Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner trojan.fakeAlert blendet Desktop und Dateien aus (https://www.trojaner-board.de/98469-trojaner-trojan-fakealert-blendet-desktop-dateien.html)

Xenos 29.04.2011 12:08
Trojaner trojan.fakeAlert blendet Desktop und Dateien aus
 
Hallo liebes Trojaner-Board Team!

Ich habe seit gestern Abend Probleme mit meinem Win7 Professional System. Der Desktophintergrund und alle Ordner sind verschwunden (Verknüpfungen nicht), meine Bibliothekten sind leer und die nicht-Windows Partition ebenfalls. Über die Suche sind einige Dateien auffindbar.
Ich habe daraufhin einen Full-Scan mit der aktualisierten Version von Anti-Malware gemacht, den Log gespeichert - und die gefundenen Probleme beheben lassen, was allerdings kein Besserung gebracht hat. Hier das Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6467

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

29.04.2011 02:35:56
mbam-log-2011-04-29 (02-35-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Durchsuchte Objekte: 362694
Laufzeit: 1 Stunde(n), 39 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\programdata\qkkforqyobsql.exe (Trojan.FakeAlert) -> 4144 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qkkFOrQYoBSQl (Trojan.FakeAlert) -> Value: qkkFOrQYoBSQl -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\qkkforqyobsql.exe (Trojan.FakeAlert) -> No action taken.
c:\program files\Lenovo\access connections\sms_application.exe (Trojan.MSIL.ND2) -> No action taken.
c:\Users\philip christmann\AppData\Local\Temp\0.19747792323172508.exe (Trojan.FakeAlert) -> No action taken.
c:\Users\philip christmann\AppData\LocalLow\Sun\Java\deployment\cache\6.0\49\53fa20b1-4663d815 (Trojan.FakeAlert) -> No action taken.

Für eure Unterstützung wäre ich sehr dankbar.

Gruß, Philip

cosinus 30.04.2011 03:23
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Xenos 30.04.2011 18:44
Hallo Arne,

danke für deine Antwort. Die früheren Logfiles sind alle ohne Befunde, unten die beiden jüngsten. Hoffe, du kannst mir trotzdem helfen - vielen Dank schon einmal.

Gruß, Philip


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09.08.2010 22:57:21
mbam-log-2010-08-09 (22-57-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 1
Laufzeit: 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

---------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.06.2010 11:48:05
mbam-log-2010-06-17 (11-48-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|)
Durchsuchte Objekte: 237311
Laufzeit: 50 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 01.05.2011 14:06
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Xenos 01.05.2011 14:51
Hallo Arne,

erledigt, hier ist der Inhalt der OTL.txt.

Gruß, PhilipOTL Logfile:
Code:
OTL logfile created on: 01.05.2011 15:26:17 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\PHILIP\Desktop
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 84,11 Gb Free Space | 43,06% Space Free | Partition Type: NTFS
Drive F: | 26,34 Gb Total Space | 9,81 Gb Free Space | 37,23% Space Free | Partition Type: NTFS
Drive Q: | 9,77 Gb Total Space | 3,74 Gb Free Space | 38,28% Space Free | Partition Type: NTFS
Drive S: | 1,46 Gb Total Space | 0,85 Gb Free Space | 58,04% Space Free | Partition Type: NTFS
 
Computer Name: X200 | User Name: PHILIP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.01 15:23:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\PHILIP\Desktop\OTL.exe
PRC - [2011.03.16 22:53:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.01 15:49:28 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.08.02 17:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.12 03:25:00 | 000,132,456 | -H-- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010.04.26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2010.04.22 16:56:48 | 000,259,432 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe
PRC - [2010.04.22 16:56:44 | 000,124,264 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe
PRC - [2010.04.22 16:28:10 | 000,352,256 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe
PRC - [2010.04.20 13:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2010.04.20 13:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe
PRC - [2010.04.07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010.03.05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.03.05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.02.04 12:14:20 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2010.02.04 12:14:06 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009.11.24 08:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe
PRC - [2009.10.20 21:32:00 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009.10.20 21:26:50 | 001,701,112 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009.10.19 17:00:58 | 001,029,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009.09.24 23:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe
PRC - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.08.06 17:37:08 | 000,424,448 | R--- | M] () -- C:\Programme\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.01 15:23:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\PHILIP\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.03.31 00:38:57 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011.03.16 22:53:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.11 13:15:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.08.02 17:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.08 10:18:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.05.12 03:25:00 | 000,132,456 | -H-- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010.05.12 03:25:00 | 000,075,112 | -H-- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2010.04.22 16:56:48 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)
SRV - [2010.04.22 16:56:44 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010.04.20 13:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2010.04.20 13:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2010.04.07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.04.07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2010.03.05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.03.05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.02.04 12:14:20 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.02.04 12:14:06 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009.10.20 21:32:00 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009.10.20 21:31:52 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009.10.20 21:26:50 | 001,701,112 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009.10.19 17:00:58 | 001,029,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009.09.24 23:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.08.06 17:37:08 | 000,424,448 | R--- | M] () [Auto | Running] -- C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.29 12:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 22:53:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 23:59:55 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.12 03:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010.05.12 03:25:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2010.03.17 22:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2010.02.20 22:38:37 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.21 13:58:28 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.12.07 14:47:24 | 000,035,408 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kx1avs.sys -- (kx1avs)
DRV - [2009.12.07 14:47:21 | 000,276,432 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kx1usb.sys -- (kx1usb)
DRV - [2009.11.03 18:19:18 | 000,052,320 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\U46DRV.sys -- (U46_AA)
DRV - [2009.11.03 18:19:18 | 000,028,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\U46wdm.sys -- (U46WDM1_01)
DRV - [2009.10.20 21:44:44 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009.10.09 13:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009.10.09 13:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009.10.05 18:56:06 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009.08.21 14:59:22 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2009.07.29 21:00:42 | 000,213,032 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.10 16:53:22 | 000,082,984 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36wgps.sys -- (e36wgps)
DRV - [2009.07.02 11:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009.06.30 16:38:52 | 000,374,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmdm.sys -- (e36gmdm) F3607gw Mobile Broadband Data Modem Driver (Win7)
DRV - [2009.06.30 16:38:52 | 000,357,376 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmgmt.sys -- (e36gmgmt) F3607gw Mobile Broadband Device Management Drivers (Win7)
DRV - [2009.06.30 16:38:52 | 000,285,056 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gbus.sys -- (e36gbus) F3607gw Mobile Broadband Device driver (Win7)
DRV - [2009.06.30 16:38:52 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmdfl.sys -- (e36gmdfl) F3607gw Mobile Broadband Data Modem Filter (Win7)
DRV - [2009.06.23 12:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009.06.22 12:35:04 | 000,054,528 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DlinkUDSMBus.sys -- (DlinkUDSMBus)
DRV - [2009.06.22 12:35:00 | 000,061,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DlinkUDSTcpBus.sys -- (DlinkUDSTcpBus)
DRV - [2009.04.29 12:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.12.16 13:32:28 | 000,408,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvomdm2.sys -- (lnvomdm2)
DRV - [2008.12.16 13:32:28 | 000,375,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvounic.sys -- (lnvounic) Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM)
DRV - [2008.12.16 13:32:28 | 000,025,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvond5.sys -- (lnvond5) Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS)
DRV - [2008.12.16 13:32:26 | 000,356,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvocard.sys -- (lnvocard)
DRV - [2008.12.16 13:32:26 | 000,282,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvobus.sys -- (lnvobus) Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM)
DRV - [2008.12.16 13:32:26 | 000,015,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvomdfl2.sys -- (lnvomdfl2)
DRV - [2008.10.23 17:15:04 | 000,077,864 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvogps.sys -- (lnvogps)
DRV - [2008.09.03 11:25:00 | 000,072,192 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U875.sys -- (5U875UVC)
DRV - [2008.08.22 08:10:32 | 000,225,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R)
DRV - [2008.07.08 18:40:58 | 000,024,232 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvoscard.sys -- (Sony_EricssonWWSC)
DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008.04.18 17:40:24 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: wolfram-google@sidthemonkey.com:1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 22:45:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.26 01:04:38 | 000,000,000 | ---D | M]
 
