| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.08.2012, 19:23
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Bitte poste das Log unzensiert! Es gibt nichts zu zensieren oder heißt du Administrator?! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.08.2012, 19:31
| #17 |
 | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 05.08.2012 19:04:14 - Run 3 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Dokumente und Einstellungen\Aerophil\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,49 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 76,00% Memory free 4,34 Gb Paging File | 3,64 Gb Available in Paging File | 83,91% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 291,38 Gb Total Space | 235,68 Gb Free Space | 80,88% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK-ALEX | User Name: Aerophil | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Aerophil\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe () PRC - C:\Programme\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Intel\AMT\LMS.exe (Intel Corporation) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) PRC - C:\WINDOWS\system32\DTS.exe () PRC - C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) PRC - C:\Programme\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\f121ccced1aa14badb316d8d9be5154d\UIAutomationProvider.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3378.22306__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3378.22386__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3378.22287__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3378.22308__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3378.22367__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3378.22348__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3378.22302__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3378.22334__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3378.22296__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3378.22336__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3378.22297__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3378.22309__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3378.22330__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3378.22335__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3378.22361__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3378.22347__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3378.22353__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3378.22313__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3378.22308__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3378.22391__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3378.22387__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3378.22345__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3378.22353__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3378.22335__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3378.22296__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3378.22334__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3378.22352__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3378.22391__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3378.22313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3378.22335__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3378.22345__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3378.22346__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3378.22381__90ba9c70f846762e\MOM.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3378.22395__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3378.22403__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3378.22284__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3378.22292__90ba9c70f846762e\CLI.Component.Dashboard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3378.22375__90ba9c70f846762e\CLI.Component.Systemtray.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3378.22301__90ba9c70f846762e\CLI.Component.Wizard.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3378.22285__90ba9c70f846762e\ATIDEMOS.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3378.22284__90ba9c70f846762e\CLI.Component.Runtime.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3378.22379__90ba9c70f846762e\LOG.Foundation.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3378.22282__90ba9c70f846762e\APM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3378.22286__90ba9c70f846762e\CLI.Component.SkinFactory.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3378.22283__90ba9c70f846762e\AEM.Server.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3378.22381__90ba9c70f846762e\CCC.Implementation.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll () MOD - C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll () MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL () MOD - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe () MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL () MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll () MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll () MOD - C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll () MOD - C:\Programme\Lenovo\Message Center Plus\MCPLaunch.exe () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Programme\Intel\WiFi\bin\iWMSProv.dll () MOD - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () MOD - C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - c:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll () MOD - C:\WINDOWS\system32\DTS.exe () MOD - C:\Programme\Lenovo Fingerprint Software\SharedResources.dll () MOD - C:\WINDOWS\system32\DLAAPI_W.DLL () MOD - C:\WINDOWS\system32\redmonnt.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (ThinkVantage Registry Monitor Service) -- c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (UNS) -- C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Programme\Intel\AMT\LMS.exe (Intel Corporation) SRV - (TVT Scheduler) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) SRV - (dtsvc) -- C:\WINDOWS\system32\DTS.exe () SRV - (ADMonitor) -- C:\WINDOWS\system32\ADMonitor.exe () SRV - (ATService) -- C:\WINDOWS\system32\AtService.exe (AuthenTec, Inc.) SRV - (TVT_UpdateMonitor) -- C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe (Lenovo Group Limited) SRV - (RoxMediaDB10) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions) SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (BcmSqlStartupSvc) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (acsmux) -- C:\WINDOWS\system32\drivers\acsmux.sys (Cisco Systems, Inc.) DRV - (acsint) -- C:\WINDOWS\system32\drivers\acsint.sys (Cisco Systems, Inc.) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.) DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys () DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (CnxtHdAudService) -- C:\WINDOWS\system32\drivers\CHDAU32.sys (Conexant Systems Inc.) DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.) DRV - (ATSwpWDF) -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (e1yexpress) -- C:\WINDOWS\system32\drivers\e1y5132.sys (Intel Corporation) DRV - (5U875UVC) -- C:\WINDOWS\system32\drivers\5U875.sys (Ricoh co.,Ltd.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (lenovo.smi) -- C:\WINDOWS\system32\drivers\smiif32.sys (Lenovo Group Limited) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (tpm) -- C:\WINDOWS\system32\drivers\tpm.sys (Intel Corporation) DRV - (HECI) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\..\SearchScopes,DefaultScope = {F99C88E9-F2FF-474B-9F8C-0228F9C4CA74} IE - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF7&pc=MALC&src=IE-SearchBox IE - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\..\SearchScopes\{F99C88E9-F2FF-474B-9F8C-0228F9C4CA74}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 00:22:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.13 08:21:54 | 000,000,000 | ---D | M] [2010.02.05 00:43:05 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Mozilla\Extensions [2012.05.04 15:32:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Mozilla\Firefox\Profiles\0jejmtmn.default\extensions [2010.04.28 19:58:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Mozilla\Firefox\Profiles\0jejmtmn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.04.26 08:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.10 21:47:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.06 15:32:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.07.19 00:22:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.04.06 15:32:42 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.06.21 22:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.06.21 22:44:13 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.06.21 22:44:13 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.06.21 22:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.06.21 22:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.06.21 22:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Programme\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe () O4 - HKLM..\Run: [CreateLMBCShortCut] C:\Programme\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe () O4 - HKLM..\Run: [FingerPrintSoftware] C:\Programme\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [Message Center Plus] C:\Programme\LENOVO\Message Center Plus\MCPLaunch.exe () O4 - HKLM..\Run: [picon] C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\RCIMGDIR.exe.lnk = C:\Programme\RotateImage\RCIMGDIR.exe (Ricoh co.,Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.07.22 09:01:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.04 20:27:53 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2012.08.04 20:26:52 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Aerophil\Desktop\esetsmartinstaller_enu.exe [2012.08.04 13:27:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2012.08.02 14:55:39 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Aerophil\Startmenü\Programme\Verwaltung [2012.08.02 13:17:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy [2012.08.02 08:32:05 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Aerophil\Desktop\OTL.exe [2012.08.01 02:00:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Malwarebytes [2012.08.01 02:00:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.08.01 02:00:36 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.08.01 02:00:36 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.08.01 00:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2012.07.23 00:08:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.12 23:49:17 | 000,000,000 | ---D | C] -- C:\Programme\VLC Media Player Portable [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.05 17:44:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.08.05 17:44:19 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Aerophil\.rnd [2012.08.05 17:43:11 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2012.08.05 17:42:58 | 000,001,024 | ---- | M] () -- C:\.rnd [2012.08.05 17:42:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.08.05 17:42:51 | 2678,087,680 | -HS- | M] () -- C:\hiberfil.sys [2012.08.05 17:41:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.08.05 17:11:13 | 000,614,903 | ---- | M] () -- C:\Dokumente und Einstellungen\Aerophil\Desktop\adwcleaner.exe [2012.08.04 20:26:53 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Aerophil\Desktop\esetsmartinstaller_enu.exe [2012.08.01 12:50:16 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Aerophil\Desktop\OTL.exe [2012.08.01 12:45:53 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Aerophil\Desktop\3jmm48zx.exe [2012.07.23 08:30:56 | 000,313,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.07.23 00:09:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.07.14 10:25:31 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Aerophil\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2012.07.14 09:52:21 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\winscp.rnd [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.05 17:42:55 | 000,001,024 | ---- | C] () -- C:\.rnd [2012.08.05 17:42:51 | 2678,087,680 | -HS- | C] () -- C:\hiberfil.sys [2012.08.05 17:11:13 | 000,614,903 | ---- | C] () -- C:\Dokumente und Einstellungen\Aerophil\Desktop\adwcleaner.exe [2012.08.02 09:13:33 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Aerophil\Desktop\3jmm48zx.exe [2012.05.14 00:03:53 | 000,001,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Aerophil\.recently-used.xbel [2012.02.19 23:48:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.17 00:44:41 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Aerophil\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND [2011.12.11 23:48:35 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\winscp.rnd [2010.04.25 23:43:08 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\Aerophil\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.02 15:54:05 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Aerophil\.rnd [2010.02.02 15:54:05 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Aerophil\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== LOP Check ========== [2009.12.24 21:54:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CachedFiles [2009.12.24 22:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Downloaded Installations [2009.12.24 22:06:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo [2010.02.09 01:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Avaya [2009.12.24 21:54:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\CachedFiles [2009.12.24 22:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Downloaded Installations [2012.03.31 00:13:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\elsterformular [2012.04.06 14:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\gtk-2.0 [2011.01.05 21:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\InterVideo [2010.02.10 22:51:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Leadertech [2010.02.09 01:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Lenovo [2010.02.09 00:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\VanDyke [2012.01.06 14:53:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\xm1 [2009.12.24 22:05:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AT&T [2011.12.10 14:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco [2011.02.20 15:33:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.02.09 00:51:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF [2012.03.24 18:27:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo [2009.12.24 22:05:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr [2009.12.24 22:00:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2010.02.09 00:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VanDyke [2009.12.24 21:54:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\CachedFiles [2009.12.24 22:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Downloaded Installations [2009.12.24 22:06:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Lenovo [2012.04.15 00:05:25 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job [2012.08.05 17:43:11 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.11 22:37:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Adobe [2009.12.24 21:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\ATI [2010.02.09 01:21:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Avaya [2012.01.28 20:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Avira [2009.12.24 21:54:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\CachedFiles [2009.12.24 22:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Downloaded Installations [2012.03.31 00:13:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\elsterformular [2012.04.06 14:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\gtk-2.0 [2008.07.22 09:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Identities [2009.12.24 21:43:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\InstallShield [2009.12.24 21:45:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Intel [2011.01.05 21:13:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\InterVideo [2010.02.10 22:51:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Leadertech [2010.02.09 01:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Lenovo [2010.02.05 00:43:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Macromedia [2012.08.01 02:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Malwarebytes [2012.01.06 02:23:48 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Microsoft [2012.01.06 14:20:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\MiKTeX [2010.02.05 00:43:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Mozilla [2010.05.04 20:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Roxio [2012.08.01 00:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Skype [2011.07.12 20:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\skypePM [2009.12.24 22:00:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun [2010.02.09 00:58:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\VanDyke [2012.01.06 14:53:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\xm1 < %APPDATA%\*.exe /s > [2012.01.06 02:23:48 | 000,094,208 | R--- | M] () -- C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Microsoft\Installer\{31800004-6386-4999-A519-518F2D78D8F0}\python_icon.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\drivers\other\IaStor.sys [2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys [2009.08.06 22:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.07.22 10:52:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2008.07.22 10:52:30 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2008.07.22 10:52:30 | 000,458,752 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
05.08.2012, 19:50
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3886091965-922040345-3825767373-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.22 09:01:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
:Files
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
05.08.2012, 20:03
| #19 |
| | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Hat alles soweit funktioniert, hier das Ergebnis: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-3886091965-922040345-3825767373-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3886091965-922040345-3825767373-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Dokumente und Einstellungen\Aerophil\Anwendungsdaten\Sun\Java\Deployment\cache folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: Aerophil
->Temp folder emptied: 1575893524 bytes
->Temporary Internet Files folder emptied: 2497230474 bytes
->FireFox cache emptied: 1196847491 bytes
->Flash cache emptied: 124051 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2777519 bytes
->Flash cache emptied: 405 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1163143 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63846394 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5.091,00 mb
[EMPTYFLASH]
User: Administrator
User: Aerophil
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
User: LocalService
->Flash cache emptied: 0 bytes
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 08052012_205643
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
06.08.2012, 09:49
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 10:24
| #21 |
| | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Hallo Arne, anbei der TDSS-Report. Die unsignierten Dateien gehören meines Erachtens fast ausschließlich zu Lenovo-Applikatioen... Code:
ATTFilter 11:18:03.0921 2452 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:18:03.0937 2452 ============================================================
11:18:03.0937 2452 Current date / time: 2012/08/06 11:18:03.0937
11:18:03.0937 2452 SystemInfo:
11:18:03.0937 2452
11:18:03.0937 2452 OS Version: 5.1.2600 ServicePack: 3.0
11:18:03.0937 2452 Product type: Workstation
11:18:03.0937 2452 ComputerName: NOTEBOOK-ALEX
11:18:03.0937 2452 UserName: Aerophil
11:18:03.0937 2452 Windows directory: C:\WINDOWS
11:18:03.0937 2452 System windows directory: C:\WINDOWS
11:18:03.0937 2452 Processor architecture: Intel x86
11:18:03.0937 2452 Number of processors: 2
11:18:03.0937 2452 Page size: 0x1000
11:18:03.0937 2452 Boot type: Normal boot
11:18:03.0937 2452 ============================================================
11:18:04.0203 2452 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
11:18:04.0203 2452 ============================================================
11:18:04.0203 2452 \Device\Harddisk0\DR0:
11:18:04.0203 2452 MBR partitions:
11:18:04.0203 2452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x246C4000
11:18:04.0203 2452 ============================================================
11:18:04.0234 2452 C: <-> \Device\Harddisk0\DR0\Partition0
11:18:04.0234 2452 ============================================================
11:18:04.0234 2452 Initialize success
11:18:04.0234 2452 ============================================================
11:18:45.0812 4620 ============================================================
11:18:45.0812 4620 Scan started
11:18:45.0812 4620 Mode: Manual; SigCheck; TDLFS;
11:18:45.0812 4620 ============================================================
11:18:46.0140 4620 5U875UVC (5532aa5d3d35b8ec4ccdb05988f4dbc5) C:\WINDOWS\system32\DRIVERS\5U875.sys
11:18:46.0765 4620 5U875UVC - ok
11:18:46.0781 4620 Abiosdsk - ok
11:18:46.0843 4620 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:18:47.0218 4620 abp480n5 - ok
11:18:47.0265 4620 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:18:47.0437 4620 ACPI - ok
11:18:47.0468 4620 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:18:47.0546 4620 ACPIEC - ok
11:18:47.0640 4620 AcPrfMgrSvc (788b88e81af85406fa69c44bf6e0b61f) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
11:18:47.0640 4620 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
11:18:47.0640 4620 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
11:18:47.0671 4620 acsint (c0a9a0be382321a7a6adfcc4b305f062) C:\WINDOWS\system32\DRIVERS\acsint.sys
11:18:47.0703 4620 acsint - ok
11:18:47.0734 4620 acsmux (9d4b043fa3a628c6f0d56954a71cd726) C:\WINDOWS\system32\DRIVERS\acsmux.sys
11:18:47.0750 4620 acsmux - ok
11:18:47.0796 4620 AcSvc (ead243c077ba957c45e4f14223c1a07b) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
11:18:47.0828 4620 AcSvc ( UnsignedFile.Multi.Generic ) - warning
11:18:47.0828 4620 AcSvc - detected UnsignedFile.Multi.Generic (1)
11:18:47.0875 4620 ADMonitor (fb0be3b9ebc6219270e7e507582cf0ff) C:\WINDOWS\system32\ADMonitor.exe
11:18:47.0890 4620 ADMonitor ( UnsignedFile.Multi.Generic ) - warning
11:18:47.0890 4620 ADMonitor - detected UnsignedFile.Multi.Generic (1)
11:18:47.0921 4620 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:18:48.0000 4620 adpu160m - ok
11:18:48.0062 4620 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:18:48.0171 4620 aec - ok
11:18:48.0218 4620 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:18:48.0281 4620 AFD - ok
11:18:48.0296 4620 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:18:48.0406 4620 agp440 - ok
11:18:48.0421 4620 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:18:48.0484 4620 agpCPQ - ok
11:18:48.0500 4620 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:18:48.0531 4620 Aha154x - ok
11:18:48.0546 4620 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:18:48.0609 4620 aic78u2 - ok
11:18:48.0625 4620 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:18:48.0687 4620 aic78xx - ok
11:18:48.0718 4620 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
11:18:48.0781 4620 Alerter - ok
11:18:48.0812 4620 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
11:18:48.0843 4620 ALG - ok
11:18:48.0859 4620 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:18:48.0937 4620 AliIde - ok
11:18:48.0968 4620 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:18:49.0031 4620 alim1541 - ok
11:18:49.0046 4620 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:18:49.0125 4620 amdagp - ok
11:18:49.0140 4620 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:18:49.0171 4620 amsint - ok
11:18:49.0203 4620 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
11:18:49.0218 4620 ANC ( UnsignedFile.Multi.Generic ) - warning
11:18:49.0218 4620 ANC - detected UnsignedFile.Multi.Generic (1)
11:18:49.0281 4620 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe
11:18:49.0312 4620 AntiVirSchedulerService - ok
11:18:49.0343 4620 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:18:49.0359 4620 AntiVirService - ok
