.20 20:31:38 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys [2012.09.20 20:31:36 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2012.09.20 20:28:58 | 000,010,792 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll [2012.09.20 20:18:28 | 000,060,320 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012.09.20 20:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity [2012.09.20 20:17:50 | 000,126,880 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012.09.20 20:17:50 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2012.09.20 20:17:49 | 000,064,416 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012.09.20 20:17:49 | 000,054,176 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012.09.20 20:17:49 | 000,031,448 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys [2012.09.20 20:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA [2012.09.20 20:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\G Data [2012.09.20 20:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data [2012.09.20 20:16:27 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Downloaded Installations [2012.09.20 19:59:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Mcafee deinstallieren und entfernen-Dateien [2012.09.20 16:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StoppUhr [2012.09.19 22:03:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Mozilla [2012.09.19 20:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.09.19 20:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.09.17 22:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2012.09.12 22:55:12 | 000,000,000 | ---D | C] -- C:\Lenovo-Sicherung [2012.09.11 23:11:33 | 001,707,520 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe [2012.07.15 20:37:34 | 001,178,624 | ---- | C] (CPUID) -- C:\Users\Daniel\AppData\Roaming\siw_sdk.dll ========== Files - Modified Within 30 Days ========== [2012.10.10 20:42:32 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 20:42:32 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.10 20:35:17 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.10.10 20:35:13 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.10 20:35:04 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012.10.10 20:35:00 | 2118,316,031 | -HS- | M] () -- C:\hiberfil.sys [2012.10.10 19:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.10 19:13:43 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.10.10 19:11:43 | 000,000,000 | ---- | M] () -- C:\Users\Daniel\defogger_reenable [2012.10.10 18:51:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.10 18:46:46 | 000,820,642 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2012.10.10 18:46:46 | 000,044,794 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2012.10.09 19:43:56 | 000,007,611 | ---- | M] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg [2012.10.09 18:57:08 | 001,178,624 | ---- | M] (CPUID) -- C:\Users\Daniel\AppData\Roaming\siw_sdk.dll [2012.10.08 23:33:17 | 000,000,008 | ---- | M] () -- C:\Users\Daniel\Documents\lmscfg [2012.10.08 22:29:15 | 001,614,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.08 22:29:15 | 000,697,072 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.08 22:29:15 | 000,652,390 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.08 22:29:15 | 000,148,110 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.08 22:29:15 | 000,121,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.08 22:24:18 | 000,002,360 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG5100 series Online-Handbuch.lnk [2012.10.04 18:20:40 | 000,001,533 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk [2012.10.03 19:33:33 | 000,002,288 | ---- | M] () -- C:\Users\Public\Desktop\Lenovo Rescue System.lnk [2012.10.03 11:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.10.01 23:22:28 | 000,020,668 | ---- | M] () -- C:\Users\Daniel\Documents\HDTune_Error_Scan2_WDC_WD7500AAKS-00RBA.png [2012.10.01 20:06:44 | 000,001,247 | ---- | M] () -- C:\Users\Daniel\Desktop\Cisco Packet Tracer.lnk [2012.10.01 00:12:20 | 000,045,736 | ---- | M] () -- C:\Users\Daniel\Documents\HDTune_Benchmark_WDC_WD7500AAKS-00RBA.png [2012.10.01 00:12:16 | 000,046,611 | ---- | M] () -- C:\Users\Daniel\Documents\HDTune_Info_WDC_WD7500AAKS-00RBA.png [2012.10.01 00:12:12 | 000,049,534 | ---- | M] () -- C:\Users\Daniel\Documents\HDTune_Health_WDC_WD7500AAKS-00RBA.png [2012.10.01 00:12:08 | 000,036,732 | ---- | M] () -- C:\Users\Daniel\Documents\HDTune_Error_Scan_WDC_WD7500AAKS-00RBA.png [2012.09.26 19:37:01 | 000,060,320 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2012.09.25 19:34:31 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2012.09.25 19:34:31 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2012.09.25 19:34:31 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2012.09.25 18:52:55 | 000,289,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.20 20:31:38 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys [2012.09.20 20:31:36 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2012.09.20 20:29:06 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2012.09.20 20:17:49 | 000,031,448 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys [2012.09.20 20:17:47 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2012.09.20 20:09:33 | 000,001,554 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20120920_200930.reg [2012.09.20 20:09:22 | 000,004,730 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20120920_200917.reg [2012.09.20 19:59:52 | 000,048,120 | ---- | M] () -- C:\Users\Daniel\Desktop\Mcafee deinstallieren und entfernen.htm [2012.09.20 16:32:56 | 000,001,011 | ---- | M] () -- C:\Users\Daniel\Desktop\StoppUhr.lnk [2012.09.19 20:07:05 | 000,015,140 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20120919_200701.reg [2012.09.19 20:06:50 | 000,058,466 | ---- | M] () -- C:\Users\Daniel\Documents\cc_20120919_200643.reg [2012.09.19 20:04:41 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.17 22:43:28 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk ========== Files Created - No Company Name ========== [2012.10.10 19:11:43 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\defogger_reenable [2012.10.08 22:23:37 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1748D.TBL [2012.10.08 22:23:37 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1748D.TBL [2012.10.08 22:08:25 | 000,002,360 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG5100 series Online-Handbuch.lnk [2012.10.04 18:20:40 | 000,001,545 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2012.10.04 18:20:40 | 000,001,533 | ---- | C] () -- C:\Users\Public\Desktop\Wireshark.lnk [2012.10.01 23:22:28 | 000,020,668 | ---- | C] () -- C:\Users\Daniel\Documents\HDTune_Error_Scan2_WDC_WD7500AAKS-00RBA.png [2012.10.01 22:58:27 | 000,040,079 | ---- | C] () -- C:\Windows\SysWow64\LXLCore.VxD [2012.10.01 22:58:27 | 000,034,272 | ---- | C] () -- C:\Windows\SysWow64\Ljoy.VxD [2012.10.01 22:58:27 | 000,022,659 | ---- | C] () -- C:\Windows\SysWow64\Lserial.VxD [2012.10.01 22:58:27 | 000,019,620 | ---- | C] () -- C:\Windows\SysWow64\LJoyFrc.vxd [2012.10.01 22:58:27 | 000,016,680 | ---- | C] () -- C:\Windows\SysWow64\LDigital.VxD [2012.10.01 22:58:27 | 000,011,428 | ---- | C] () -- C:\Windows\SysWow64\LUsbVxd.vxd [2012.10.01 22:58:27 | 000,009,196 | ---- | C] () -- C:\Windows\SysWow64\LJoyV.VxD [2012.10.01 22:58:27 | 000,006,243 | ---- | C] () -- C:\Windows\SysWow64\LAnalog.VxD [2012.10.01 20:06:44 | 000,001,247 | ---- | C] () -- C:\Users\Daniel\Desktop\Cisco Packet Tracer.lnk [2012.10.01 00:12:20 | 000,045,736 | ---- | C] () -- C:\Users\Daniel\Documents\HDTune_Benchmark_WDC_WD7500AAKS-00RBA.png [2012.10.01 00:12:16 | 000,046,611 | ---- | C] () -- C:\Users\Daniel\Documents\HDTune_Info_WDC_WD7500AAKS-00RBA.png [2012.10.01 00:12:12 | 000,049,534 | ---- | C] () -- C:\Users\Daniel\Documents\HDTune_Health_WDC_WD7500AAKS-00RBA.png [2012.10.01 00:12:07 | 000,036,732 | ---- | C] () -- C:\Users\Daniel\Documents\HDTune_Error_Scan_WDC_WD7500AAKS-00RBA.png [2012.09.20 22:23:34 | 000,820,642 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2012.09.20 22:23:34 | 000,044,794 | ---- | C] () -- C:\Windows\SysWow64\nmp.map [2012.09.20 20:17:47 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk [2012.09.20 20:09:32 | 000,001,554 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20120920_200930.reg [2012.09.20 20:09:21 | 000,004,730 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20120920_200917.reg [2012.09.20 19:59:51 | 000,048,120 | ---- | C] () -- C:\Users\Daniel\Desktop\Mcafee deinstallieren und entfernen.htm [2012.09.20 16:32:56 | 000,001,011 | ---- | C] () -- C:\Users\Daniel\Desktop\StoppUhr.lnk [2012.09.19 20:07:03 | 000,015,140 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20120919_200701.reg [2012.09.19 20:06:46 | 000,058,466 | ---- | C] () -- C:\Users\Daniel\Documents\cc_20120919_200643.reg [2012.09.19 20:04:41 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.09.17 22:43:28 