[2009.12.17 02:05:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Extensions
[2011.04.29 13:08:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions
[2010.09.26 17:25:07 | 000,000,000 | -H-D | M] (Forecastfox Weather) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.05.05 22:41:09 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.15 00:25:01 | 000,000,000 | -H-D | M] (FoxTab) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2011.03.23 22:24:01 | 000,000,000 | -H-D | M] (FastestFox) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions\smarterwiki@wikiatic.com
[2010.09.11 17:11:01 | 000,000,000 | -H-D | M] (Wolfram Alpha Google) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions\wolfram-google@sidthemonkey.com
[2010.06.20 22:22:51 | 000,001,718 | -H-- | M] () -- C:\Users\PHILIP\AppData\Roaming\Mozilla\Firefox\Profiles\q5ee0yd9.default\searchplugins\linguee-de-en.xml
[2010.02.18 15:50:12 | 000,002,284 | -H-- | M] () -- C:\Users\PHILIP\AppData\Roaming\Mozilla\Firefox\Profiles\q5ee0yd9.default\searchplugins\wolframalpha.xml
[2011.03.11 01:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.16 23:51:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009.12.17 01:53:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.12.17 01:53:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.12.17 01:53:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.16 23:51:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll
[2011.03.10 22:46:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.10 22:46:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.10 22:46:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.10 22:46:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.10 22:46:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.09.23 14:44:59 | 000,001,318 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Programme\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PHILIP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.11 12:55:50 | 000,000,000 | -H-D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008.06.03 00:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\Shell - "" = AutoRun
O33 - MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk - C:\Programme\RotateImage\RCIMGDIR.exe - (Ricoh co.,Ltd.)
MsConfig - StartUpFolder: C:^Users^PHILIP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AMSG - hkey= - key= - C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO)
MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: BLOG - hkey= - key= -  File not found
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: D-Link Network USB Utility - hkey= - key= - C:\Program Files\D-Link\SharePort\SharePort.exe (D-Link Corporation)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: IaNvSrv - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: JamInit - hkey= - key= -  File not found
MsConfig - StartUpReg: LENOVO.TPKNRRES - hkey= - key= - C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited)
MsConfig - StartUpReg: LexwareInfoService - hkey= - key= -  File not found
MsConfig - StartUpReg: LPMailChecker - hkey= - key= -  File not found
MsConfig - StartUpReg: LPManager - hkey= - key= -  File not found
MsConfig - StartUpReg: Message Center Plus - hkey= - key= - C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
MsConfig - StartUpReg: NBKeyScan - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: picon - hkey= - key= - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TPFNF7 - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {775C7E41-55E1-D218-D608-BA7D23CB0072} - Microsoft Windows Media Player
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A63A8DDA-9378-5CB0-8671-0FA9A5E05A92} - Themes Setup
ActiveX: {BFD9B870-ACAF-FE00-3B70-AF74497807DB} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D7FE875F-72A0-4240-5E8E-A171DDE5D9F5} - Microsoft Windows Media Player
ActiveX: {DA99C9C2-73B6-29EF-451A-B38320FBFDCB} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EB92C8FC-EDC9-197A-E515-577CA7E12852} - .NET Framework
ActiveX: {FBB7B159-54FF-344B-C30E-AC226DFE8E93} - Microsoft Windows Media Player
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.01 15:23:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\PHILIP\Desktop\OTL.exe
[2011.04.23 00:05:35 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\dm_fullres
[2011.04.22 23:17:08 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\DIGITALmusikanten - All before Love
[2011.04.22 18:06:47 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\Umstaendlich.verliebt.German.LD.2010.BDRiP.READNFO.XviD-XC
[2011.04.22 18:01:39 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\VA-Deep_And_Soulful_Vol._1_(A_Collection_Of_Sophisticated_House_Sounds)-(TNRCOMP023)-WEB-2011-DGN
[2011.04.22 17:59:30 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\VA-Sven_Vath_In_The_Mix_The_Sound_Of_The_Eleventh_Season-(Advance)-2CD-2010
[2011.04.19 00:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.04.19 00:13:21 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.04.19 00:13:20 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.04.19 00:10:53 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2011.04.13 20:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2011.04.11 09:25:34 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\DESKTOP
[2011.04.11 08:58:21 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.01 15:23:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\PHILIP\Desktop\OTL.exe
[2011.05.01 15:22:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.29 12:44:36 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.29 12:44:36 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.29 12:43:21 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.29 12:43:21 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.29 12:43:21 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.29 12:43:21 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.29 02:46:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.04.29 02:45:36 | 1528,832,000 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.29 00:00:49 | 000,001,024 | -H-- | M] () -- C:\Users\PHILIP\.rnd
[2011.04.23 00:04:52 | 122,281,626 | -H-- | M] () -- C:\Users\PHILIP\Desktop\dm_fullres.zip
[2011.04.21 10:33:25 | 000,255,383 | -H-- | M] () -- C:\Users\PHILIP\Desktop\last two studio 01.jpg
[2011.04.21 10:33:25 | 000,171,654 | -H-- | M] () -- C:\Users\PHILIP\Desktop\last two studio 02.jpg
[2011.04.19 00:13:53 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.18 23:12:06 | 000,401,254 | -H-- | M] () -- C:\Users\PHILIP\Desktop\Fav Variante 02.jpg
[2011.04.18 23:12:06 | 000,370,611 | -H-- | M] () -- C:\Users\PHILIP\Desktop\Fav Variante 01.jpg
[2011.04.18 23:12:06 | 000,249,878 | -H-- | M] () -- C:\Users\PHILIP\Desktop\Killer 01.jpg
[2011.04.18 23:11:46 | 000,298,857 | -H-- | M] () -- C:\Users\PHILIP\Desktop\CoolWarmGold 02.jpg
[2011.04.18 23:11:43 | 000,278,766 | -H-- | M] () -- C:\Users\PHILIP\Desktop\CoolWarmGold 01.jpg
[2011.04.18 23:11:38 | 000,286,750 | -H-- | M] () -- C:\Users\PHILIP\Desktop\DigitalKuehl 02.jpg
[2011.04.18 23:11:36 | 000,302,426 | -H-- | M] () -- C:\Users\PHILIP\Desktop\DigitalKuehl 01.jpg
[2011.04.15 19:27:31 | 003,856,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.10 09:48:28 | 000,864,483 | -H-- | M] () -- C:\Users\PHILIP\Documents\Photo Apr 10, 9 42 18.jpg
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.23 00:03:29 | 122,281,626 | -H-- | C] () -- C:\Users\PHILIP\Desktop\dm_fullres.zip
[2011.04.21 10:33:25 | 000,255,383 | -H-- | C] () -- C:\Users\PHILIP\Desktop\last two studio 01.jpg
[2011.04.21 10:33:25 | 000,171,654 | -H-- | C] () -- C:\Users\PHILIP\Desktop\last two studio 02.jpg
[2011.04.19 00:13:53 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.04.18 23:12:06 | 000,401,254 | -H-- | C] () -- C:\Users\PHILIP\Desktop\Fav Variante 02.jpg
[2011.04.18 23:12:06 | 000,370,611 | -H-- | C] () -- C:\Users\PHILIP\Desktop\Fav Variante 01.jpg
[2011.04.18 23:12:06 | 000,249,878 | -H-- | C] () -- C:\Users\PHILIP\Desktop\Killer 01.jpg
[2011.04.18 23:11:46 | 000,298,857 | -H-- | C] () -- C:\Users\PHILIP\Desktop\CoolWarmGold 02.jpg
[2011.04.18 23:11:43 | 000,278,766 | -H-- | C] () -- C:\Users\PHILIP\Desktop\CoolWarmGold 01.jpg
[2011.04.18 23:11:38 | 000,286,750 | -H-- | C] () -- C:\Users\PHILIP\Desktop\DigitalKuehl 02.jpg
[2011.04.18 23:11:36 | 000,302,426 | -H-- | C] () -- C:\Users\PHILIP\Desktop\DigitalKuehl 01.jpg
[2011.04.11 08:59:19 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011.04.11 08:58:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.11 08:58:00 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2011.04.11 08:57:51 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2011.04.10 10:05:44 | 000,864,483 | -H-- | C] () -- C:\Users\PHILIP\Documents\Photo Apr 10, 9 42 18.jpg
[2011.01.14 00:57:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.10.03 00:34:23 | 000,001,456 | -H-- | C] () -- C:\Users\PHILIP\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2010.08.16 09:04:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010.07.27 13:11:55 | 000,010,752 | -H-- | C] () -- C:\Users\PHILIP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.21 18:08:14 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.04.21 18:08:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.04.21 18:08:14 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.04.18 12:17:07 | 000,016,059 | ---- | C] () -- C:\Windows\LxFrame.ini
[2010.04.18 12:15:10 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini
[2010.04.12 21:10:12 | 000,113,248 | ---- | C] () -- C:\Windows\System32\U46asio.dll
[2010.04.12 21:10:12 | 000,055,904 | ---- | C] () -- C:\Windows\System32\U46Block.exe
[2010.04.12 21:10:12 | 000,052,320 | ---- | C] () -- C:\Windows\System32\drivers\U46DRV.sys
[2010.04.12 21:10:12 | 000,028,256 | ---- | C] () -- C:\Windows\System32\drivers\U46wdm.sys
[2010.01.19 14:45:14 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7820n.dat
[2010.01.19 14:45:05 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2009.12.26 03:50:46 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.12.18 11:51:22 | 000,508,464 | -H-- | C] () -- C:\Users\PHILIP\AppData\Local\wanancsp.dat
[2009.12.17 22:54:38 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.12.17 02:13:16 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009.12.15 02:45:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2009.11.25 16:39:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll
[2009.11.17 17:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2009.11.17 17:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2009.11.17 17:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2009.10.20 21:32:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DTS.exe
[2009.10.20 21:31:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ADMonitor.exe
[2009.10.20 00:16:31 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.10.01 18:04:31 | 000,018,932 | ---- | C] () -- C:\Windows\MSUMLT_B.INI
[2009.08.13 22:45:40 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009.07.26 16:08:45 | 001,348,200 | -H-- | C] () -- C:\Users\PHILIP\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
[2009.07.19 14:57:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.17 14:28:01 | 000,000,432 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2009.07.17 14:27:06 | 000,000,340 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2009.07.17 14:27:06 | 000,000,093 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2009.07.17 14:25:21 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.07.14 10:47:43 | 000,657,676 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,131,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 003,856,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,618,912 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.03.23 00:16:56 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe
[2009.03.22 15:51:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1556.dll
[2009.03.22 15:51:01 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009.03.22 15:39:48 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2001.12.12 13:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\System32\W32btstp.dll
[2001.12.12 13:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\System32\W32btxlt.dll
 