11:18:49.0406 4620 AppMgmt (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
11:18:49.0468 4620 AppMgmt - ok
11:18:49.0484 4620 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:18:49.0562 4620 Arp1394 - ok
11:18:49.0593 4620 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:18:49.0671 4620 asc - ok
11:18:49.0703 4620 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:18:49.0750 4620 asc3350p - ok
11:18:49.0750 4620 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:18:49.0812 4620 asc3550 - ok
11:18:49.0937 4620 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:18:49.0984 4620 aspnet_state - ok
11:18:50.0000 4620 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:18:50.0078 4620 AsyncMac - ok
11:18:50.0093 4620 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:18:50.0171 4620 atapi - ok
11:18:50.0171 4620 Atdisk - ok
11:18:50.0265 4620 Ati HotKey Poller (838b66554a9f896be6bc6e036925340e) C:\WINDOWS\system32\Ati2evxx.exe
11:18:50.0343 4620 Ati HotKey Poller - ok
11:18:50.0687 4620 ati2mtag (e91d58406e24cd64842f9cc1a4038963) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
11:18:50.0828 4620 ati2mtag - ok
11:18:51.0000 4620 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:18:51.0109 4620 Atmarpc - ok
11:18:51.0296 4620 ATService (6a0f37bc6e960e4baa47048d6d877d3c) C:\WINDOWS\system32\AtService.exe
11:18:51.0390 4620 ATService - ok
11:18:51.0546 4620 ATSwpWDF (40e3212da94acf9e120c30acebc6ea80) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
11:18:51.0578 4620 ATSwpWDF - ok
11:18:51.0609 4620 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
11:18:51.0718 4620 AudioSrv - ok
11:18:51.0750 4620 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:18:51.0843 4620 audstub - ok
11:18:51.0875 4620 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:18:51.0890 4620 avgntflt - ok
11:18:51.0921 4620 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:18:51.0953 4620 avipbb - ok
11:18:51.0953 4620 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
11:18:51.0968 4620 avkmgr - ok
11:18:52.0093 4620 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Programme\Microsoft\BingBar\BBSvc.EXE
11:18:52.0109 4620 BBSvc - ok
11:18:52.0156 4620 BBUpdate (785de7abda13309d6065305542829e76) C:\Programme\Microsoft\BingBar\SeaPort.EXE
11:18:52.0187 4620 BBUpdate - ok
11:18:52.0250 4620 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
11:18:52.0265 4620 BcmSqlStartupSvc - ok
11:18:52.0281 4620 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:18:52.0390 4620 Beep - ok
11:18:52.0453 4620 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
11:18:52.0593 4620 BITS - ok
11:18:52.0625 4620 Browser (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
11:18:52.0703 4620 Browser - ok
11:18:52.0765 4620 btaudio (2c04f295f7f40eb46f7accd3f6cdef4a) C:\WINDOWS\system32\drivers\btaudio.sys
11:18:52.0796 4620 btaudio - ok
11:18:52.0828 4620 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
11:18:52.0843 4620 BTDriver - ok
11:18:52.0953 4620 BTKRNL (75130181fa2fd6cbe83083c5311abe78) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
11:18:53.0000 4620 BTKRNL - ok
11:18:53.0109 4620 btwdins (b907322915d4b5105a7c4a78ffd7a4e3) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
11:18:53.0125 4620 btwdins - ok
11:18:53.0296 4620 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
11:18:53.0296 4620 BTWDNDIS - ok
11:18:53.0343 4620 BTWUSB (6b622612fe21b59faee2ca4385959778) C:\WINDOWS\system32\Drivers\btwusb.sys
11:18:53.0343 4620 BTWUSB - ok
11:18:53.0375 4620 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:18:53.0453 4620 cbidf - ok
11:18:53.0468 4620 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:18:53.0562 4620 cbidf2k - ok
11:18:53.0593 4620 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:18:53.0671 4620 CCDECODE - ok
11:18:53.0687 4620 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:18:53.0718 4620 cd20xrnt - ok
11:18:53.0750 4620 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:18:53.0828 4620 Cdaudio - ok
11:18:53.0843 4620 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:18:53.0906 4620 Cdfs - ok
11:18:53.0937 4620 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:18:54.0015 4620 Cdrom - ok
11:18:54.0015 4620 Changer - ok
11:18:54.0062 4620 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
11:18:54.0140 4620 CiSvc - ok
11:18:54.0171 4620 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
11:18:54.0234 4620 ClipSrv - ok
11:18:54.0343 4620 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:18:54.0375 4620 clr_optimization_v2.0.50727_32 - ok
11:18:54.0406 4620 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:18:54.0484 4620 CmBatt - ok
11:18:54.0500 4620 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:18:54.0562 4620 CmdIde - ok
11:18:54.0671 4620 CnxtHdAudService (d93f3d5a627306b869e83ed035626992) C:\WINDOWS\system32\drivers\CHDAU32.sys
11:18:54.0718 4620 CnxtHdAudService - ok
11:18:54.0750 4620 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:18:54.0828 4620 Compbatt - ok
11:18:54.0828 4620 COMSysApp - ok
11:18:54.0875 4620 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:18:54.0953 4620 Cpqarray - ok
11:18:54.0984 4620 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
11:18:55.0046 4620 CryptSvc - ok
11:18:55.0062 4620 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:18:55.0125 4620 dac2w2k - ok
11:18:55.0171 4620 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:18:55.0234 4620 dac960nt - ok
11:18:55.0281 4620 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:18:55.0312 4620 DcomLaunch - ok
11:18:55.0359 4620 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
11:18:55.0437 4620 Dhcp - ok
11:18:55.0453 4620 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:18:55.0515 4620 Disk - ok
11:18:55.0562 4620 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
11:18:55.0578 4620 DLABMFSM - ok
11:18:55.0593 4620 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:18:55.0609 4620 DLABOIOM - ok
11:18:55.0609 4620 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:18:55.0625 4620 DLACDBHM - ok
11:18:55.0640 4620 DLADResM (dae193b1ddc6914f56b767a4f1406351) C:\WINDOWS\system32\DLA\DLADResM.SYS
11:18:55.0640 4620 DLADResM - ok
11:18:55.0656 4620 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:18:55.0671 4620 DLAIFS_M - ok
11:18:55.0671 4620 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:18:55.0687 4620 DLAOPIOM - ok
11:18:55.0703 4620 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:18:55.0703 4620 DLAPoolM - ok
11:18:55.0718 4620 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
11:18:55.0718 4620 DLARTL_M - ok
11:18:55.0734 4620 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:18:55.0750 4620 DLAUDFAM - ok
11:18:55.0765 4620 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:18:55.0781 4620 DLAUDF_M - ok
11:18:55.0796 4620 dmadmin - ok
11:18:55.0875 4620 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
11:18:56.0015 4620 dmboot - ok
11:18:56.0031 4620 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
11:18:56.0093 4620 dmio - ok
11:18:56.0109 4620 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:18:56.0171 4620 dmload - ok
11:18:56.0187 4620 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
11:18:56.0265 4620 dmserver - ok
11:18:56.0312 4620 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:18:56.0375 4620 DMusic - ok
11:18:56.0406 4620 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
11:18:56.0500 4620 Dnscache - ok
11:18:56.0546 4620 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
11:18:56.0625 4620 Dot3svc - ok
11:18:56.0656 4620 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:18:56.0734 4620 dpti2o - ok
11:18:56.0765 4620 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:18:56.0828 4620 drmkaud - ok
11:18:56.0859 4620 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:18:56.0875 4620 DRVMCDB - ok
11:18:56.0890 4620 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:18:56.0890 4620 DRVNDDM - ok
11:18:56.0937 4620 dtsvc (13f36b3cb0f73ad0a0b89a6afec97954) C:\WINDOWS\system32\DTS.exe
11:18:56.0953 4620 dtsvc ( UnsignedFile.Multi.Generic ) - warning
11:18:56.0953 4620 dtsvc - detected UnsignedFile.Multi.Generic (1)
11:18:57.0000 4620 e1yexpress (25c954c8e80eeca41dfc03946ef3fbf4) C:\WINDOWS\system32\DRIVERS\e1y5132.sys
11:18:57.0015 4620 e1yexpress - ok
11:18:57.0031 4620 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
11:18:57.0093 4620 EapHost - ok
11:18:57.0125 4620 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
11:18:57.0187 4620 ERSvc - ok
11:18:57.0234 4620 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:18:57.0250 4620 Eventlog - ok
11:18:57.0296 4620 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
11:18:57.0343 4620 EventSystem - ok
11:18:57.0531 4620 EvtEng (53cca6b4df0977074e85c9a18f42b5cc) C:\Programme\Intel\WiFi\bin\EvtEng.exe
11:18:57.0578 4620 EvtEng - ok
11:18:57.0656 4620 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:18:57.0734 4620 Fastfat - ok
11:18:57.0781 4620 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:18:57.0875 4620 FastUserSwitchingCompatibility - ok
11:18:57.0906 4620 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
11:18:57.0984 4620 Fdc - ok
11:18:58.0031 4620 FingerprintServer (d28b93001f499f102fffc6e73b4434a3) C:\WINDOWS\system32\FpLogonServ.exe
11:18:58.0031 4620 FingerprintServer ( UnsignedFile.Multi.Generic ) - warning
11:18:58.0031 4620 FingerprintServer - detected UnsignedFile.Multi.Generic (1)
11:18:58.0046 4620 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
11:18:58.0109 4620 Fips - ok
11:18:58.0125 4620 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:18:58.0203 4620 Flpydisk - ok
11:18:58.0234 4620 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:18:58.0296 4620 FltMgr - ok
11:18:58.0390 4620 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:18:58.0406 4620 FontCache3.0.0.0 - ok
11:18:58.0406 4620 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:18:58.0500 4620 Fs_Rec - ok
11:18:58.0531 4620 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:18:58.0609 4620 Ftdisk - ok
11:18:58.0625 4620 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:18:58.0687 4620 Gpc - ok
11:18:58.0718 4620 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:18:58.0796 4620 HDAudBus - ok
11:18:58.0843 4620 HECI (2df64415a28ce036ac6acec7645a996f) C:\WINDOWS\system32\DRIVERS\HECI.sys
11:18:58.0890 4620 HECI - ok
11:18:58.0937 4620 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:18:59.0000 4620 helpsvc - ok
11:18:59.0000 4620 HidServ - ok
11:18:59.0046 4620 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:18:59.0125 4620 HidUsb - ok
11:18:59.0156 4620 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
11:18:59.0218 4620 hkmsvc - ok
11:18:59.0234 4620 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:18:59.0296 4620 hpn - ok
11:18:59.0343 4620 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:18:59.0390 4620 HSFHWAZL - ok
11:18:59.0484 4620 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:18:59.0562 4620 HSF_DPV - ok
11:18:59.0609 4620 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:18:59.0671 4620 HTTP - ok
11:18:59.0703 4620 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
11:18:59.0781 4620 HTTPFilter - ok
11:18:59.0796 4620 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:18:59.0875 4620 i2omgmt - ok
11:18:59.0906 4620 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:18:59.0984 4620 i2omp - ok
11:19:00.0015 4620 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:19:00.0093 4620 i8042prt - ok
11:19:00.0140 4620 iaStor (01446278d4563b3013c92830ae6cbb26) C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:19:00.0156 4620 iaStor - ok
11:19:00.0187 4620 IBMPMDRV (7285cd0c2b686e0590f941b48414a9f4) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:19:00.0203 4620 IBMPMDRV - ok
11:19:00.0218 4620 IBMPMSVC (822675eb6dd6f078316aa6ebc545518c) C:\WINDOWS\system32\ibmpmsvc.exe
11:19:00.0218 4620 IBMPMSVC - ok
11:19:00.0250 4620 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
11:19:00.0265 4620 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
11:19:00.0265 4620 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