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2012.08.09 17:32:41 | 000,000,784 | ---- | C] () -- C:\Users\Daniel\AppData\Local\CHANGE__PASSWORD__HERE - Kopie.js [2012.07.22 19:36:45 | 000,090,808 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\SiwPwdSpy.dll [2012.07.15 18:31:02 | 000,007,611 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg [2012.07.15 18:26:33 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012.05.10 15:01:55 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.10 14:55:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.05.10 14:54:09 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.05.10 14:53:33 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\ustor.dll [2012.05.10 14:53:33 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\UMonit.exe [2012.05.10 14:53:31 | 000,172,097 | ---- | C] () -- C:\Windows\SysWow64\NoMSGuninstall.exe [2012.05.10 14:53:31 | 000,000,840 | ---- | C] () -- C:\Windows\SysWow64\ProductName.ini [2012.05.10 14:53:30 | 000,000,187 | ---- | C] () -- C:\Windows\SysWow64\IconCfg0.ini [2012.02.22 10:48:49 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.22 10:48:49 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.22 10:48:48 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.02.14 22:27:38 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.08 22:31:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon [2012.09.19 20:06:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Free Download Manager [2012.07.15 18:27:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2012.10.08 23:32:20 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\NetSpeedMonitor [2012.09.23 20:15:29 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\pdfforge [2012.07.16 00:24:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SoftGrid Client [2012.07.16 00:12:49 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TP [2012.10.04 18:26:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Wireshark ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.10.2012 20:41:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Normal\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 71,56% Memory free
15,93 Gb Paging File | 13,38 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,89 Gb Total Space | 252,58 Gb Free Space | 55,52% Space Free | Partition Type: NTFS
Drive D: | 451,35 Gb Total Space | 363,38 Gb Free Space | 80,51% Space Free | Partition Type: NTFS
Computer Name: LENOVO-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F6D5A75-C8DF-4207-BE2C-2DFB16B8189D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{26C2BDF7-7E62-4AE6-8987-4BAE3D06D10E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2965772A-84C5-42A6-AB97-D581E9E853E6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{429259DC-F013-4E35-8A0E-E6B1743198E5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4FE468BE-61A1-4F09-9146-DAEFAC5B3094}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5517F0D2-3F18-4E06-8426-0CB95F5A9022}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5D7503EC-DD7A-4532-8F71-A212B86BC3CB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{61556947-CC26-4A97-962E-97865DB33E45}" = rport=445 | protocol=6 | dir=out | app=system |
"{63312EFE-7A28-4E88-8A53-A324D19284DF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{65EE25AA-B118-4078-9D10-96A6D1E03204}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6CC6EEC7-591A-44DF-8D5B-B0E223379D6E}" = rport=138 | protocol=17 | dir=out | app=system |
"{74FBC188-3137-4E8D-9E6C-08FAB453D4E1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{79005605-98F3-42A3-8D0E-077FFCDE306A}" = lport=445 | protocol=6 | dir=in | app=system |
"{831AB7DE-B8A9-4001-8887-3D4634CCDB7A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{84E6FFEE-B88A-4FDE-8D5F-68F051D56CF4}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A3091D5-E664-424D-8138-833575561098}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8E017B69-4DDD-42A6-87CF-C64F9DFF2B4F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{948669A1-C2E4-4E86-8A8C-EE9E03A6630C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{97A038D8-3969-40C2-A0EA-9C98D122D19E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{98D80E9B-3194-4A14-8E3C-2D3682EF035B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3A5A166-21C0-46F6-ACB9-0060F45698D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD05D7C7-9475-4B40-9A8B-34A6F0BB2236}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BF4468F9-4A45-480D-9D81-94E69B0F56BB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C2EF6071-8F05-4AD4-BB21-8A2534512B23}" = lport=139 | protocol=6 | dir=in | app=system |