========== LOP Check ==========
 
[2009.12.26 04:08:05 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Ashampoo
[2010.09.19 15:23:17 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Audacity
[2010.08.11 22:35:53 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Autodesk
[2010.08.23 13:09:45 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Avery
[2010.02.26 19:10:15 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2009.12.17 23:11:07 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\CachedFiles
[2010.10.02 17:12:30 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.06.25 13:17:48 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\CocoonSoftware
[2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\DAEMON Tools Lite
[2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Downloaded Installations
[2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Dr. DivX 2.0 OSS
[2011.04.27 23:36:51 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Dropbox
[2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Ericsson
[2011.04.22 23:30:12 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\FileZilla
[2011.04.28 01:07:10 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\ICQ
[2009.12.17 02:05:25 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Leadertech
[2009.12.17 02:05:25 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Lenovo
[2010.04.18 12:27:49 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Lexware
[2010.01.19 15:20:16 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\PC-FAX TX
[2009.12.17 02:05:59 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\PMS
[2010.10.13 22:40:08 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\ProtectDisc
[2009.12.17 02:05:59 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\QcWizard
[2009.12.17 02:06:15 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\TeamViewer
[2010.07.08 11:10:53 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Update
[2011.04.29 00:45:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.09.29 23:14:52 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Adobe
[2010.12.24 01:38:38 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Apple Computer
[2009.12.26 04:08:05 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Ashampoo
[2010.09.19 15:23:17 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Audacity
[2010.08.11 22:35:53 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Autodesk
[2010.08.23 13:09:45 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Avery
[2010.12.13 02:37:06 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Avira
[2010.02.26 19:10:15 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2009.12.17 02:05:23 | 000,000,000 | RH-D | M] -- C:\Users\PHILIP\AppData\Roaming\Brother
[2009.12.17 23:11:07 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\CachedFiles
[2010.10.02 17:12:30 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.06.25 13:17:48 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\CocoonSoftware
[2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\DAEMON Tools Lite
[2010.04.05 23:58:05 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\DivX
[2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Downloaded Installations
[2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Dr. DivX 2.0 OSS
[2011.04.27 23:36:51 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Dropbox
[2011.02.22 22:27:18 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\dvdcss
[2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Ericsson
[2011.04.22 23:30:12 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\FileZilla
[2011.04.28 01:07:10 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\ICQ
[2009.12.17 21:53:26 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Identities
[2010.01.19 14:43:58 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\InstallShield
[2010.08.03 16:10:45 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Intel
[2009.12.17 02:05:25 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Leadertech
[2009.12.17 02:05:25 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Lenovo
[2010.04.18 12:27:49 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Lexware
[2009.12.17 02:05:25 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Macromedia
[2009.12.17 02:05:36 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Media Center Programs
[2009.12.17 02:05:36 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Media Player Classic
[2010.08.08 16:07:04 | 000,000,000 | --SD | M] -- C:\Users\PHILIP\AppData\Roaming\Microsoft
[2009.12.17 02:05:55 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Mozilla
[2009.12.17 02:05:58 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Nero
[2010.01.19 15:20:16 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\PC-FAX TX
[2009.12.17 02:05:59 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\PMS
[2010.10.13 22:40:08 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\ProtectDisc
[2009.12.17 02:05:59 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\QcWizard
[2011.04.19 00:55:49 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Skype
[2009.12.17 02:06:15 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\skypePM
[2009.12.17 02:06:15 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\TeamViewer
[2010.07.08 11:10:53 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Update
[2011.02.22 22:31:26 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\vlc
[2009.07.24 23:42:53 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.08.05 12:49:22 | 000,563,056 | -H-- | M] (Avery Dennison Corporation. Envel Informationssysteme GmbH.) -- C:\Users\PHILIP\AppData\Roaming\Avery\Avery Wizard 3.1\AZWizard.exe
[2009.11.06 07:04:40 | 010,377,728 | -H-- | M] () -- C:\Users\PHILIP\AppData\Roaming\CocoonSoftware\QMC\ffmpeg.exe
[2008.04.02 12:35:18 | 007,945,216 | -H-- | M] () -- C:\Users\PHILIP\AppData\Roaming\CocoonSoftware\QMC\ffmpegHD.exe
[2011.03.31 04:42:50 | 023,360,040 | -H-- | M] (Dropbox, Inc.) -- C:\Users\PHILIP\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.03.31 04:43:18 | 000,155,424 | -H-- | M] (Dropbox, Inc.) -- C:\Users\PHILIP\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.03.29 19:24:20 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\PHILIP\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.08.23 13:09:48 | 000,010,134 | RH-- | M] () -- C:\Users\PHILIP\AppData\Roaming\Microsoft\Installer\{77077FFF-8831-470F-9627-E86F06A50CCD}\ARPPRODUCTICON.exe
[2010.07.08 11:11:12 | 001,465,512 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\PHILIP\AppData\Roaming\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.08.07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.08.07 06:17:26 | 000,330,264 | -H-- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Programme\Lenovo\System Update\session\7zin85ww\DRV\Winall\Driver\IaStor.sys
[2009.08.07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys
[2009.08.07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1e7c6170b79c26b\iaStor.sys
[2008.11.03 10:56:40 | 000,327,192 | -H-- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\DRIVERS\other\IaStor.sys
[2008.11.03 10:56:40 | 000,327,192 | -H-- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys
[2008.11.03 10:56:40 | 000,327,192 | -H-- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\SWTOOLS\DRIVERS\turbomem\DRV\Winall\Driver\IaStor.sys
[2008.11.03 10:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3ffc2247bd763e9e\iaStor.sys
[2008.11.03 11:10:08 | 000,406,040 | -H-- | M] (Intel Corporation) MD5=5979854E6FDA990107E3170327022117 -- C:\SWTOOLS\DRIVERS\turbomem\DRV\Winall\Driver64\IaStor.sys
[2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b6b45ab4c5bf7bfe\iaStor.sys
[2009.08.07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.08.07 06:24:14 | 000,408,600 | -H-- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Programme\Lenovo\System Update\session\7zin85ww\DRV\Winall\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.20 22:38:37 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<          >

< End of report >
--- --- ---

cosinus 01.05.2011 15:23
Zitat:
AdobeCS5ServiceManager
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
Aus welcher Quelle stammt dieses CS5?

Xenos 01.05.2011 15:53
...ist eine offizielle Trial-Version, die abgelaufen, aber noch installiert ist.

Gruß, Philip

cosinus 01.05.2011 16:00
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.11 12:55:50 | 000,000,000 | -H-D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008.06.03 00:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\Shell - "" = AutoRun
O33 - MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Xenos 01.05.2011 16:41
So, OTL-Fix und Neustart sind durchgelaufen. Bibliotheken und die Festplatten F: (hieß vor dem Befall D:) und S: werden weiterhin als leer angezeigt. Anbei das Log.

Gruß Philip

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
C:\autoexec.bat moved successfully.
Q:\AUTORUN.INF moved successfully.
S:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08996435-f5c6-11df-8f37-028037ec0200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08996435-f5c6-11df-8f37-028037ec0200}\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8cf4949-ba96-11de-be06-001f1607094c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8cf4949-ba96-11de-be06-001f1607094c}\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: PHILIP
->Temp folder emptied: 174308796 bytes
->Temporary Internet Files folder emptied: 150709425 bytes
->Java cache emptied: 44942441 bytes
->FireFox cache emptied: 118399870 bytes
->Flash cache emptied: 217215 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 619520 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70567196 bytes
RecycleBin emptied: 2481066827 bytes

Total Files Cleaned = 2.900,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05012011_171341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 01.05.2011 18:44
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Xenos 01.05.2011 21:29
Hallo Arne,
unhide hat funktioniert - lediglich die Bibliotheken sind nicht sichtbar. Desktop und HDDs sind wieder da... DANKE!

Hier der Kaspersky-Bericht:

2011/05/01 22:18:15.0654 0884 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/05/01 22:18:15.0789 0884 ================================================================================
2011/05/01 22:18:15.0789 0884 SystemInfo:
2011/05/01 22:18:15.0789 0884
2011/05/01 22:18:15.0789 0884 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/01 22:18:15.0789 0884 Product type: Workstation
2011/05/01 22:18:15.0789 0884 ComputerName: X200
2011/05/01 22:18:15.0789 0884 UserName: PHILIP
2011/05/01 22:18:15.0789 0884 Windows directory: C:\Windows
2011/05/01 22:18:15.0789 0884 System windows directory: C:\Windows
2011/05/01 22:18:15.0789 0884 Processor architecture: Intel x86
2011/05/01 22:18:15.0789 0884 Number of processors: 2
2011/05/01 22:18:15.0789 0884 Page size: 0x1000
2011/05/01 22:18:15.0789 0884 Boot type: Normal boot
2011/05/01 22:18:15.0789 0884 ================================================================================
2011/05/01 22:18:18.0651 0884 Initialize success
2011/05/01 22:18:27.0160 4908 ================================================================================
2011/05/01 22:18:27.0160 4908 Scan started
2011/05/01 22:18:27.0160 4908 Mode: Manual;
2011/05/01 22:18:27.0160 4908 ================================================================================
2011/05/01 22:18:27.0511 4908 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/05/01 22:18:27.0561 4908 5U875UVC (5532aa5d3d35b8ec4ccdb05988f4dbc5) C:\Windows\system32\DRIVERS\5U875.sys
2011/05/01 22:18:27.0612 4908 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys
2011/05/01 22:18:27.0686 4908 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/05/01 22:18:27.0834 4908 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/05/01 22:18:27.0977 4908 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/01 22:18:28.0074 4908 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/01 22:18:28.0147 4908 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/01 22:18:28.0308 4908 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys
2011/05/01 22:18:28.0423 4908 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/05/01 22:18:28.0483 4908 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/05/01 22:18:28.0557 4908 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/05/01 22:18:28.0606 4908 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/05/01 22:18:28.0666 4908 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/05/01 22:18:28.0728 4908 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/01 22:18:28.0774 4908 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/01 22:18:28.0819 4908 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
2011/05/01 22:18:28.0873 4908 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/01 22:18:28.0915 4908 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
2011/05/01 22:18:29.0007 4908 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/05/01 22:18:29.0082 4908 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/05/01 22:18:29.0137 4908 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/01 22:18:29.0186 4908 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/01 22:18:29.0224 4908 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/05/01 22:18:29.0282 4908 ATSwpWDF (f77a156735688536145f200f803e752a) C:\Windows\system32\Drivers\ATSwpWDF.sys
2011/05/01 22:18:29.0328 4908 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/01 22:18:29.0368 4908 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/01 22:18:29.0417 4908 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/01 22:18:29.0484 4908 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/05/01 22:18:29.0557 4908 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/01 22:18:29.0620 4908 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/05/01 22:18:29.0669 4908 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/01 22:18:29.0714 4908 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/01 22:18:29.0762 4908 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/01 22:18:29.0813 4908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/01 22:18:29.0870 4908 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/05/01 22:18:29.0996 4908 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/01 22:18:30.0062 4908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/01 22:18:30.0105 4908 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/01 22:18:30.0150 4908 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
2011/05/01 22:18:30.0198 4908 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/01 22:18:30.0270 4908 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/01 22:18:30.0360 4908 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\Windows\system32\Drivers\BTHport.sys
2011/05/01 22:18:30.0448 4908 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/01 22:18:30.0503 4908 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/01 22:18:30.0547 4908 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/05/01 22:18:30.0610 4908 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/01 22:18:30.0655 4908 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/05/01 22:18:30.0711 4908 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/01 22:18:30.0767 4908 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/05/01 22:18:30.0832 4908 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/05/01 22:18:30.0899 4908 CnxtHdAudService (726803d911045d283509d3cdd91d8e52) C:\Windows\system32\drivers\CHDRT32.sys
2011/05/01 22:18:30.0967 4908 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/01 22:18:31.0007 4908 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/01 22:18:31.0053 4908 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/01 22:18:31.0115 4908 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/05/01 22:18:31.0189 4908 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/05/01 22:18:31.0241 4908 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/05/01 22:18:31.0302 4908 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/05/01 22:18:31.0349 4908 DlinkUDSMBus (0f1644f041c829963869e7fcc84bc381) C:\Windows\system32\Drivers\DlinkUDSMBus.sys
2011/05/01 22:18:31.0425 4908 DlinkUDSTcpBus (cb1dd507f416b0dc77e3eed7234b7c06) C:\Windows\system32\Drivers\DlinkUDSTcpBus.sys
2011/05/01 22:18:31.0482 4908 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\Windows\system32\DRIVERS\DozeHDD.sys
2011/05/01 22:18:31.0558 4908 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/05/01 22:18:31.0621 4908 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/01 22:18:31.0823 4908 e1yexpress (c90ce29df8b9836cc6514ce9f53d0eb5) C:\Windows\system32\DRIVERS\e1y6032.sys
2011/05/01 22:18:31.0904 4908 e36gbus (2cc474ab0a4f40223a669682df2d06d5) C:\Windows\system32\DRIVERS\e36gbus.sys
2011/05/01 22:18:31.0990 4908 e36gmdfl (9bd69da7fa7d317847e32019b3fb8ce0) C:\Windows\system32\DRIVERS\e36gmdfl.sys
2011/05/01 22:18:32.0049 4908 e36gmdm (7c713bd735339cfc8df890724f5ff061) C:\Windows\system32\DRIVERS\e36gmdm.sys
2011/05/01 22:18:32.0124 4908 e36gmgmt (b71609675b421073319c62177b649eca) C:\Windows\system32\DRIVERS\e36gmgmt.sys
2011/05/01 22:18:32.0198 4908 e36wgps (5c27b8348904743de7b028b9eaa4430d) C:\Windows\system32\DRIVERS\e36wgps.sys
2011/05/01 22:18:32.0334 4908 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/05/01 22:18:32.0547 4908 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/01 22:18:32.0630 4908 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/05/01 22:18:32.0708 4908 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/05/01 22:18:32.0767 4908 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/05/01 22:18:32.0825 4908 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/01 22:18:32.0881 4908 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/05/01 22:18:32.0933 4908 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/05/01 22:18:32.0989 4908 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/01 22:18:33.0042 4908 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/05/01 22:18:33.0107 4908 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/05/01 22:18:33.0155 4908 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/01 22:18:33.0207 4908 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/01 22:18:33.0289 4908 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/01 22:18:33.0350 4908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/01 22:18:33.0399 4908 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/01 22:18:33.0442 4908 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/01 22:18:33.0487 4908 HECI (30d57ee84e1e169d41a6e873b549a096) C:\Windows\system32\DRIVERS\HECI.sys
2011/05/01 22:18:33.0537 4908 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/01 22:18:33.0581 4908 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/01 22:18:33.0635 4908 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/01 22:18:33.0710 4908 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
2011/05/01 22:18:33.0789 4908 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/01 22:18:33.0864 4908 HSF_DPV (c761b4a8391f5e47f7c51a691ce773f4) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/01 22:18:33.0945 4908 HSXHWAZL (50b42ef358a2e5363be6b77138a22391) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/01 22:18:34.0008 4908 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/05/01 22:18:34.0069 4908 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/01 22:18:34.0110 4908 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/05/01 22:18:34.0201 4908 iaNvStor (d0310c79c5a9d42b96e37c5c510c6a5c) C:\Windows\system32\DRIVERS\iaNvStor.sys
2011/05/01 22:18:34.0334 4908 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/01 22:18:34.0473 4908 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
2011/05/01 22:18:34.0533 4908 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
2011/05/01 22:18:34.0908 4908 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/01 22:18:35.0253 4908 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/01 22:18:35.0314 4908 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/05/01 22:18:35.0354 4908 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/01 22:18:35.0411 4908 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/01 22:18:35.0463 4908 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/01 22:18:35.0507 4908 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/05/01 22:18:35.0566 4908 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/05/01 22:18:35.0617 4908 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/05/01 22:18:35.0677 4908 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/05/01 22:18:35.0734 4908 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
2011/05/01 22:18:35.0791 4908 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
2011/05/01 22:18:35.0846 4908 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/01 22:18:35.0902 4908 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/01 22:18:35.0981 4908 kx1avs (afe0c01b2fabfc4d30567b03e2f33571) C:\Windows\system32\Drivers\kx1avs.sys
2011/05/01 22:18:36.0040 4908 kx1usb (aa7368baa66a58809f72feed85e97e85) C:\Windows\system32\Drivers\kx1usb.sys
2011/05/01 22:18:36.0108 4908 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys
2011/05/01 22:18:36.0153 4908 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/01 22:18:36.0250 4908 lnvobus (5043485c31721056e37f7dec48b7ce08) C:\Windows\system32\DRIVERS\lnvobus.sys
2011/05/01 22:18:36.0333 4908 lnvocard (4d01bc3a925788dc00f8f0f1ac9ab562) C:\Windows\system32\DRIVERS\lnvocard.sys
2011/05/01 22:18:36.0402 4908 lnvogps (dcac8dafb7a81905390c33360b16dbfd) C:\Windows\system32\DRIVERS\lnvogps.sys
2011/05/01 22:18:36.0453 4908 lnvomdfl2 (31ad4d7819ccc2f238ef39d23cbc7ee3) C:\Windows\system32\DRIVERS\lnvomdfl2.sys
2011/05/01 22:18:36.0516 4908 lnvomdm2 (5f61f6ed3662d5610d63c97fab3429cb) C:\Windows\system32\DRIVERS\lnvomdm2.sys
2011/05/01 22:18:36.0577 4908 lnvond5 (6b90d120f9b966d1c1bb33ba1c0f1b7d) C:\Windows\system32\DRIVERS\lnvond5.sys
2011/05/01 22:18:36.0632 4908 lnvounic (af031752c5cd5ef3a7d282c436a5655b) C:\Windows\system32\DRIVERS\lnvounic.sys
2011/05/01 22:18:36.0728 4908 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/01 22:18:36.0772 4908 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/01 22:18:36.0826 4908 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/01 22:18:36.0875 4908 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/01 22:18:36.0918 4908 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/05/01 22:18:36.0967 4908 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/01 22:18:37.0013 4908 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/01 22:18:37.0079 4908 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/01 22:18:37.0210 4908 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/05/01 22:18:37.0258 4908 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/01 22:18:37.0297 4908 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