11:19:00.0468 4620 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:19:00.0546 4620 idsvc - ok
11:19:00.0562 4620 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:19:00.0640 4620 Imapi - ok
11:19:00.0687 4620 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
11:19:00.0765 4620 ImapiService - ok
11:19:00.0812 4620 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:19:00.0890 4620 ini910u - ok
11:19:00.0906 4620 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:19:00.0984 4620 IntelIde - ok
11:19:01.0000 4620 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:19:01.0062 4620 intelppm - ok
11:19:01.0093 4620 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:19:01.0156 4620 Ip6Fw - ok
11:19:01.0171 4620 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:19:01.0234 4620 IpFilterDriver - ok
11:19:01.0250 4620 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:19:01.0312 4620 IpInIp - ok
11:19:01.0343 4620 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:19:01.0421 4620 IpNat - ok
11:19:01.0484 4620 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:19:01.0546 4620 IPSec - ok
11:19:01.0546 4620 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:19:01.0578 4620 IRENUM - ok
11:19:01.0609 4620 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:19:01.0671 4620 isapnp - ok
11:19:01.0734 4620 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
11:19:01.0750 4620 IviRegMgr - ok
11:19:01.0843 4620 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
11:19:01.0843 4620 JavaQuickStarterService - ok
11:19:01.0875 4620 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:19:01.0953 4620 Kbdclass - ok
11:19:02.0000 4620 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:19:02.0062 4620 kmixer - ok
11:19:02.0093 4620 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:19:02.0187 4620 KSecDD - ok
11:19:02.0218 4620 LanmanServer (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
11:19:02.0265 4620 LanmanServer - ok
11:19:02.0312 4620 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
11:19:02.0375 4620 lanmanworkstation - ok
11:19:02.0375 4620 lbrtfdc - ok
11:19:02.0500 4620 LENOVO.MICMUTE (d584216c7767dcfb4b812b9b60a4a4e7) C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
11:19:02.0500 4620 LENOVO.MICMUTE - ok
11:19:02.0546 4620 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\WINDOWS\system32\DRIVERS\smiif32.sys
11:19:02.0546 4620 lenovo.smi - ok
11:19:02.0593 4620 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
11:19:02.0656 4620 LmHosts - ok
11:19:02.0703 4620 LMS (6a38bf67bba38e8087f2a0f05fab6de7) C:\Programme\Intel\AMT\LMS.exe
11:19:02.0718 4620 LMS - ok
11:19:02.0781 4620 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe
11:19:02.0796 4620 McComponentHostService - ok
11:19:02.0859 4620 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:19:02.0875 4620 mdmxsdk - ok
11:19:02.0906 4620 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
11:19:02.0968 4620 Messenger - ok
11:19:03.0000 4620 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:19:03.0062 4620 mnmdd - ok
11:19:03.0109 4620 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
11:19:03.0171 4620 mnmsrvc - ok
11:19:03.0203 4620 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
11:19:03.0281 4620 Modem - ok
11:19:03.0312 4620 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:19:03.0390 4620 Mouclass - ok
11:19:03.0421 4620 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:19:03.0484 4620 mouhid - ok
11:19:03.0515 4620 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:19:03.0578 4620 MountMgr - ok
11:19:03.0640 4620 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
11:19:03.0640 4620 MozillaMaintenance - ok
11:19:03.0671 4620 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:19:03.0750 4620 mraid35x - ok
11:19:03.0765 4620 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:19:03.0828 4620 MRxDAV - ok
11:19:03.0890 4620 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:19:03.0968 4620 MRxSmb - ok
11:19:04.0000 4620 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
11:19:04.0062 4620 MSDTC - ok
11:19:04.0078 4620 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:19:04.0156 4620 Msfs - ok
11:19:04.0171 4620 MSIServer - ok
11:19:04.0203 4620 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:19:04.0281 4620 MSKSSRV - ok
11:19:04.0312 4620 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:19:04.0375 4620 MSPCLOCK - ok
11:19:04.0390 4620 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:19:04.0468 4620 MSPQM - ok
11:19:04.0484 4620 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:19:04.0546 4620 mssmbios - ok
11:19:04.0625 4620 MSSQL$MSSMLBIZ - ok
11:19:04.0687 4620 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe
11:19:04.0703 4620 MSSQLServerADHelper - ok
11:19:04.0718 4620 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:19:04.0781 4620 MSTEE - ok
11:19:04.0828 4620 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:19:04.0875 4620 Mup - ok
11:19:04.0906 4620 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:19:04.0968 4620 NABTSFEC - ok
11:19:05.0015 4620 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
11:19:05.0109 4620 napagent - ok
11:19:05.0156 4620 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:19:05.0234 4620 NDIS - ok
11:19:05.0250 4620 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:19:05.0328 4620 NdisIP - ok
11:19:05.0359 4620 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:19:05.0421 4620 NdisTapi - ok
11:19:05.0437 4620 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:19:05.0500 4620 Ndisuio - ok
11:19:05.0515 4620 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:19:05.0593 4620 NdisWan - ok
11:19:05.0625 4620 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:19:05.0671 4620 NDProxy - ok
11:19:05.0703 4620 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:19:05.0765 4620 NetBIOS - ok
11:19:05.0796 4620 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:19:05.0875 4620 NetBT - ok
11:19:05.0906 4620 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:19:05.0984 4620 NetDDE - ok
11:19:06.0000 4620 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
11:19:06.0062 4620 NetDDEdsdm - ok
11:19:06.0156 4620 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:19:06.0234 4620 Netlogon - ok
11:19:06.0281 4620 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
11:19:06.0343 4620 Netman - ok
11:19:06.0500 4620 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:19:06.0515 4620 NetTcpPortSharing - ok
11:19:06.0968 4620 NETw5x32 (ccdb8db66acd3c0a6c8e171b79f60ac4) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
11:19:07.0218 4620 NETw5x32 - ok
11:19:07.0390 4620 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:19:07.0500 4620 NIC1394 - ok
11:19:07.0546 4620 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
11:19:07.0578 4620 Nla - ok
11:19:07.0593 4620 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:19:07.0687 4620 Npfs - ok
11:19:07.0718 4620 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
11:19:07.0765 4620 NSCIRDA - ok
11:19:07.0828 4620 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:19:07.0921 4620 Ntfs - ok
11:19:07.0968 4620 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:19:08.0031 4620 NtLmSsp - ok
11:19:08.0093 4620 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
11:19:08.0171 4620 NtmsSvc - ok
11:19:08.0203 4620 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:19:08.0250 4620 Null - ok
11:19:08.0265 4620 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:19:08.0343 4620 NwlnkFlt - ok
11:19:08.0343 4620 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:19:08.0406 4620 NwlnkFwd - ok
11:19:08.0531 4620 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
11:19:08.0562 4620 odserv - ok
11:19:08.0593 4620 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:19:08.0656 4620 ohci1394 - ok
11:19:08.0687 4620 ose (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:19:08.0703 4620 ose - ok
11:19:08.0750 4620 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
11:19:08.0812 4620 Parport - ok
11:19:08.0828 4620 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:19:08.0890 4620 PartMgr - ok
11:19:08.0906 4620 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
11:19:08.0968 4620 ParVdm - ok
11:19:08.0984 4620 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
11:19:09.0062 4620 PCI - ok
11:19:09.0062 4620 PCIDump - ok
11:19:09.0093 4620 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:19:09.0156 4620 PCIIde - ok
11:19:09.0171 4620 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
11:19:09.0234 4620 Pcmcia - ok
11:19:09.0250 4620 PDCOMP - ok
11:19:09.0265 4620 PDFRAME - ok
11:19:09.0281 4620 PDRELI - ok
11:19:09.0296 4620 PDRFRAME - ok
11:19:09.0312 4620 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:19:09.0375 4620 perc2 - ok
11:19:09.0375 4620 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:19:09.0437 4620 perc2hib - ok
11:19:09.0500 4620 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
11:19:09.0515 4620 PlugPlay - ok
11:19:09.0546 4620 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
11:19:09.0546 4620 pmem ( UnsignedFile.Multi.Generic ) - warning
11:19:09.0546 4620 pmem - detected UnsignedFile.Multi.Generic (1)
11:19:09.0562 4620 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:19:09.0625 4620 PolicyAgent - ok
11:19:09.0718 4620 Power Manager DBC Service (f69196d9b14e5e867380ad297bd2145a) C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
11:19:09.0718 4620 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning
11:19:09.0718 4620 Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)
11:19:09.0734 4620 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:19:09.0812 4620 PptpMiniport - ok
11:19:09.0812 4620 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:19:09.0875 4620 ProtectedStorage - ok
11:19:09.0890 4620 psadd (271f3e304cf2a467188ef393c8fbd2b7) C:\WINDOWS\system32\DRIVERS\psadd.sys
11:19:09.0906 4620 psadd - ok
11:19:09.0921 4620 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:19:10.0000 4620 PSched - ok
11:19:10.0015 4620 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:19:10.0062 4620 Ptilink - ok
11:19:10.0109 4620 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:19:10.0109 4620 PxHelp20 - ok
11:19:10.0140 4620 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:19:10.0218 4620 ql1080 - ok
11:19:10.0234 4620 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:19:10.0281 4620 Ql10wnt - ok
11:19:10.0312 4620 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:19:10.0375 4620 ql12160 - ok
11:19:10.0390 4620 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:19:10.0453 4620 ql1240 - ok
11:19:10.0468 4620 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:19:10.0515 4620 ql1280 - ok
11:19:10.0546 4620 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:19:10.0609 4620 RasAcd - ok
11:19:10.0640 4620 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
11:19:10.0718 4620 RasAuto - ok
11:19:10.0718 4620 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
11:19:10.0765 4620 Rasirda - ok
11:19:10.0796 4620 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:19:10.0875 4620 Rasl2tp - ok
11:19:10.0906 4620 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
11:19:11.0000 4620 RasMan - ok
11:19:11.0000 4620 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:19:11.0062 4620 RasPppoe - ok
11:19:11.0093 4620 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:19:11.0171 4620 Raspti - ok
11:19:11.0203 4620 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:19:11.0265 4620 Rdbss - ok
11:19:11.0296 4620 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:19:11.0343 4620 RDPCDD - ok
11:19:11.0375 4620 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:19:11.0437 4620 rdpdr - ok
11:19:11.0484 4620 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
11:19:11.0546 4620 RDPWD - ok
11:19:11.0578 4620 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
11:19:11.0671 4620 RDSessMgr - ok
11:19:11.0687 4620 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:19:11.0750 4620 redbook - ok
11:19:11.0859 4620 RegSrvc (7c4391419852dfc331f6af620c33af3c) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
11:19:11.0875 4620 RegSrvc - ok