"{C3583310-40FB-4554-9C3E-45FF3E80F9D1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CB15F971-F86D-46AA-B70D-3EFAD0D14D0D}" = lport=138 | protocol=17 | dir=in | app=system |
"{CC1B1E2E-A6FD-4376-9A26-FC939524DCFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{CC2E65C0-FEEB-49EC-AD63-2DA257DB40C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E519C35E-51FA-4C40-988A-5BD5C231AF22}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EA313FD6-7E71-4D30-B423-89D65A829F8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA91B2D5-BC54-4698-B58B-5B72E97A38CC}" = rport=139 | protocol=6 | dir=out | app=system |
"{EE3DCEA2-64C5-479C-A1F4-4C675B986E0E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD914C3-3F8C-4E05-8304-13C36820F451}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10D3A91B-4330-48A6-A144-F990C4D91E7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{299915AD-7A25-46CA-A066-522CE4880947}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3EF40702-D3A5-40BA-A052-51AB9D1D80CB}" = protocol=6 | dir=out | app=system |
"{410476FC-4138-47B2-BC84-9D0BCDF412BE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{427417A9-92CF-4107-BBF8-C423059994BE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{50CAB6BA-FFD8-40DA-9FAF-044700114D9F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5300D73B-0870-4389-9FDB-46464F1506DE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{599B8493-128C-4B7F-B6A1-9B8D20677D0D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{775D2979-C4EE-4FBF-B8D8-84F3ACE1ABE0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{942AFAB0-6956-4619-9826-D45DA9837AF6}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{96C141A5-C591-41AB-A4F1-2D16C27A3A32}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A4D4DE27-A75F-4013-90EB-50A66C4E266D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A693CC4E-D14F-4856-B0E9-3923EA0715F3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AB4DB1E5-E278-4408-8B0D-63FB4CB3ED6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B0997847-9F0F-4E7F-8761-37F96DB7F153}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA5934E5-3326-44A4-B657-BBF9AF545D7B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC5393B9-E5AC-4227-B08A-582B45FBC9E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0B9D362-6DBA-4A44-B35A-2075ECC9604D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7E8E716-F8DF-4252-9210-CA76481167AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA3254FA-8021-4C4B-977F-E06930F59D0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE288513-A3DB-44D2-85D5-B82B260C2BCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F19A421E-7ED7-4CDA-9114-73A31373D954}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{883F56F3-B9E7-4B07-8F6D-2BEF6291DF16}" = Oracle VM VirtualBox 4.1.22
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E1F8138F-41E7-F39B-EA3E-735EC73F8889}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{036F7816-8EC9-22F9-1E43-7123DB870B30}" = CCC Help Danish
"{0474AACF-1A71-7209-E6A6-C1F70C76EDAA}" = CCC Help Swedish
"{0A3B7EBA-E498-253E-CAF0-D9821A29A470}" = CCC Help Greek
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E4ED7C6-74B9-EB9C-AB39-8FDBD8F5695F}" = CCC Help German
"{1E943FE6-F628-08B4-DD29-A12101B042C1}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29BD817E-1563-1746-EAD9-70291A2F2D4D}" = CCC Help Turkish
"{2F7C2130-B132-5236-1A12-E0301471D830}" = CCC Help Chinese Traditional
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C592481-FC0C-EAF8-6EB2-3DEE01C36072}" = CCC Help Korean
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"{41DD6ED5-3F94-47F4-B28C-10A4ADA037ED}" = Education Portal
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F78AE55-4886-97C6-2CC9-AB177F523B26}" = CCC Help Dutch
"{50076563-CF6F-6C29-09BA-8730A54DE9F9}" = CCC Help English
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{619E87FD-26F9-B282-5E46-D17093AAA22D}" = CCC Help Finnish
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65F7FB65-3BCC-0A39-9E7D-C3660E38C9CB}" = CCC Help Chinese Standard
"{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A8139D8-B5D4-B778-4FEB-A3B720DB30E1}" = Catalyst Control Center
"{6CF2CB52-46B6-FAE4-5921-BAB59D05CAE7}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{803E6DED-5050-4E3D-B26A-5915397362CD}" = Lenovo Screensaver