2011/05/01 22:18:37.0387 4908 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/01 22:18:37.0454 4908 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/01 22:18:37.0510 4908 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/05/01 22:18:37.0561 4908 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/01 22:18:37.0648 4908 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/05/01 22:18:37.0711 4908 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/01 22:18:37.0766 4908 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/01 22:18:37.0818 4908 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/01 22:18:37.0889 4908 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/05/01 22:18:37.0957 4908 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/05/01 22:18:38.0023 4908 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/05/01 22:18:38.0076 4908 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/01 22:18:38.0128 4908 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/05/01 22:18:38.0192 4908 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/01 22:18:38.0231 4908 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/01 22:18:38.0270 4908 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/05/01 22:18:38.0322 4908 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/05/01 22:18:38.0372 4908 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/05/01 22:18:38.0420 4908 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/05/01 22:18:38.0471 4908 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/01 22:18:38.0511 4908 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/05/01 22:18:38.0567 4908 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/01 22:18:38.0639 4908 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/05/01 22:18:38.0723 4908 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/01 22:18:38.0763 4908 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/01 22:18:38.0804 4908 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/01 22:18:38.0849 4908 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/01 22:18:38.0893 4908 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/05/01 22:18:38.0939 4908 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/01 22:18:38.0985 4908 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/01 22:18:39.0282 4908 NETw5s32 (3577b851e59da59e6d65419a057c9914) C:\Windows\system32\DRIVERS\NETw5s32.sys
2011/05/01 22:18:39.0638 4908 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/05/01 22:18:39.0835 4908 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/01 22:18:39.0890 4908 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/05/01 22:18:39.0934 4908 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/01 22:18:40.0089 4908 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
2011/05/01 22:18:40.0265 4908 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/05/01 22:18:40.0339 4908 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
2011/05/01 22:18:40.0476 4908 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
2011/05/01 22:18:40.0530 4908 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/05/01 22:18:40.0589 4908 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/05/01 22:18:40.0649 4908 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/05/01 22:18:40.0692 4908 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/05/01 22:18:40.0773 4908 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/05/01 22:18:40.0831 4908 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/05/01 22:18:40.0886 4908 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/05/01 22:18:40.0946 4908 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/01 22:18:40.0992 4908 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/05/01 22:18:41.0050 4908 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/05/01 22:18:41.0176 4908 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/01 22:18:41.0230 4908 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/05/01 22:18:41.0280 4908 psadd (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
2011/05/01 22:18:41.0324 4908 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/01 22:18:41.0419 4908 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/01 22:18:41.0576 4908 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/01 22:18:41.0637 4908 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/01 22:18:41.0694 4908 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/01 22:18:41.0733 4908 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/01 22:18:41.0780 4908 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/01 22:18:41.0829 4908 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/01 22:18:41.0873 4908 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/01 22:18:41.0922 4908 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/01 22:18:41.0976 4908 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/01 22:18:42.0014 4908 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/01 22:18:42.0116 4908 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/05/01 22:18:42.0186 4908 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/01 22:18:42.0244 4908 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/01 22:18:42.0302 4908 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/05/01 22:18:42.0365 4908 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/05/01 22:18:42.0445 4908 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/01 22:18:42.0549 4908 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/05/01 22:18:42.0615 4908 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
2011/05/01 22:18:42.0677 4908 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/01 22:18:42.0751 4908 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/05/01 22:18:42.0809 4908 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/05/01 22:18:42.0885 4908 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/01 22:18:42.0975 4908 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/01 22:18:43.0032 4908 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/01 22:18:43.0073 4908 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/05/01 22:18:43.0139 4908 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/01 22:18:43.0273 4908 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/05/01 22:18:43.0320 4908 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/01 22:18:43.0364 4908 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/01 22:18:43.0431 4908 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/01 22:18:43.0494 4908 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\Windows\system32\DRIVERS\Apsx86.sys
2011/05/01 22:18:43.0555 4908 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/05/01 22:18:43.0611 4908 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/01 22:18:43.0669 4908 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/01 22:18:43.0716 4908 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/05/01 22:18:43.0786 4908 Sony_EricssonWWSC (deaf30a1a325168bf823ecda2fb89f6e) C:\Windows\system32\DRIVERS\lnvoscard.sys
2011/05/01 22:18:43.0825 4908 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/05/01 22:18:43.0909 4908 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/05/01 22:18:43.0909 4908 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/05/01 22:18:43.0915 4908 sptd - detected Locked file (1)
2011/05/01 22:18:43.0963 4908 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys
2011/05/01 22:18:44.0034 4908 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/01 22:18:44.0089 4908 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/01 22:18:44.0138 4908 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/01 22:18:44.0244 4908 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/01 22:18:44.0305 4908 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
2011/05/01 22:18:44.0356 4908 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/01 22:18:44.0440 4908 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/05/01 22:18:44.0496 4908 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/05/01 22:18:44.0633 4908 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys
2011/05/01 22:18:44.0779 4908 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/01 22:18:44.0832 4908 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/01 22:18:44.0916 4908 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/05/01 22:18:44.0965 4908 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/05/01 22:18:45.0007 4908 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/01 22:18:45.0051 4908 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/05/01 22:18:45.0113 4908 Tp4Track (1c950ae9c09904c229525f22eefc15db) C:\Windows\system32\DRIVERS\tp4track.sys
2011/05/01 22:18:45.0177 4908 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\Windows\system32\DRIVERS\ApsHM86.sys
2011/05/01 22:18:45.0226 4908 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
2011/05/01 22:18:45.0265 4908 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys
2011/05/01 22:18:45.0344 4908 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/01 22:18:45.0414 4908 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/01 22:18:45.0458 4908 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/01 22:18:45.0500 4908 TVTI2C (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys
2011/05/01 22:18:45.0577 4908 U46WDM1_01 (dd60662944aaabbf9d8c9e3bf8428cdf) C:\Windows\system32\DRIVERS\U46wdm.sys
2011/05/01 22:18:45.0641 4908 U46_AA (2e8dbf227a4d19ef14153f1435338508) C:\Windows\system32\DRIVERS\U46DRV.sys
2011/05/01 22:18:45.0706 4908 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/01 22:18:45.0769 4908 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/01 22:18:45.0858 4908 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/01 22:18:45.0900 4908 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/05/01 22:18:45.0961 4908 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/01 22:18:46.0053 4908 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/05/01 22:18:46.0182 4908 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
2011/05/01 22:18:46.0229 4908 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys
2011/05/01 22:18:46.0303 4908 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/05/01 22:18:46.0358 4908 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys
2011/05/01 22:18:46.0408 4908 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys
2011/05/01 22:18:46.0468 4908 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/01 22:18:46.0520 4908 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/01 22:18:46.0576 4908 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/01 22:18:46.0619 4908 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys
2011/05/01 22:18:46.0683 4908 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/01 22:18:46.0742 4908 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/01 22:18:46.0782 4908 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/05/01 22:18:46.0841 4908 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/05/01 22:18:46.0913 4908 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/05/01 22:18:46.0971 4908 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/05/01 22:18:47.0022 4908 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/05/01 22:18:47.0078 4908 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/05/01 22:18:47.0147 4908 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/01 22:18:47.0187 4908 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/05/01 22:18:47.0259 4908 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/05/01 22:18:47.0317 4908 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/05/01 22:18:47.0386 4908 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/01 22:18:47.0433 4908 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/01 22:18:47.0475 4908 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/01 22:18:47.0517 4908 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/05/01 22:18:47.0579 4908 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/01 22:18:47.0621 4908 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/01 22:18:47.0639 4908 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/01 22:18:47.0704 4908 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/05/01 22:18:47.0759 4908 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/01 22:18:47.0841 4908 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/01 22:18:47.0911 4908 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/05/01 22:18:47.0962 4908 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/05/01 22:18:48.0021 4908 winachsf (253a9c2df9a2a7b3b23146014959f2cd) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/01 22:18:48.0132 4908 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/01 22:18:48.0182 4908 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/01 22:18:48.0253 4908 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/01 22:18:48.0312 4908 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/05/01 22:18:48.0385 4908 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/01 22:18:48.0482 4908 WwanUsbServ (8515d00b3c8bda631a1ee801f4f74e4f) C:\Windows\system32\DRIVERS\WwanUsbMp.sys
2011/05/01 22:18:48.0530 4908 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
2011/05/01 22:18:48.0602 4908 ================================================================================
2011/05/01 22:18:48.0602 4908 Scan finished
2011/05/01 22:18:48.0602 4908 ================================================================================
2011/05/01 22:18:48.0617 5284 Detected object count: 1
2011/05/01 22:19:40.0496 5284 Locked file(sptd) - User select action: Skip