11:19:11.0906 4620 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
11:19:11.0984 4620 RemoteAccess - ok
11:19:12.0015 4620 RemoteRegistry (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
11:19:12.0093 4620 RemoteRegistry - ok
11:19:12.0125 4620 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
11:19:12.0156 4620 rimmptsk - ok
11:19:12.0171 4620 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
11:19:12.0203 4620 rimsptsk - ok
11:19:12.0218 4620 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
11:19:12.0281 4620 rismxdp - ok
11:19:12.0515 4620 RoxMediaDB10 (eb9eeb379848f356797eb9ef31114ca5) C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
11:19:12.0625 4620 RoxMediaDB10 - ok
11:19:12.0671 4620 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
11:19:12.0796 4620 RpcLocator - ok
11:19:12.0859 4620 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
11:19:12.0890 4620 RpcSs - ok
11:19:12.0921 4620 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
11:19:13.0000 4620 RSVP - ok
11:19:13.0187 4620 S24EventMonitor (55ccc8ced5778556f6b516b3858ac970) C:\Programme\Intel\WiFi\bin\S24EvMon.exe
11:19:13.0234 4620 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
11:19:13.0234 4620 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
11:19:13.0296 4620 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:19:13.0343 4620 s24trans - ok
11:19:13.0375 4620 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
11:19:13.0437 4620 SamSs - ok
11:19:13.0468 4620 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
11:19:13.0531 4620 SCardSvr - ok
11:19:13.0578 4620 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
11:19:13.0671 4620 Schedule - ok
11:19:13.0703 4620 sdbus (d1facb3c7d12f439c18ef01aa88c2a9d) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:19:13.0750 4620 sdbus - ok
11:19:13.0796 4620 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:19:13.0843 4620 Secdrv - ok
11:19:13.0875 4620 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
11:19:13.0968 4620 seclogon - ok
11:19:13.0984 4620 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
11:19:14.0078 4620 SENS - ok
11:19:14.0093 4620 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:19:14.0171 4620 Serenum - ok
11:19:14.0203 4620 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
11:19:14.0265 4620 Serial - ok
11:19:14.0296 4620 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
11:19:14.0375 4620 sffdisk - ok
11:19:14.0375 4620 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
11:19:14.0437 4620 sffp_sd - ok
11:19:14.0453 4620 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:19:14.0515 4620 Sfloppy - ok
11:19:14.0578 4620 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
11:19:14.0671 4620 SharedAccess - ok
11:19:14.0703 4620 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:19:14.0718 4620 ShellHWDetection - ok
11:19:14.0750 4620 Shockprf (2108fc5934843e5f346a715e71fa79f9) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
11:19:14.0765 4620 Shockprf - ok
11:19:14.0781 4620 Simbad - ok
11:19:14.0796 4620 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:19:14.0875 4620 sisagp - ok
11:19:15.0250 4620 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
11:19:15.0406 4620 Skype C2C Service - ok
11:19:15.0500 4620 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Programme\Skype\Updater\Updater.exe
11:19:15.0515 4620 SkypeUpdate - ok
11:19:15.0671 4620 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:19:15.0781 4620 SLIP - ok
11:19:15.0812 4620 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:19:15.0875 4620 Sparrow - ok
11:19:15.0921 4620 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:19:15.0984 4620 splitter - ok
11:19:16.0015 4620 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
11:19:16.0078 4620 Spooler - ok
11:19:16.0187 4620 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
11:19:16.0187 4620 SQLBrowser - ok
11:19:16.0234 4620 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:19:16.0234 4620 SQLWriter - ok
11:19:16.0281 4620 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
11:19:16.0328 4620 sr - ok
11:19:16.0375 4620 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
11:19:16.0406 4620 srservice - ok
11:19:16.0437 4620 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:19:16.0484 4620 Srv - ok
11:19:16.0515 4620 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
11:19:16.0546 4620 SSDPSRV - ok
11:19:16.0578 4620 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:19:16.0578 4620 ssmdrv - ok
11:19:16.0625 4620 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
11:19:16.0687 4620 stisvc - ok
11:19:16.0750 4620 stllssvr (1d0063597c3666404fcf97698abeb019) C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
11:19:16.0765 4620 stllssvr - ok
11:19:16.0796 4620 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:19:16.0859 4620 streamip - ok
11:19:16.0953 4620 SUService (5224204b3a0f5280ed86beab698044f6) c:\programme\lenovo\system update\suservice.exe
11:19:16.0953 4620 SUService ( UnsignedFile.Multi.Generic ) - warning
11:19:16.0953 4620 SUService - detected UnsignedFile.Multi.Generic (1)
11:19:16.0984 4620 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:19:17.0046 4620 swenum - ok
11:19:17.0078 4620 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:19:17.0140 4620 swmidi - ok
11:19:17.0156 4620 SwPrv - ok
11:19:17.0187 4620 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:19:17.0250 4620 symc810 - ok
11:19:17.0281 4620 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:19:17.0328 4620 symc8xx - ok
11:19:17.0343 4620 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:19:17.0421 4620 sym_hi - ok
11:19:17.0421 4620 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:19:17.0484 4620 sym_u3 - ok
11:19:17.0515 4620 SynTP (22a3c56e19d665d34f763dd8ce5060ab) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:19:17.0531 4620 SynTP - ok
11:19:17.0578 4620 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:19:17.0640 4620 sysaudio - ok
11:19:17.0671 4620 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
11:19:17.0750 4620 SysmonLog - ok
11:19:17.0796 4620 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
11:19:17.0859 4620 TapiSrv - ok
11:19:17.0921 4620 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:19:17.0953 4620 Tcpip - ok
11:19:17.0984 4620 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:19:18.0031 4620 TDPIPE - ok
11:19:18.0046 4620 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:19:18.0125 4620 TDTCP - ok
11:19:18.0140 4620 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:19:18.0203 4620 TermDD - ok
11:19:18.0250 4620 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
11:19:18.0343 4620 TermService - ok
11:19:18.0375 4620 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
11:19:18.0390 4620 Themes - ok
11:19:18.0531 4620 ThinkVantage Registry Monitor Service (1c7b8e69bf9557a17a17f2120892acf9) c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
11:19:18.0562 4620 ThinkVantage Registry Monitor Service - ok
11:19:18.0609 4620 TlntSvr (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
11:19:18.0656 4620 TlntSvr - ok
11:19:18.0718 4620 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
11:19:18.0781 4620 TosIde - ok
11:19:18.0812 4620 TPDIGIMN (1282722cf2cc5a88a606b8022d0f8b7e) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
11:19:18.0828 4620 TPDIGIMN - ok
11:19:18.0843 4620 TPHDEXLGSVC (5a726e3cc83655ef71912c4775d004f9) C:\WINDOWS\system32\TPHDEXLG.exe
11:19:18.0859 4620 TPHDEXLGSVC - ok
11:19:18.0890 4620 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
11:19:18.0921 4620 TPHKDRV - ok
11:19:18.0968 4620 TPHKSVC (3c6a42a8494d74f44f048bb7f9f2db44) C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
11:19:18.0984 4620 TPHKSVC - ok
11:19:19.0015 4620 tpm (3724dff72b0f5307cf761cc91c2bb9f7) C:\WINDOWS\system32\DRIVERS\tpm.sys
11:19:19.0078 4620 tpm - ok
11:19:19.0093 4620 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
11:19:19.0109 4620 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
11:19:19.0109 4620 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
11:19:19.0156 4620 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
11:19:19.0250 4620 TrkWks - ok
11:19:19.0312 4620 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
11:19:19.0328 4620 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
11:19:19.0328 4620 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
11:19:19.0421 4620 TSSCoreService (ddd4a2c9a37b93c7d8a539f785572565) C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
11:19:19.0453 4620 TSSCoreService - ok
11:19:19.0500 4620 TVT Backup Protection Service (1aa675a55e169bc45b5685355bec2c66) C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
11:19:19.0515 4620 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
11:19:19.0515 4620 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
11:19:19.0656 4620 TVT Backup Service (ff86960cf29eab25cddecc92cbba43d4) C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
11:19:19.0687 4620 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
11:19:19.0687 4620 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
11:19:19.0875 4620 TVT Scheduler (49851e0177f2044184c125e919d1917c) c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
11:19:19.0937 4620 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
11:19:19.0937 4620 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
11:19:20.0078 4620 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
11:19:20.0125 4620 tvtfilter - ok
11:19:20.0140 4620 TVTI2C (7e66dda1ef146bfc3a6e36e08e036602) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
11:19:20.0156 4620 TVTI2C - ok
11:19:20.0296 4620 TVT_UpdateMonitor (22a001f3fbb92e3811c3bfd8fdad3ed3) C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe
11:19:20.0296 4620 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - warning
11:19:20.0296 4620 TVT_UpdateMonitor - detected UnsignedFile.Multi.Generic (1)
11:19:20.0343 4620 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:19:20.0453 4620 Udfs - ok
11:19:20.0500 4620 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:19:20.0562 4620 ultra - ok
11:19:20.0843 4620 UNS (fa84735377d00e12597d2a1d8d2c320e) C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe
11:19:20.0968 4620 UNS - ok
11:19:21.0156 4620 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:19:21.0359 4620 Update - ok
11:19:21.0468 4620 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
11:19:21.0531 4620 upnphost - ok
11:19:21.0562 4620 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
11:19:21.0625 4620 UPS - ok
11:19:21.0671 4620 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:19:21.0734 4620 usbccgp - ok
11:19:21.0781 4620 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:19:21.0843 4620 usbehci - ok
11:19:21.0859 4620 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:19:21.0921 4620 usbhub - ok
11:19:21.0953 4620 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:19:22.0015 4620 usbscan - ok
11:19:22.0046 4620 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:19:22.0109 4620 USBSTOR - ok
11:19:22.0125 4620 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:19:22.0187 4620 usbuhci - ok
11:19:22.0218 4620 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:19:22.0281 4620 VgaSave - ok
11:19:22.0312 4620 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:19:22.0390 4620 viaagp - ok
11:19:22.0421 4620 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:19:22.0484 4620 ViaIde - ok
11:19:22.0515 4620 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
11:19:22.0578 4620 VolSnap - ok
11:19:22.0718 4620 vpnagent (caafa2333b428a12bfa97ecd389f59c5) C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
11:19:22.0734 4620 vpnagent - ok
11:19:22.0765 4620 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\WINDOWS\system32\DRIVERS\vpnva.sys
11:19:22.0781 4620 vpnva - ok
11:19:22.0843 4620 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
11:19:22.0890 4620 VSS - ok
11:19:22.0921 4620 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
11:19:22.0984 4620 W32Time - ok
11:19:23.0015 4620 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:19:23.0093 4620 Wanarp - ok
11:19:23.0171 4620 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