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{816F9A97-9889-43DA-A394-7AA45DD68BA0}" = Power Control Switch
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8743A446-E143-FDE1-BEC8-09A8B7F0A131}" = Catalyst Control Center Localization All
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C02C624-48D6-E6DE-52AF-0A88E0DB7D38}" = CCC Help Italian
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}" = LVT
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW 2011 Home Edition
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD372173-A8D6-6F21-3642-A05DE64E81CA}" = CCC Help Czech
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Blacksilk USB Keyboard Driver
"{B627299E-DC01-B818-42C1-CF1CAEB82301}" = CCC Help Portuguese
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BEEED310-7C16-49F5-FDCE-4484F6F256D2}" = CCC Help Hungarian
"{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}" = Driver & Application Installation
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C5A03F82-CCFE-06B4-428D-0BEB66AFBE8F}" = CCC Help Japanese
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79429AB-E078-CDD0-0F25-F7206BBC1713}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE1718B6-64F0-2F98-7FF2-7E4CA3526169}" = CCC Help French
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFABF09-4BD5-4258-B191-117B1B743732}" = Catalyst Control Center - Branding
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E763F193-D288-5854-791A-EA95D8858769}" = CCC Help Russian
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29CBF73-C211-4616-898A-379A2679F990}" = ThemeWallpaper
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB50A7F5-2FF9-CEA4-6149-47F84D3E10B8}" = CCC Help Thai
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF60F8C4-5073-A43B-5BF4-A7BC3098C533}" = Catalyst Control Center Profiles Desktop
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"Cisco Packet Tracer 5.3.3_is1" = Cisco Packet Tracer 5.3.3
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"Free Download Manager_is1" = Free Download Manager 3.9
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"Mozilla Firefox 16.0 (x86 de)" = Mozilla Firefox 16.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Netzmanager" = Netzmanager
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Rapidboot Advanced" = Rapidboot Advanced
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"StoppUhr" = StoppUhr
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.8.3 (64-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.09.2012 08:33:04 | Computer Name = Lenovo-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.09.2012 13:46:36 | Computer Name = Lenovo-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.09.2012 15:08:15 | Computer Name = Lenovo-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: a90 Startzeit: 01cd99b324815ebf Endzeit: 0 Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID:
018e6981-05b2-11e2-99a9-8c89a5d2aa85
Error - 23.09.2012 15:18:51 | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
Error - 23.09.2012 18:31:36 | Computer Name = Lenovo-PC | Source = WinMgmt | ID
= 10
Description =
Error - 23.09.2012 18:38:10 | Computer Name = Lenovo-PC | Source = WinMgmt | ID
= 10
Description =
Error - 24.09.2012 14:53:46 | Computer Name = Lenovo-PC | Source = WinMgmt | ID
= 10
Description =
Error - 24.09.2012 15:24:53 | Computer Name = Lenovo-PC | Source = Application Error
| ID = 1000
Description = Name der fehlerhaften Anwendung: Dynamo.exe, Version: 0.0.0.0, Zeitstempel: 0x451d8e1c
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00010000
ID des fehlerhaften Prozesses: 0x73c
Startzeit der fehlerhaften Anwendung: 0x01cd9a89a6b1d58d
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Iometer.org\Iometer 2006.07.27\Dynamo.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 83d0ede8-067d-11e2-9e57-8c89a5d2aa85
Error - 24.09.2012 15:25:29 | Computer Name = Lenovo-PC | Source = Application Hang
| ID = 1002
Description = Programm Iometer.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16e8
Startzeit: 01cd9a89a692e3a9
Endzeit: 0
Anwendungspfad: C:\Program Files (x86)\Iometer.org\Iometer 2006.07.27\Iometer.exe
Berichts-ID: 964f5011-067d-11e2-9e57-8c89a5d2aa85
Error - 24.09.2012 17:50:07 | Computer Name = Lenovo-PC | Source = MSPAC | ID =
16389
Description =
Error - 24.09.2012 18:07:37 | Computer Name = Lenovo-PC | Source = MSPAC | ID =
16389
Description =
Error encountered while reading event logs.