cosinus 02.05.2011 11:32
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Xenos 02.05.2011 23:14
Hallo Arne,

anbei das neue Log. Nach dem Durchlauf von ComboFix und dem Neustart ließen sich zunächst keine Programme mehr starten. Die Fehlermeldung habe ich leider nicht abgeschrieben, sie lautete etwa, dass die jeweiligen .exe-Dateien zum löschen markiert seien. Nach einem weiteren Neustart funktioniert nun alles wieder.

Gruß Philip

Combofix Logfile:
Code:
ComboFix 11-05-02.02 - PHILIP 02.05.2011  21:46:39.1.2 - x86
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.1944.1047 [GMT 2:00]
ausgeführt von:: c:\users\PHILIP\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-02 bis 2011-05-02  ))))))))))))))))))))))))))))))
.
.
2011-05-02 19:54 . 2011-05-02 19:54        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-01 15:13 . 2011-05-01 15:13        --------        d-----w-        C:\_OTL
2011-05-01 13:48 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C8B335-0AE1-4A30-8B8D-0C6C6D3891A8}\mpengine.dll
2011-04-18 22:13 . 2011-04-18 22:13        --------        d-----w-        c:\program files\iPod
2011-04-18 22:13 . 2011-04-18 22:13        --------        d-----w-        c:\program files\iTunes
2011-04-18 22:10 . 2011-04-18 22:10        --------        d-----w-        c:\program files\Bonjour
2011-04-15 20:35 . 2011-01-17 05:47        161792        ----a-w-        c:\windows\system32\d3d10_1.dll
2011-04-15 20:35 . 2011-01-07 07:46        870912        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-04-15 20:35 . 2011-02-24 05:38        288256        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2011-04-15 20:35 . 2011-02-19 06:30        805376        ----a-w-        c:\windows\system32\FntCache.dll
2011-04-15 20:35 . 2011-02-19 06:30        1076736        ----a-w-        c:\windows\system32\DWrite.dll
2011-04-15 20:35 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-04-14 20:33 . 2011-03-03 03:42        2333184        ----a-w-        c:\windows\system32\win32k.sys
2011-04-14 20:33 . 2011-02-12 05:35        191488        ----a-w-        c:\windows\system32\FXSCOVER.exe
2011-04-14 20:32 . 2011-03-08 05:28        741376        ----a-w-        c:\windows\system32\inetcomm.dll
2011-04-13 19:14 . 2011-03-11 05:33        1164288        ----a-w-        c:\windows\system32\mfc42u.dll
2011-04-13 19:14 . 2011-03-11 05:33        1137664        ----a-w-        c:\windows\system32\mfc42.dll
2011-04-13 19:14 . 2011-02-23 04:47        223232        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 19:14 . 2011-02-23 04:47        96768        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 19:14 . 2011-02-23 04:47        123904        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 19:14 . 2011-02-23 04:47        69632        ----a-w-        c:\windows\system32\drivers\bowser.sys
2011-04-13 18:46 . 2011-04-13 18:46        --------        d-----w-        c:\windows\system32\SPReview
2011-04-11 06:58 . 2010-11-20 12:30        148864        ----a-w-        c:\windows\system32\drivers\storport.sys
2011-04-11 06:57 . 2010-11-20 12:21        36352        ----a-w-        c:\windows\system32\wshbth.dll
2011-04-11 06:56 . 2010-11-20 12:18        323072        ----a-w-        c:\windows\system32\drvstore.dll
2011-04-11 06:56 . 2010-11-20 12:18        257024        ----a-w-        c:\windows\system32\dpx.dll
2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\system32\dns-sd.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 18:57 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2011-03-16 20:53 . 2009-09-22 09:15        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-18 15:36 . 2011-02-18 15:36        41984        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36        4184352        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-02-11 17:26 . 2011-02-11 17:26        8198680        ----a-w-        c:\windows\system32\TVWSetup.exe
2011-02-11 17:26 . 2011-02-11 17:26        137752        ----a-w-        c:\windows\system32\igfxtray.exe
2011-02-11 17:26 . 2011-02-11 17:26        267800        ----a-w-        c:\windows\system32\igfxsrvc.exe
2011-02-11 17:26 . 2011-02-11 17:26        172568        ----a-w-        c:\windows\system32\igfxpers.exe
2011-02-11 17:26 . 2011-02-11 17:26        179224        ----a-w-        c:\windows\system32\igfxext.exe
2011-02-11 17:26 . 2011-02-11 17:26        171032        ----a-w-        c:\windows\system32\hkcmd.exe
2011-02-11 17:26 . 2011-02-11 17:26        3157528        ----a-w-        c:\windows\system32\GfxUI.exe
2011-02-11 17:20 . 2011-02-11 17:20        81920        ----a-w-        c:\windows\system32\igfxCoIn_v2302.dll
2011-02-11 17:12 . 2011-02-11 17:12        9036800        ----a-w-        c:\windows\system32\drivers\igdkmd32.sys
2011-02-11 17:12 . 2010-04-21 16:10        4967424        ----a-w-        c:\windows\system32\igdumd32.dll
2011-02-11 17:09 . 2010-04-21 16:06        571904        ----a-w-        c:\windows\system32\igdumdx32.dll
2011-02-11 17:04 . 2009-07-13 22:09        4411392        ----a-w-        c:\windows\system32\igd10umd32.dll
2011-02-11 16:51 . 2011-02-11 16:51        11039744        ----a-w-        c:\windows\system32\ig4icd32.dll
2011-02-11 16:44 . 2011-02-11 16:44        86016        ----a-w-        c:\windows\system32\igfxrsky.lrc
2011-02-11 16:44 . 2011-02-11 16:44        85504        ----a-w-        c:\windows\system32\igfxrtrk.lrc
2011-02-11 16:44 . 2011-02-11 16:44        85504        ----a-w-        c:\windows\system32\igfxrslv.lrc
2011-02-11 16:44 . 2011-02-11 16:44        84992        ----a-w-        c:\windows\system32\igfxrtha.lrc
2011-02-11 16:44 . 2011-02-11 16:44        86528        ----a-w-        c:\windows\system32\igfxresn.lrc
2011-02-11 16:44 . 2011-02-11 16:44        86016        ----a-w-        c:\windows\system32\igfxrrus.lrc
2011-02-11 16:44 . 2011-02-11 16:44        86016        ----a-w-        c:\windows\system32\igfxrptg.lrc
2011-02-11 16:44 . 2011-02-11 16:44        85504        ----a-w-        c:\windows\system32\igfxrsve.lrc
2011-02-11 16:44 . 2011-02-11 16:44        86016        ----a-w-        c:\windows\system32\igfxrplk.lrc
2011-02-11 16:44 . 2011-02-11 16:44        85504        ----a-w-        c:\windows\system32\igfxrptb.lrc
2011-02-11 16:44 . 2011-02-11 16:44        85504        ----a-w-        c:\windows\system32\igfxrnor.lrc
2011-02-11 16:44 . 2011-02-11 16:44        82944        ----a-w-        c:\windows\system32\igfxrkor.lrc
2011-02-11 16:44 . 2011-02-11 16:44        86528        ----a-w-        c:\windows\system32\igfxrell.lrc
2011-02-11 16:44 . 2011-02-11 16:44        86016        ----a-w-        c:\windows\system32\igfxrita.lrc
2011-02-11 16:44 . 2011-02-11 16:44        85504        ----a-w-        c:\windows\system32\igfxrhun.lrc
2011-02-11 16:44 . 2011-02-11 16:44        84480        ----a-w-        c:\windows\system32\igfxrheb.lrc
2011-02-11 16:44 . 2011-02-11 16:44        82944        ----a-w-        c:\windows\system32\igfxrjpn.lrc
2011-02-11 16:44 . 2011-02-11 16:44        86528        ----a-w-        c:\windows\system32\igfxrfra.lrc
2011-02-11 16:44 . 2011-02-11 16:44        86016        ----a-w-        c:\windows\system32\igfxrnld.lrc
2011-02-11 16:44 . 2011-02-11 16:44        86016        ----a-w-        c:\windows\system32\igfxrdeu.lrc
2011-02-11 16:44 . 2011-02-11 16:44        85504        ----a-w-        c:\windows\system32\igfxrfin.lrc
2011-02-11 16:44 . 2011-02-11 16:44        84992        ----a-w-        c:\windows\system32\igfxrdan.lrc
2011-02-11 16:44 . 2011-02-11 16:44        85504        ----a-w-        c:\windows\system32\igfxrcsy.lrc
2011-02-11 16:44 . 2011-02-11 16:44        84480        ----a-w-        c:\windows\system32\igfxrara.lrc
2011-02-11 16:44 . 2011-02-11 16:44        81920        ----a-w-        c:\windows\system32\igfxrcht.lrc
2011-02-11 16:44 . 2011-02-11 16:44        81920        ----a-w-        c:\windows\system32\igfxrchs.lrc
2011-02-11 16:41 . 2011-02-11 16:41        261632        ----a-w-        c:\windows\system32\igfxTMM.dll
2011-02-11 16:41 . 2011-02-11 16:41        195584        ----a-w-        c:\windows\system32\igfxpph.dll
2011-02-11 16:41 . 2011-02-11 16:41        115200        ----a-w-        c:\windows\system32\igfxcpl.cpl
2011-02-11 16:41 . 2009-12-15 00:48        23552        ----a-w-        c:\windows\system32\igfxexps.dll
2011-02-11 16:41 . 2009-08-13 20:15        57856        ----a-w-        c:\windows\system32\igfxsrvc.dll
2011-02-11 16:40 . 2011-02-11 16:40        130048        ----a-w-        c:\windows\system32\igfxdo.dll
2011-02-11 16:40 . 2011-02-11 16:40        95232        ----a-w-        c:\windows\system32\hccutils.dll
2011-02-11 16:40 . 2011-02-11 16:40        120320        ----a-w-        c:\windows\system32\gfxSrvc.dll
2011-02-11 16:40 . 2011-02-11 16:40        4096        ----a-w-        c:\windows\system32\IGFXDEVLib.dll
2011-02-11 16:40 . 2011-02-11 16:40        85504        ----a-w-        c:\windows\system32\igfxrenu.lrc
2011-02-11 16:40 . 2011-02-11 16:40        828928        ----a-w-        c:\windows\system32\igfxress.dll
2011-02-11 16:40 . 2009-08-13 20:15        228864        ----a-w-        c:\windows\system32\igfxdev.dll
2011-02-11 16:35 . 2011-02-11 16:35        208896        ----a-w-        c:\windows\system32\iglhsip32.dll
2011-02-11 16:35 . 2011-02-11 16:35        147456        ----a-w-        c:\windows\system32\iglhcp32.dll
2011-02-03 05:54 . 2011-02-20 08:52        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 16:11 . 2009-10-05 20:36        222080        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\PHILIP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\PHILIP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\PHILIP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-08-12 16384]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-05-12 894312]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-10-19 3093816]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-02-01 220552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\PHILIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\PHILIP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-31 23360040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-25 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk]
backup=c:\windows\pss\RCIMGDIR.exe.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk
.
[HKLM\~\startupfolder\C:^Users^PHILIP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
path=c:\users\PHILIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07        932288        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44        500208        ------w-        c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57        406992        ----a-w-        c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2009-04-29 15:56        424512        ----a-w-        c:\progra~1\THINKV~1\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2010-05-12 01:25        214576        ------w-        c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 15:46        1159168        ------w-        c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 09:26        114688        ------w-        c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Network USB Utility]
2009-06-25 12:59        2585856        ----a-w-        c:\program files\D-Link\SharePort\SharePort.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 17:26        171032        ----a-w-        c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-07 04:29        186904        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IaNvSrv]
2009-10-06 10:41        33304        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 17:26        137752        ----a-w-        c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06        1840424        ----a-w-        c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JamInit]
2009-11-03 16:19        797280        ----a-w-        c:\windows\System32\U46Pan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES]
2010-04-20 11:23        62312        ----a-w-        c:\program files\Lenovo\Communications Utility\TPKNRRES.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
2009-05-27 20:09        49976        ----a-w-        c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 17:26        172568        ----a-w-        c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2010-02-04 10:14        358424        ----a-w-        c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43        248040        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14        65024        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
R1 U46_AA;Service for ESI U46 Controller driver;c:\windows\system32\DRIVERS\U46DRV.sys [2009-11-03 52320]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-10-20 106496]
R3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\Drivers\DlinkUDSTcpBus.sys [2009-06-22 61312]
R3 e36gbus;F3607gw Mobile Broadband Device driver (Win7);c:\windows\system32\DRIVERS\e36gbus.sys [2009-06-30 285056]
R3 e36gmdfl;F3607gw Mobile Broadband Data Modem Filter (Win7);c:\windows\system32\DRIVERS\e36gmdfl.sys [2009-06-30 14848]
R3 e36gmdm;F3607gw Mobile Broadband Data Modem Driver (Win7);c:\windows\system32\DRIVERS\e36gmdm.sys [2009-06-30 374272]
R3 e36gmgmt;F3607gw Mobile Broadband Device Management Drivers (Win7);c:\windows\system32\DRIVERS\e36gmgmt.sys [2009-06-30 357376]
R3 e36wgps;Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\e36wgps.sys [2009-07-10 82984]
R3 kx1avs;kx1avs;c:\windows\system32\Drivers\kx1avs.sys [2009-12-07 35408]
R3 kx1usb;kx1usb;c:\windows\system32\Drivers\kx1usb.sys [2009-12-07 276432]
R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys [2008-12-16 282880]
R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys [2008-12-16 356480]
R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys [2008-10-23 77864]
R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl2.sys [2008-12-16 15104]
R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\DRIVERS\lnvomdm2.sys [2008-12-16 408960]
R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys [2008-12-16 25984]
R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys [2008-12-16 375424]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]
R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys [2008-07-08 24232]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 U46WDM1_01;Service for ESI- U46 Audio driver;c:\windows\system32\DRIVERS\U46wdm.sys [2009-11-03 28256]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]
R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2009-07-29 213032]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-05-12 24304]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-20 691696]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-10-20 1701112]
S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-05-12 132456]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-10-20 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S2 WMCoreService;Mobile Broadband Core Service;c:\program files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2008-09-03 72192]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-10-20 485376]
S3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\DlinkUDSMBus.sys [2009-06-22 54528]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-22 225408]
S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-03-17 6758912]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService        REG_MULTI_SZ          HsfXAudioService
Akamai        REG_MULTI_SZ          Akamai
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: {104DA42A-AF92-4EAD-A5CA-A69FA72CAA1C} = 193.189.244.225 193.189.244.206
TCP: {21F96A6C-37DB-4DC8-B357-6F03E2511D69} = 192.168.0.1
TCP: {CAD288DE-9D16-4C4C-9336-4032F8BB446A} = 192.168.0.1
FF - ProfilePath - c:\users\PHILIP\AppData\Roaming\Mozilla\Firefox\Profiles\q5ee0yd9.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Wolfram Alpha Google: wolfram-google@sidthemonkey.com - %profile%\extensions\wolfram-google@sidthemonkey.com
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-LexwareInfoService - c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
MSConfigStartUp-LPMailChecker - c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe
MSConfigStartUp-LPManager - c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-TPFNF7 - c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe
AddRemove-ESI- U46 Audio Driver Setup - c:\program files\ESI\U46\uninst.exe Software\ESI\U46\Setup
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Nero\Nero8\\nero\uninstall\UNNERO.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4480)
c:\users\PHILIP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-02  22:06:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-02 20:06
.
Vor Suchlauf: 21 Verzeichnis(se), 92.232.761.344 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 92.790.579.200 Bytes frei
.
- - End Of File - - 3A55DD275A3C4BDC1981FD5A15FD0150
--- --- ---