11:19:23.0187 4620 Wdf01000 - ok
11:19:23.0203 4620 WDICA - ok
11:19:23.0234 4620 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:19:23.0296 4620 wdmaud - ok
11:19:23.0328 4620 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
11:19:23.0375 4620 WebClient - ok
11:19:23.0484 4620 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:19:23.0546 4620 winachsf - ok
11:19:23.0625 4620 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:19:23.0687 4620 winmgmt - ok
11:19:23.0750 4620 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
11:19:23.0796 4620 WmdmPmSN - ok
11:19:23.0890 4620 Wmi (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
11:19:23.0937 4620 Wmi - ok
11:19:24.0015 4620 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:19:24.0109 4620 WmiAcpi - ok
11:19:24.0171 4620 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:19:24.0265 4620 WmiApSrv - ok
11:19:24.0468 4620 WMPNetworkSvc (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
11:19:24.0562 4620 WMPNetworkSvc - ok
11:19:24.0609 4620 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:19:24.0703 4620 WSTCODEC - ok
11:19:24.0734 4620 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
11:19:24.0859 4620 wuauserv - ok
11:19:24.0890 4620 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:19:24.0937 4620 WudfPf - ok
11:19:24.0968 4620 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:19:24.0984 4620 WudfRd - ok
11:19:25.0015 4620 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:19:25.0046 4620 WudfSvc - ok
11:19:25.0093 4620 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
11:19:25.0234 4620 WZCSVC - ok
11:19:25.0265 4620 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
11:19:25.0343 4620 xmlprov - ok
11:19:25.0484 4620 MBR (0x1B8) (764dd92810ee41ca0642387d56f71739) \Device\Harddisk0\DR0
11:19:26.0015 4620 \Device\Harddisk0\DR0 - ok
11:19:26.0031 4620 Boot (0x1200) (6d32fedc4705b6d436bdca23e042b557) \Device\Harddisk0\DR0\Partition0
11:19:26.0031 4620 \Device\Harddisk0\DR0\Partition0 - ok
11:19:26.0046 4620 ============================================================
11:19:26.0046 4620 Scan finished
11:19:26.0046 4620 ============================================================
11:19:26.0171 4612 Detected object count: 17
11:19:26.0171 4612 Actual detected object count: 17
11:20:03.0359 4612 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0359 4612 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0359 4612 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0359 4612 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0359 4612 ADMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0359 4612 ADMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0359 4612 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0359 4612 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0375 4612 dtsvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0375 4612 dtsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0406 4612 FingerprintServer ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0406 4612 FingerprintServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0406 4612 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0406 4612 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0406 4612 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0406 4612 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0421 4612 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0421 4612 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0421 4612 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0421 4612 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0437 4612 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0437 4612 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0437 4612 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0437 4612 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0453 4612 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0453 4612 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0453 4612 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0453 4612 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0468 4612 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0468 4612 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0468 4612 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0468 4612 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:20:03.0484 4612 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
11:20:03.0484 4612 TVT_UpdateMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
06.08.2012, 12:23
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 13:03
| #23 |
| | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 So, scheint glatt durchgelaufen zu sein: [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-08-05.02 - Aerophil 06.08.2012 13:48:01.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2520.1805 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Aerophil\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-06 bis 2012-08-06 ))))))))))))))))))))))))))))))
.
.
2012-08-05 18:56 . 2012-08-05 18:56 -------- d-----w- C:\_OTL
2012-08-04 18:27 . 2012-08-04 18:27 -------- d-----w- c:\programme\ESET
2012-08-02 11:17 . 2012-08-02 11:17 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-08-01 00:00 . 2012-08-01 00:00 -------- d-----w- c:\dokumente und einstellungen\Aerophil\Anwendungsdaten\Malwarebytes
2012-08-01 00:00 . 2012-08-01 00:00 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-08-01 00:00 . 2012-08-01 00:00 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-08-01 00:00 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-31 22:10 . 2012-07-31 23:42 -------- d-----w- c:\windows\system32\NtmsData
2012-07-12 21:49 . 2012-07-12 21:49 -------- d-----w- c:\programme\VLC Media Player Portable
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 06:43 . 2012-04-02 06:14 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 06:43 . 2011-05-18 17:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55 . 2008-07-22 16:47 1866240 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-07-22 16:47 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2008-07-22 16:47 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-07-22 16:47 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 18:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-07-22 06:59 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-07-22 06:59 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-07-22 06:59 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2008-07-22 16:47 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-07-22 06:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-07-22 06:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-08-06 18:24 23576 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-07-22 06:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-07-22 06:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-04-25 21:11 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-04-25 21:11 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-04-25 21:11 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-07-22 16:47 604160 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:07 . 2008-07-22 16:47 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2008-07-22 16:47 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2008-07-22 16:47 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-07-22 16:47 385024 ----a-w- c:\windows\system32\html.iec
2012-05-08 20:35 . 2012-01-28 12:32 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-08 20:35 . 2010-02-03 23:53 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-07-18 22:22 . 2011-05-16 19:20 136672 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\programme\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"picon"="c:\programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-02-12 357400]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-07 256576]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-05-28 61728]
"TpShocks"="TpShocks.exe" [2009-02-02 181536]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\programme\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-02-19 1434920]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-11-24 487424]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-28 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-28 124248]
"CameraApplicationLauncher"="c:\programme\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2009-03-12 16384]
"Message Center Plus"="c:\programme\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-10-22 421888]
"CreateLMBCShortCut"="c:\programme\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" [2009-07-16 40960]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2009-03-04 3093816]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2009-5-8 607584]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2009-12-24 50688]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
RCIMGDIR.exe.lnk - c:\programme\RotateImage\RCIMGDIR.exe [2009-12-24 31744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-10-26 17:41 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\programme\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cisco AnyConnect Secure Mobility Agent for Windows]
2011-09-09 16:09 523216 ----a-w- c:\programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28.01.2009 18:57 20520]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [28.01.2012 14:32 36000]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [23.10.2008 10:15 13480]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [28.01.2012 14:32 86224]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [26.10.2008 19:33 1676536]
R2 BBSvc;Bing Bar Update Service;c:\programme\Microsoft\BingBar\BBSvc.EXE [21.10.2011 16:23 196176]
R2 BBUpdate;BBUpdate;c:\programme\Microsoft\BingBar\SeaPort.EXE [13.10.2011 18:21 249648]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [26.10.2008 19:38 98304]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [26.10.2008 19:41 118784]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [24.12.2009 22:04 53248]
R2 Skype C2C Service;Skype C2C Service;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe [05.07.2012 18:41 3048136]
R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [06.10.2009 04:21 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\programme\Lenovo\Rescue and Recovery\rrpservice.exe [24.11.2008 16:34 520192]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe [24.12.2009 21:46 2058776]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [05.05.2010 20:59 583360]
R3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [25.12.2009 06:31 72192]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [24.12.2009 21:54 482176]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [25.12.2009 06:31 243856]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.02.2008 16:54 37312]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [06.10.2009 04:21 45424]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [03.07.2012 13:19 160944]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe [09.05.2008 18:50 360448]
S3 acsint;acsint;c:\windows\system32\drivers\acsint.sys [10.12.2011 14:05 38440]
S3 acsmux;acsmux;c:\windows\system32\drivers\acsmux.sys [10.12.2011 14:05 57000]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [26.10.2008 19:38 106496]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [26.04.2012 08:27 113120]
S3 RoxMediaDB10;RoxMediaDB10;c:\programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [25.04.2008 09:15 1120752]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programme\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2012-08-06 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-12-24 16:04]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.msn.com
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 129.69.252.252 129.69.252.212 129.69.252.202
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\dokumente und einstellungen\Aerophil\Anwendungsdaten\Mozilla\Firefox\Profiles\0jejmtmn.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-ACNotify - ACNotify.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-08-06 13:54
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
.