< End of report >
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.10.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel :: LENOVO-PC [Administrator] 10.10.2012 20:59:11 mbam-log-2012-10-10 (20-59-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 395010 Laufzeit: 1 Stunde(n), 6 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\Schmidt-Pro (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.10.10.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel :: LENOVO-PC [Administrator] 10.10.2012 22:15:18 mbam-log-2012-10-10 (22-15-18).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 398968 Laufzeit: 1 Stunde(n), 56 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\Software\Schmidt-Pro (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Virenprüfung mit G Data AntiVirus
Version 10.0 (02.02.2011)
Virensignaturen vom 11.10.2012
Startzeit: 11.10.2012 17:35
Engine(s): EngineA (AVA 22.6391) EngineB (AVB 22.1184)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
Prüfe Systembereiche....
Prüfung folgender Verzeichnisse und Dateien:
/mnt
Objekt: c099986d-9a9d-11e1-816f-806e6f6e6963.vhd
Pfad: /mnt/F:/WindowsImageBackup/Lenovo-PC/Backup 2012-08-22 095349
Status: Virus gefunden
Virus: Win32:Gremo
Objekt: activeos.exe
Pfad: /mnt/E:/OneKey/main
Status: Virus gefunden
Virus: Win32:Malware-gen
Objekt: W7 64 sp1.vdi
Pfad: /mnt/D:/Users/Daniel/VirtualBox VMs/W7 64 sp1
Status: Virus gefunden
Virus: Win32:Adloader-AC [Trj]
Objekt: W8.vdi
Pfad: /mnt/D:/Users/Daniel/VirtualBox VMs/W8
Status: Virus gefunden
Virus: Win32:Small-HUF [Trj]
Objekt: Win8.vdi
Pfad: /mnt/D:/Users/Daniel/VirtualBox VMs/Win8
Status: Virus gefunden
Virus: Win32:Gremo
Analyse vollständig ausgeführt: 11.10.2012 19:23
179444 Dateien geprüft
5 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Ich finde es verdächtig, dass sich vier der fünf Funde auf vhd / vdi - Dateien beziehen, daher tippe ich auf einen Fehlalarm ( false positive). Zur Erklärung: W7 64 SP1 ist eine virtuelle Windows 7 - Maschine, auf der ein paar Programme installiert sind (z.B. Office etc.) W8 und Win8 sind Maschinen mit reiner Windows 8 Release Prewiew Was sagt ihr dazu? |
|
13.10.2012, 13:42
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | GData Boot CD findet Win32: Gremo und andere in .vhd / .vdi - Dateien Sieht für mich auch eher nach Fehlalarmen aus.
__________________Zitat:
Zitat:
Hast du das Wirts-OS gescannt und die Logs sind das Ergebnis oder hast du auch eine der VMs gescannt abgesehen von den VHD-Dateien?