cosinus 03.05.2011 08:23
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Xenos 03.05.2011 20:01
...alles erledigt, hier die Logs. Gruß, Philip


GMER Logfile:
Code:
GMER 1.0.15.15572 - hxxp://www.gmer.net
Rootkit scan 2011-05-03 20:51:56
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0  rev.
Running: xxxx47he.exe; Driver: C:\Users\PHILIP~1\AppData\Local\Temp\ugtdipoc.sys


---- System - GMER 1.0.15 ----

INT 0x52        ?                                                                                                                          92684CD8
INT 0x60        ?                                                                                                                          933B6058
INT 0x61        ?                                                                                                                          933B6558
INT 0x70        ?                                                                                                                          92684558
INT 0x71        ?                                                                                                                          933B67D8
INT 0x82        ?                                                                                                                          926847D8
INT 0xA2        ?                                                                                                                          933B6A58
INT 0xB3        ?                                                                                                                          92684A58

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13C1                                                                                              82E3E339 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                      82E77D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?              System32\Drivers\spmy.sys                                                                                                  Das System kann den angegebenen Pfad nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                                      91042D81 5 Bytes  JMP 8843C1D8
.text          agu6bfqf.SYS                                                                                                                978F9000 12 Bytes  [44, 78, 21, 83, EE, 76, 21, ...] {INC ESP; JS 0x24; SUB ESI, 0x76; AND [EBX-0x7cdea860], EAX}
.text          agu6bfqf.SYS                                                                                                                978F900D 9 Bytes  [57, 21, 83, 48, 7B, 21, 83, ...] {PUSH EDI; AND [EBX-0x7cde84b8], EAX; ADD [EAX], AL}
.text          agu6bfqf.SYS                                                                                                                978F9017 170 Bytes  [00, DE, 67, B8, 88, E6, 65, ...]
.text          agu6bfqf.SYS                                                                                                                978F90C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text          agu6bfqf.SYS                                                                                                                978F90CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text          ...                                                                                                                       
.reloc          C:\Windows\system32\drivers\acedrv11.sys                                                                                    section is executable [0xAC7D8300, 0x25D4C, 0xE0000060]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]  [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]  [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]  [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                      [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                        [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                      [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                    [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT            C:\Windows\System32\rundll32.exe[3816] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                      [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                      84DCB1F8
Device          \FileSystem\fastfat \FatCdrom                                                                                              8208A500
Device          \Driver\iaNvStor \Device\IAACache0                                                                                          84DC91F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{104DA42A-AF92-4EAD-A5CA-A69FA72CAA1C}                                                    8824D1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                            8838E500
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                            8838E500
Device          \Driver\iaNvStor \Device\RobsonImd-0                                                                                        84DC91F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                            8838E500
Device          \Driver\usbehci \Device\USBPDO-3                                                                                            8843B500
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                            8838E500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{3F37A3E8-2D40-4795-BC39-1A4852BFD95F}                                                    8824D1F8
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                            8838E500
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                            8838E500
Device          \Driver\PCI_PNP1222 \Device\00000063                                                                                        spmy.sys
Device          \Driver\ACPI_HAL \Device\00000057                                                                                          halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbehci \Device\USBPDO-7                                                                                            8843B500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                      84DC61F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                      84DC61F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                                93351500
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                      84DC61F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\iaStor \Device\Ide\iaStor0                                                                                          [88D05390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\iaStor \Device\Ide\IAAStorageDevice-0                                                                              [88D05390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                      84DC61F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{CAD288DE-9D16-4C4C-9336-4032F8BB446A}                                                    8824D1F8
Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                      84DC61F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                      fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                      rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{21F96A6C-37DB-4DC8-B357-6F03E2511D69}                                                    8824D1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                    8824D1F8
Device          \Driver\sptd \Device\2902389226                                                                                            spmy.sys
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                            8838E500
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                            8838E500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                            8838E500
Device          \Driver\usbehci \Device\USBFDO-3                                                                                            8843B500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                            8838E500
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                            8838E500
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                            8838E500
Device          \Driver\usbehci \Device\USBFDO-7                                                                                            8843B500
Device          \Driver\agu6bfqf \Device\Scsi\agu6bfqf1                                                                                    8848C1F8
Device          \Driver\agu6bfqf \Device\Scsi\agu6bfqf1Port1Path0Target0Lun0                                                                8848C1F8
Device          \FileSystem\fastfat \Fat                                                                                                    8208A500

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                    fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e74b55                                               
Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings                                                 
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                          771343423
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                          285507792
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                          1
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                           
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                        C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                        0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                        0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                      0xF7 0x84 0x94 0x1B ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                 
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                            0x5B 0xBE 0x00 0x16 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                             
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                        0x97 0x1A 0xFE 0x27 ...
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e74b55 (not active ControlSet)                           
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)                             
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                       
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                            C:\Program Files\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                            0xD4 0xC3 0x97 0x02 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                            0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                          0xF7 0x84 0x94 0x1B ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)             
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                    0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                0x5B 0xBE 0x00 0x16 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)         
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                            0x97 0x1A 0xFE 0x27 ...