c:\windows\system32\TPHDLOG0.LOG 384 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\FpWinLogonNp.dll
c:\programme\Lenovo Fingerprint Software\ATCSSINT.dll
c:\programme\Lenovo Fingerprint Software\SharedResources.dll
c:\programme\Lenovo Fingerprint Software\FPResource.dll
c:\programme\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\programme\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1020)
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programme\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\programme\Lenovo\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\programme\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\TpShocks.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\programme\Synaptics\SynTP\SynTPLpr.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\programme\Intel\AMT\LMS.exe
c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\programme\Lenovo\Client Security Solution\tvttcsd.exe
c:\programme\Lenovo\Rescue and Recovery\rrservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\lenovo\system update\suservice.exe
c:\programme\Windows Media Player\WMPNetwk.exe
c:\programme\ThinkPad\ConnectUtilities\AcSvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-06 13:58:00 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-06 11:57
.
Vor Suchlauf: 19 Verzeichnis(se), 260.586.770.432 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 257.974.956.032 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E522E49856E0BB64535637244785B1EE
|
|
06.08.2012, 13:30
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.08.2012, 16:40
| #25 |
| | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Puh, das hat ein wenig gedauert. Im Folgenden also alle gewünschten Logs: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-06 16:40:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.14.0
Running: 3jmm48zx.exe; Driver: C:\DOKUME~1\Aerophil\LOKALE~1\Temp\kwroikog.sys
---- System - GMER 1.0.15 ----
SSDT 9C529FBC ZwClose
SSDT 9C529F76 ZwCreateKey
SSDT 9C529FC6 ZwCreateSection
SSDT 9C529F6C ZwCreateThread
SSDT 9C529F7B ZwDeleteKey
SSDT 9C529F85 ZwDeleteValueKey
SSDT 9C529FB7 ZwDuplicateObject
SSDT 9C529F8A ZwLoadKey
SSDT 9C529F58 ZwOpenProcess
SSDT 9C529F5D ZwOpenThread
SSDT 9C529FDF ZwQueryValueKey
SSDT 9C529F94 ZwReplaceKey
SSDT 9C529FD0 ZwRequestWaitReplyPort
SSDT 9C529F8F ZwRestoreKey
SSDT 9C529FCB ZwSetContextThread
SSDT 9C529FD5 ZwSetSecurityObject
SSDT 9C529F80 ZwSetValueKey
SSDT 9C529FDA ZwSystemDebugControl
SSDT 9C529F67 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
? Combo-Fix.sys Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB84DC000, 0x1B6662, 0xE8000020]
? C:\ComboFix\catchme.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[3816] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0116B52A C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3816] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0141B6F5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3816] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0141B6D2 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3816] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 0141B653 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat 91FF5D20
Device \FileSystem\Fastfat \Fat 92005428
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Files - GMER 1.0.15 ----
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 89627 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\secpolicy.dat 57344 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 18720 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3442078936-191556845-2714280049-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3442078936-191556845-2714280049-500\c3ff3929-8e18-46af-9610-f66da22b322d 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3442078936-191556845-2714280049-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4022661095-1875058738-1706889412-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4022661095-1875058738-1706889412-500\4333ae2c-5f72-4aca-b94e-7e149b13c6e9 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4022661095-1875058738-1706889412-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-446457410-618114184-1655888578-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-446457410-618114184-1655888578-500\6a428da5-73f9-4a9b-a743-20d8c2ac2835 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-446457410-618114184-1655888578-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-3886091965-922040345-3825767373-1008 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-3886091965-922040345-3825767373-1008\6b29ae44e85efac3c72ff4d1865d73f1_5c4a3f28-7052-4922-ac27-61f005a9dc8d 53 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-3886091965-922040345-3825767373-1008\73d961f8c5ba1c37d83f3a08559ea0da_5c4a3f28-7052-4922-ac27-61f005a9dc8d 49 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-3886091965-922040345-3825767373-1008\83aa4cc77f591dfc2374580bbd95f6ba_5c4a3f28-7052-4922-ac27-61f005a9dc8d 45 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-3886091965-922040345-3825767373-1008\8f71098770f72c7a67cd8f1151619865_5c4a3f28-7052-4922-ac27-61f005a9dc8d 54 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-3886091965-922040345-3825767373-1008\a077ead69703e3bf1fd373a3c9376faa_5c4a3f28-7052-4922-ac27-61f005a9dc8d 77 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3442078936-191556845-2714280049-500 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3442078936-191556845-2714280049-500\c3ff3929-8e18-46af-9610-f66da22b322d 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3442078936-191556845-2714280049-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3886091965-922040345-3825767373-1008 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3886091965-922040345-3825767373-1008\130524b0-77c9-4930-ad87-0a64129be9f4 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3886091965-922040345-3825767373-1008\16765e5c-74e8-4c8a-94d9-151f9c5e6cdc 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3886091965-922040345-3825767373-1008\80ca1657-1c52-470a-a067-6fd66c0cb0ae 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3886091965-922040345-3825767373-1008\87452106-6afb-4f91-a5dd-cf00ff079e38 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3886091965-922040345-3825767373-1008\8deadc1d-1eb0-4bb0-add8-d0ff3fcbac4f 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3886091965-922040345-3825767373-1008\a3dc3bb9-98f3-4f3b-8120-6e73dca02571 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3886091965-922040345-3825767373-1008\ad6a7fc3-5c4e-4255-a1cb-f0cb1c1e82b9 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3886091965-922040345-3825767373-1008\cf3d8121-e3f6-41d7-9e3e-edc90cbb2bd0 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3886091965-922040345-3825767373-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4022661095-1875058738-1706889412-500 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4022661095-1875058738-1706889412-500\4333ae2c-5f72-4aca-b94e-7e149b13c6e9 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4022661095-1875058738-1706889412-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-446457410-618114184-1655888578-500 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-446457410-618114184-1655888578-500\6a428da5-73f9-4a9b-a743-20d8c2ac2835 388 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-446457410-618114184-1655888578-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Aerophil\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_5c4a3f28-7052-4922-ac27-61f005a9dc8d 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_5c4a3f28-7052-4922-ac27-61f005a9dc8d 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_5c4a3f28-7052-4922-ac27-61f005a9dc8d 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_5c4a3f28-7052-4922-ac27-61f005a9dc8d 917 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Lenovo\Client Security Solution\enroll.ini 50 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3442078936-191556845-2714280049-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3442078936-191556845-2714280049-500\c3ff3929-8e18-46af-9610-f66da22b322d 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3442078936-191556845-2714280049-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4022661095-1875058738-1706889412-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4022661095-1875058738-1706889412-500\4333ae2c-5f72-4aca-b94e-7e149b13c6e9 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-4022661095-1875058738-1706889412-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-446457410-618114184-1655888578-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-446457410-618114184-1655888578-500\6a428da5-73f9-4a9b-a743-20d8c2ac2835 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-446457410-618114184-1655888578-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_5c4a3f28-7052-4922-ac27-61f005a9dc8d 2567 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\S-1-5-20\44c0245b-42e6-4709-8cd4-e5bac538f662 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\S-1-5-20\dcb4f071-2510-4fa4-b7e8-4be7ff4a939a 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\S-1-5-20\e3ec91de-01be-4182-b902-ea844fbdeeea 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:46:18 on 06.08.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Programme\PCDR5\pcdr5cuiw32.exe "PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE (File found, but it contains no detailed information) [Control Panel Objects] -----( %SystemRoot%\system32 )----- "btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINDOWS\system32\PWMCPl.cpl "TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLCFG32.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS "APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DLABMFSM" (DLABMFSM) - "Roxio" - C:\WINDOWS\System32\DLA\DLABMFSM.SYS "DLABOIOM" (DLABOIOM) - "Roxio" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Roxio" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS "DLADResM" (DLADResM) - "Roxio" - C:\WINDOWS\System32\DLA\DLADResM.SYS "DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Roxio" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS "DLARTL_M" (DLARTL_M) - "Roxio" - C:\WINDOWS\System32\Drivers\DLARTL_M.SYS "DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Roxio" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS "IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\system32\Drivers\IBMBLDID.sys (File found, but it contains no detailed information) "kwroikog" (kwroikog) - ? - C:\DOKUME~1\Aerophil\LOKALE~1\Temp\kwroikog.sys (Hidden registry entry, rootkit activity | File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "mbr" (mbr) - ? - C:\DOKUME~1\Aerophil\LOKALE~1\Temp\mbr.sys (Hidden registry entry, rootkit activity | File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pmem" (pmem) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\pmemnt.