__________________ |
|
14.10.2012, 21:33
| #3 | |||
| | GData Boot CD findet Win32: Gremo und andere in .vhd / .vdi - DateienZitat:
Zitat:
Die drei gefundenen .vdi - Dateien sind die von VirtualBox erstellten virtuellen Disks der beschriebenen virtuellen Maschinen. Die einzelne .vhd - Datei ist das von der Windows - Sicherung erstellte Systemabbild und den fünften Fund kann ich nicht so richtig einschätzen, da ich nur raten kann, dass die Partition E: meine OEM-Partition ist und darauf liegen vermutlich die ganzen Recovery - Tools. Übrigens heißt das von Lenovo auf meinem PC vorinstallierte Recovery - Programm "Lenovo OneKey Recovery", daher vermute ich, dass der Fund diesem Programm zuzuordnen ist. Zitat:
Die VMs benutze ich selten und ich hatte sie, abgesehen vom Scan ihrer .vdi - Dateien vom Wirtssystem aus, auch noch nicht gescannt. Vorsichtshalber habe ich jedoch soeben die virtuelle Maschine "W7 64 SP1" per GDATA BootScan auf dieselbe Weise gescannt wie das Wirtssystem. Hier das Ergebnislog: Code:
ATTFilter Virenprüfung mit G Data AntiVirus
Version 10.0 (02.02.2011)
Virensignaturen vom 14.10.2012
Startzeit: 14.10.2012 21:20
Engine(s): EngineA (AVA 22.6426) EngineB (AVB 22.1191)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
Prüfe Systembereiche....
Prüfung folgender Verzeichnisse und Dateien:
/mnt/
Analyse vollständig ausgeführt: 14.10.2012 21:55
71625 Dateien geprüft
0 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Code:
ATTFilter Virenprüfung mit G Data InternetSecurity 2013
Version 23.0.5.9 (17.09.2012)
Virensignaturen vom 09.10.2012
Startzeit: 09.10.2012 18:51:28
Engine(s): Engine A (AVA 22.6369), Engine B (AVL 22.1241)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 09.10.2012 19:30:18
176271 Dateien überprüft
0 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\03c672c9332a61f1e1629caff4dd7367_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\05106cfa2216d2d4dc6d6f5e7e9bf5a2_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0016dac98b10f40171a9497cb009cddc_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0c7895275ea1aa90dbbae804c71660e4_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\105ccbf74b96473cafb8ff5033c7485c_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12a0c72d4940064d40be65bf19e583e3_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0d61276fd58abc85b620e1bf9e216d2e_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\18fb411aacea181f8a39ae4f38ed18f5_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\1c7f14182476d8a30f09993c04cda80e_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2992579982c73275a3a034c656834e3a_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2bee2d803a526872b08f77323b31028d_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2d04d99a5dfe95334eeda91d3599e23c_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\348b0ed8d8c859a5e5dddbd3e0b0105c_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\351dffbfa2303f774b05739a57197fd2_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\36097ecf2784237bb74a7ee3518d448e_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\3ab535b50222b76ba950ea479496bcec_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4540492a359fe9ed9d931b5407b90ca2_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\47541811460572ada13b9a0ab7a5cd74_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4f3f5bdffea30591d76a821be04d322d_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5206e7eb62f87f96d6e44b2005a8d5ef_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\53bd2eb23b5dbd19f0aa732a640faccb_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\570855bb372cf6407eed4b2f6ffdcb41_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5d8f9ed17c9784af3ae37aac7f294ad0_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\65afad19c8198c84f88db50de04c5041_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\63331267f2962dc1c2db52a08e21b48e_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6c935854942c402fc296cafcc126e0c3_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7032330fcc7f967edb817eacf2baf71c_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\703d10df6e91b4959c344bceffe95241_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\784b512cfac3081c424c3c4d19299f2e_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\78527943dbeb0cf7c986c555745d86df_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7339ad4da8041cd8cc06bb1eee9584fd_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7be1ab09cc9eabec56f2547a04030132_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7c27c1326cd1cba193b41211b6b07bb4_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7db7418e278914d3dc86fe3808d2e387_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\826ac8d86ce4083dae182594d328f03f_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92e333a4e39605ffc262631579153c70_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\95a35a5e1d7e7c53698c9a7bad7fc572_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\970db30e13f22752d0b616381af6d54e_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9ecbcf36e110c96b9a66abc0d288f3c2_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d91d8ea49de04e4c0d40ff1d97cfc59_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a141865289e34592f217672cbffe6517_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a332370874f1669135f85e76accf903d_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a7144e5b44b8e1f7b1e64777263772a4_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a92cf8d89bed0e8671eba2528611f74a_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ab23c232d0d6f9301e6635d6f299d081_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b021c2bb2d50953dc905956064b8528b_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b0f82f61d41aed5e9763f1a1663f7e0c_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b2829a1fe58d226de8b52e039a3669df_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b2ca6d5d6977ac1d42a0175f915d367c_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b9f4abae5b7c56c839ae1b7ad7826178_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bafc11964f75daf47d4037460bf82478_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bd5cf3b6af4943554be661fa302c3010_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\be41a4761a8f9e8bf389fd1c58f46f40_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c96e749d2e6c5d4a1d9f18cd408e8e87_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c3a5b821df88379ca2aa8424dc34c0da_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c9fd4331c5a0c7c0ff20f5c8f7a3a008_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cdaf441f95b4156d06eff708e5a81e0c_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\cebf596b8302798a14563ced4be33950_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d3de91c7eba2c3a8b438f2317d924c07_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2fadf1613485c0c68767aac468d588b_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ca0eface921f4e2eb87dad6a27269ee1_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d1fad6301d6a02cdfab695f6c413ddf0_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d40282033be66ab0908409b45d9ca0ae_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d63d38e0496c5031c9ac045b087c80a0_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\da399712eb944769c60b4427c995fb7e_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e63103616bace33eeadd587eb36b0edb_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f2ccb8612d06b5da1efd5c69b399845e_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\eaa6c6d3734707389b3a60f37cdae9f9_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f79ed1428bdbedb5e471068485fdb42d_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\db1b4cdef04c29a7ef98785f2ecf594b_b36b96c0-a8a3-4fe3-86d0-f48dde7d5b42
C:\System Volume Information\Syscache.hve
C:\System Volume Information\Syscache.hve.LOG1
C:\System Volume Information\MountPointManagerRemoteDatabase
C:\System Volume Information\Syscache.hve.LOG2
C:\System Volume Information\WindowsImageBackup\Catalog\BackupGlobalCatalog
C:\System Volume Information\WindowsImageBackup\Catalog\GlobalCatalog
C:\System Volume Information\WindowsImageBackup\SPPMetadataCache\{4883cf1f-620e-4925-b9d8-b82b8d28fcca}
C:\System Volume Information\WindowsImageBackup\SPPMetadataCache\{35f2173a-c3fa-4dc5-b798-07949ebe5c33}
C:\System Volume Information\WindowsImageBackup\SPPMetadataCache\{61794463-fffb-480b-aa11-d077201e02b8}
Geändert von User1578 (14.10.2012 um 22:10 Uhr) |
|
15.10.2012, 11:26
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GData Boot CD findet Win32: Gremo und andere in .vhd / .vdi - Dateien Also wie schon gesagt, für mich sieht das nach Fehlalarmen aus Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.10.2012, 20:10
| #5 | ||
| | GData Boot CD findet Win32: Gremo und andere in .vhd / .vdi - DateienZitat:
Auch wenn es nur um Fehlalarme ging, möchte ich mich hier nochmal in aller Form bei dir, Cosinus, und bei allen anderen hier im Team für die Bearbeitung und der Service hier bedanken.  Ihr seid ein Super Team  und das hier ist ein sehr empfehlenswertes Board  |
|
| Themen zu GData Boot CD findet Win32: Gremo und andere in .vhd / .vdi - Dateien |
| autorun, bho, error, fehlalarm, firefox, flash player, format, free download, helper, home, homepage, infizierte dateien, internet, internet security 2013, laufwerksbuchstabe, logfile, microsoft office starter 2010, mozilla, nodrives, plug-in, problem, realtek, registry, rundll, scan, secunia psi, security, siteadvisor, software, starten, svchost.exe, usb, usb 2.0, usb 3.0, viren, win32:adloader-ac [trj], win32:gremo, win32:malware-gen, win32:small-huf [trj] |