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys "TPPWRIF" (TPPWRIF) - ? - C:\WINDOWS\System32\drivers\Tppwrif.sys (File found, but it contains no detailed information) "TSMAPIP" (TSMAPIP) - ? - C:\WINDOWS\System32\drivers\TSMAPIP.SYS (File found, but it contains no detailed information) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\BTNEIG~1.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\WINDOWS\system32\btncopy.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\OLKFSTUB.DLL {5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - C:\Programme\Lenovo\Drag-to-Disc\Shellex.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- 55963676-2F5E-4BAF-AC28-CF26AA587566 "Cisco AnyConnect VPN Client Web Control" - "Cisco Systems, Inc." - C:\WINDOWS\system32\vpnweb.ocx / vpnweb.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} "ClsidExtension" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Programme\Microsoft\BingBar\BingExt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Programme\Microsoft\BingBar\BingExt.dll {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} "IePasswordManagerHelper Class" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Digital Line Detect.lnk" - "Avanquest Software " - C:\Programme\Digital Line Detect\DLG.exe (Shortcut exists | File exists) "McAfee Security Scan Plus.lnk" - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (Shortcut exists | File exists) "RCIMGDIR.exe.lnk" - "Ricoh co.,Ltd." - C:\Programme\RotateImage\RCIMGDIR.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Aerophil\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ACTray" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe "ACWLIcon" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min "CameraApplicationLauncher" - ? - C:\Programme\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe "CreateLMBCShortCut" - ? - "C:\Programme\Lenovo\Mobile Broadband Connect\UserShortcutCreator.exe" "cssauth" - "Lenovo Group Limited" - "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent "EZEJMNAP" - "Lenovo Group Ltd." - C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe "FingerPrintSoftware" - "Authentec,Inc" - "C:\Programme\Lenovo Fingerprint Software\fpapp.exe" \s "FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe "LENOVO.TPFNF6R" - "Lenovo Group Limited" - C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe "LPMailChecker" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe "LPManager" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe "Message Center Plus" - ? - C:\Programme\LENOVO\Message Center Plus\MCPLaunch.exe /start "picon" - "Intel Corporation" - "C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\PrivacyIconClient.exe" -startup "PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TPFNF7" - "Lenovo Group Limited" - C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r "TPHOTKEY" - "Lenovo Group Limited" - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe "TpShocks" - "Lenovo." - TpShocks.exe "TVT Scheduler Proxy" - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll "Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe "Access Connections Main Service" (AcSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe "AD Monitor" (ADMonitor) - ? - C:\WINDOWS\system32\ADMonitor.exe "Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe "ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "AuthenTec Fingerprint Service" (ATService) - "AuthenTec, Inc." - C:\WINDOWS\system32\AtService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Programme\Microsoft\BingBar\SeaPort.EXE "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Programme\Microsoft\BingBar\BBSvc.EXE "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe "Cisco AnyConnect VPN Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe "Data Transfer Service" (dtsvc) - ? - C:\WINDOWS\system32\DTS.exe "Fingerprint Server" (FingerprintServer) - "AuthenTec,Inc" - C:\WINDOWS\system32\FpLogonServ.exe "Intel(R) Active Management Technology Local Management Service" (LMS) - "Intel Corporation" - C:\Programme\Intel\AMT\LMS.exe "Intel(R) Active Management Technology User Notification Service" (UNS) - "Intel Corporation" - C:\Programme\Gemeinsame Dateien\Intel\Privacy Icon\UNS\UNS.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe "Intel(R) PROSet/Wireless WiFi Service" (S24EventMonitor) - "Intel(R) Corporation" - C:\Programme\Intel\WiFi\bin\S24EvMon.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe "RoxMediaDB10" (RoxMediaDB10) - "Sonic Solutions" - C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe "Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe "SQL Server (MSSMLBIZ)" (MSSQL$MSSMLBIZ) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe "SQL Server-Browser" (SQLBrowser) - "Microsoft Corporation" - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe "SQL Server-Startdienst für Business Contact Manager" (BcmSqlStartupSvc) - "Microsoft Corporation" - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe "System Update" (SUService) - "Lenovo Group Limited" - c:\programme\lenovo\system update\suservice.exe "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe "ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe "TSS Core Service" (TSSCoreService) - "Lenovo" - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe "TVT Backup Protection Service" (TVT Backup Protection Service) - ? - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe "TVT Backup Service" (TVT Backup Service) - "Lenovo Group Limited" - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe "TVT Scheduler" (TVT Scheduler) - "Lenovo Group Limited" - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe "TVT Windows Update Monitor" (TVT_UpdateMonitor) - "Lenovo Group Limited" - C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "ATFUS" - "AuthenTec,Inc" - C:\WINDOWS\system32\FpWinLogonNp.dll "tpfnf2" - ? - C:\Programme\Lenovo\HOTKEY\notifyf2.dll (File found, but it contains no detailed information) "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-06 16:46:53
-----------------------------
16:46:53.046 OS Version: Windows 5.1.2600 Service Pack 3
16:46:53.046 Number of processors: 2 586 0x170A
16:46:53.046 ComputerName: NOTEBOOK-ALEX UserName: Aerophil
16:46:54.359 Initialize success
16:47:28.281 AVAST engine defs: 12080600
16:47:52.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:47:52.343 Disk 0 Vendor: WDC_WD32 14.0 Size: 305245MB BusType: 3
16:47:52.421 Disk 0 MBR read successfully
16:47:52.421 Disk 0 MBR scan
16:47:52.468 Disk 0 unknown MBR code
16:47:52.515 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 298376 MB offset 2048
16:47:52.578 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 6867 MB offset 611076096
16:47:52.625 Disk 0 scanning sectors +625139712
16:47:52.875 Disk 0 scanning C:\WINDOWS\system32\drivers
16:48:35.812 Service scanning
16:49:04.484 Modules scanning
16:49:53.140 Disk 0 trace - called modules:
16:49:53.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
16:49:53.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a147030]
16:49:53.187 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000008a[0x8a14b340]
16:49:53.203 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x89b9f028]
16:49:54.421 AVAST engine scan C:\WINDOWS
16:51:30.531 AVAST engine scan C:\WINDOWS\system32
17:04:02.171 AVAST engine scan C:\WINDOWS\system32\drivers
17:05:41.015 AVAST engine scan C:\Dokumente und Einstellungen\Aerophil
17:31:16.203 AVAST engine scan C:\Dokumente und Einstellungen\All Users
17:34:57.906 Scan finished successfully
17:35:12.984 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Aerophil\Desktop\MBR.dat"
17:35:12.984 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Aerophil\Desktop\aswMBR.txt"
|
|
07.08.2012, 11:18
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.08.2012, 11:39
| #27 |
| | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Hallo Arne, wie sieht es mit dem MBR-Fix aus in Zusammenhang mit dem vorinstallierten Windows und der Recovery Partition von Lenovo, besteht die Gefahr, dass ich mir da etwas zerschieße? Ich bin mir nicht sicher, ob ich irgendwo noch selbsterstellte CDs habe, mit denen ich den Rechner dann wieder neu aufgesetzt bekäme... Wäre das eine Alternative: hxxp://support.lenovo.com/en_US/detail.page?LegacyDocID=MIGR-62978 ? Gruß, Alex Geändert von Flowrider (07.08.2012 um 12:18 Uhr) |
|
08.08.2012, 15:00
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Wir können den MBR-Fix auch erstmal sein lassen, ich mach das immer nur Vorsichtshalber wenn der als unbekannt eingestuft wird
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.08.2012, 15:42
| #29 |
| | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Ich würde es erstmal gerne auslassen, da die Programmierer des Tools ja explizit davor warnen, das MBR von vorinstallierten Systemen mit Recovery-Partitionen zu fixen. Ich würde in Eigenregie versuchen, ob das Lenovo-Tool etwas an dem MBR auszusetzen hat bzw. es wieder in den Originalzustand zurücksetzen kann - so es das nicht mehr sein sollte. Können wir dann anderweitig weitermachen? Danke übrigens für Deine Hilfe soweit! Gruß, Alex |
|
09.08.2012, 12:29
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 Das ist wenn überhaupt eh nur von Belang, wenn man auf dieses Recoverygedöns angewiesen ist. idR hat man durch dieses Recover-Zeug mehr Nachteile als Vorteile - falls du mal neu aufsetzen musst, kannst du dir auch einfach eine XP-CD passend zu deinem Schlüssel (Pro oder Home ist ein Unterschied) leihen und bei der Installation nimmst du einfach den Key auf deinem Lizenzaufkleber Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/ATRAPS.Gen2, RootKit.0Access und Trojan.Phex.THAGen6 |
| administrator, adobe, antivir, avg, avira, bho, bingbar, branding, crypto, dateien gelöscht, desktop, error, explorer, firefox, format, frage, harddisk, helper, homepage, lenovo, logfile, monitor, netzwerk, opera, ordner, plug-in, security, senden, software, temp, trojan.phex.thagen, trojan.phex.thagen6, windows-firewall |
Linear-Darstellung