---- EOF - GMER 1.0.15 ----
--- --- ---

_________________________________________________________

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:24:39 on 03.05.2011

OS: Windows 7  Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.16

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl
"PWMCP32V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP32V.cpl
"styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl
"TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL
"Nero BurnRights" - ? - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl  (File not found)
"PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"adfs" (adfs) - ? - C:\Windows\system32\drivers\adfs.sys  (File not found)
"agu6bfqf" (agu6bfqf) - "Microsoft Corporation" - C:\Windows\system32\drivers\agu6bfqf.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM86.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BlackBerry-Smartphone" (RimUsb) - ? - C:\Windows\System32\Drivers\RimUsb.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\PHILIP~1\AppData\Local\Temp\catchme.sys  (File not found)
"DlinkUDSTcpBus" (DlinkUDSTcpBus) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\Drivers\DlinkUDSTcpBus.sys
"DozeHDD" (DozeHDD) - "Lenovo." - C:\Windows\System32\DRIVERS\DozeHDD.sys
"Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM)" (lnvobus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvobus.sys
"Ericsson F3507g Mobile Broadband Minicard Data Modem" (lnvomdm2) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvomdm2.sys
"Ericsson F3507g Mobile Broadband Minicard Data Modem Filter" (lnvomdfl2) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvomdfl2.sys
"Ericsson F3507g Mobile Broadband Minicard Device Management" (lnvocard) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvocard.sys
"Ericsson F3507g Mobile Broadband Minicard GPS Port" (lnvogps) - "Ericsson AB" - C:\Windows\System32\DRIVERS\lnvogps.sys
"Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS)" (lnvond5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvond5.sys
"Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM)" (lnvounic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvounic.sys
"Ericsson F3507g Mobile Broadband Minicard PC SC Port" (Sony_EricssonWWSC) - "Sony Ericsson" - C:\Windows\System32\DRIVERS\lnvoscard.sys
"Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx86.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"UDS Master Bus of Kernel USB Software Bus by TCP" (DlinkUDSMBus) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\Drivers\DlinkUDSMBus.sys
"WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{4B392032-A759-43ED-9469-377C80A4472D} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll
{5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
{36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll
{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{27887764-0D0A-4C3C-B0C6-91A332FFF6A7} "DWFVShellExt Class" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\DWF Common\DWF_VShell.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} "ClsidExtension" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
"ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} "IePasswordManagerHelper Class" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\PHILIP\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Digital Line Detect.lnk" - "Avanquest Software " - C:\Program Files\Digital Line Detect\DLG.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SmartAudio" - ? - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AcWin7Hlpr" - ? - C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe  (File found, but it contains no detailed information)
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"CameraApplicationLauncher" - ? - C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe
"cssauth" - "Lenovo Group Limited" - "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
"FingerPrintSoftware" - "AuthenTec" - "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
"FingerPrintSoftwareSplashScreen" - "AuthenTec, Inc." - "C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe" \s
"IaNvSrv" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe
"picon" - ? - "C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe"
"PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SmartAudio" - ? - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
"SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"TPHOTKEY" - "Lenovo Group Limited" - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
"TPKMAPHELPER" - "Lenovo" - C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
"TpShocks" - "Lenovo." - TpShocks.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Universal Print Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPMPW081.DLL
"HPPMOPJL" - "Hewlett-Packard Company" - C:\Windows\system32\hppmopjl.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AcPrfMgrSvc" (AcPrfMgrSvc) - "Lenovo" - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
"AcSvc" (AcSvc) - "Lenovo" - C:\Program Files\Lenovo\Access Connections\AcSvc.exe
"AD Monitor" (ADMonitor) - ? - C:\Windows\system32\ADMonitor.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_a35e6b9.dll  (File found, but it contains no detailed information)
"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"AuthenTec Fingerprint Service" (ATService) - "AuthenTec, Inc." - C:\Windows\system32\AtService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Data Transfer Service" (dtsvc) - ? - C:\Windows\system32\DTS.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\AMT\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lenovo Camera Mute" (LENOVO.CAMMUTE) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
"Lenovo Keyboard Noise Reduction" (LENOVO.TPKNRSVC) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mobile Broadband Core Service" (WMCoreService) - ? - C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe  (File found, but it contains no detailed information)
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
"SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files\Lenovo\System Update\SUService.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG.exe
"ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
"TSS Core Service" (TSSCoreService) - "Lenovo" - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

_______________________________________________________________



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: LENOVO
BIOS Manufacturer: LENOVO
System Manufacturer: LENOVO
System Product Name: 74585SG
Logical Drives Mask: 0x00050034

Kernel Drivers (total 223):
0x82E00000 \SystemRoot\system32\ntkrnlpa.exe
0x83212000 \SystemRoot\system32\halmacpi.dll
0x80B97000 \SystemRoot\system32\kdcom.dll
0x88809000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8888E000 \SystemRoot\system32\PSHED.dll
0x8889F000 \SystemRoot\system32\BOOTVID.dll
0x888A7000 \SystemRoot\system32\CLFS.SYS
0x888E9000 \SystemRoot\system32\CI.dll
0x88A09000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88A7A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88A88000 \SystemRoot\System32\Drivers\spmy.sys
0x88B7B000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x88B84000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x88BAA000 \SystemRoot\system32\drivers\ACPI.sys
0x88BF2000 \SystemRoot\system32\drivers\vdrvroot.sys
0x88994000 \SystemRoot\system32\drivers\pci.sys
0x88A00000 \SystemRoot\system32\drivers\msisadrv.sys
0x889BE000 \SystemRoot\System32\drivers\partmgr.sys
0x889CF000 \SystemRoot\system32\drivers\volmgr.sys
0x88C0B000 \SystemRoot\System32\drivers\volmgrx.sys
0x88C56000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88C5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88C69000 \SystemRoot\System32\drivers\mountmgr.sys
0x88C7F000 \SystemRoot\system32\drivers\vmbus.sys
0x88CA9000 \SystemRoot\system32\drivers\winhv.sys
0x88CBB000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x88D95000 \SystemRoot\system32\DRIVERS\iaNvStor.sys
0x88DE0000 \SystemRoot\system32\drivers\amdxata.sys
0x88E1B000 \SystemRoot\system32\drivers\fltmgr.sys
0x88E4F000 \SystemRoot\system32\drivers\fileinfo.sys
0x88E60000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F8F000 \SystemRoot\System32\Drivers\msrpc.sys
0x88FBA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8903A000 \SystemRoot\System32\Drivers\cng.sys
0x89097000 \SystemRoot\System32\drivers\pcw.sys
0x890A5000 \SystemRoot\System32\DRIVERS\DozeHDD.sys
0x890AA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x890B3000 \SystemRoot\system32\drivers\ndis.sys
0x8916A000 \SystemRoot\system32\drivers\NETIO.SYS
0x891A8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8922E000 \SystemRoot\System32\drivers\tcpip.sys
0x89378000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x893A9000 \SystemRoot\system32\drivers\vmstorfl.sys
0x893B2000 \SystemRoot\system32\drivers\volsnap.sys
0x893F1000 \SystemRoot\System32\DRIVERS\ApsHM86.sys
0x89200000 \SystemRoot\System32\Drivers\spldr.sys
0x891CD000 \SystemRoot\System32\drivers\rdyboost.sys
0x89208000 \SystemRoot\System32\DRIVERS\Apsx86.sys
0x89000000 \SystemRoot\System32\Drivers\mup.sys
0x89010000 \SystemRoot\System32\drivers\hwpolicy.sys
0x88FCD000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x89018000 \SystemRoot\system32\DRIVERS\disk.sys
0x8941F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8955B000 \SystemRoot\System32\Drivers\Null.SYS
0x89562000 \SystemRoot\System32\Drivers\Beep.SYS
0x89569000 \SystemRoot\System32\drivers\vga.sys
0x89575000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x89596000 \SystemRoot\System32\drivers\watchdog.sys
0x895A3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x895AB000 \SystemRoot\system32\drivers\rdpencdd.sys
0x895B3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x895BB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x895C6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x895D4000 \SystemRoot\system32\DRIVERS\tdx.sys
0x895EB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E631000 \SystemRoot\system32\drivers\afd.sys
0x8E68B000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E6BD000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8E6C4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E6E3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8E6F4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E702000 \SystemRoot\system32\DRIVERS\serial.sys
0x8E71C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E742000 \SystemRoot\System32\drivers\Tppwr32v.sys
0x8E749000 \SystemRoot\system32\drivers\termdd.sys
0x8E75A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8E760000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E7A1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E7AB000 \SystemRoot\system32\drivers\mssmbios.sys
0x8E7B5000 \SystemRoot\system32\DRIVERS\smiif32.sys
0x8E7B7000 \SystemRoot\System32\drivers\discache.sys
0x8EE1F000 \SystemRoot\system32\drivers\csc.sys
0x8EE83000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EE9B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8EEA9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8EECF000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8EED1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EEF2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8F63A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8EF04000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8FF5A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8FF93000 \SystemRoot\system32\DRIVERS\HECI.sys
0x8FF9D000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8FFA7000 \SystemRoot\system32\DRIVERS\e1y6032.sys
0x8FFE1000 \SystemRoot\system32\drivers\usbuhci.sys
0x9101E000 \SystemRoot\system32\drivers\USBPORT.SYS
0x91069000 \SystemRoot\system32\drivers\usbehci.sys
0x91078000 \SystemRoot\system32\drivers\HDAudBus.sys
0x97221000 \SystemRoot\system32\DRIVERS\NETw5s32.sys
0x9789D000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x978A7000 \SystemRoot\system32\drivers\i8042prt.sys
0x978BF000 \SystemRoot\system32\drivers\kbdclass.sys
0x978CC000 \SystemRoot\system32\DRIVERS\tp4track.sys
0x978D6000 \SystemRoot\system32\drivers\mouclass.sys
0x978E3000 \SystemRoot\system32\drivers\tpm.sys
0x978EF000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x978F3000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0x978F8000 \SystemRoot\System32\Drivers\agu6bfqf.SYS
0x97931000 \SystemRoot\system32\drivers\wmiacpi.sys
0x9793A000 \SystemRoot\system32\drivers\CompositeBus.sys
0x97947000 \SystemRoot\system32\DRIVERS\serscan.sys
0x9794F000 \SystemRoot\System32\Drivers\DlinkUDSMBus.sys
0x9795D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9796F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x97987000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x97992000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x979B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x979CC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x979E3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x97200000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9720A000 \SystemRoot\system32\DRIVERS\psadd.sys
0x97211000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0x97219000 \SystemRoot\system32\drivers\swenum.sys
0x91097000 \SystemRoot\system32\drivers\ks.sys
0x910CB000 \SystemRoot\system32\drivers\umbus.sys
0x910D9000 \SystemRoot\system32\drivers\usbhub.sys
0x9111D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9112E000 \SystemRoot\system32\drivers\CHDRT32.sys
0x911A3000 \SystemRoot\system32\drivers\portcls.sys
0x911D2000 \SystemRoot\system32\drivers\drmk.sys
0x8EFBB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x9A004000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x9A106000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x9A1BB000 \SystemRoot\system32\drivers\modem.sys
0x9A1C8000 \SystemRoot\system32\drivers\cdrom.sys
0x9A1E7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x824B0000 \SystemRoot\System32\win32k.sys
0x9A1ED000 \SystemRoot\System32\drivers\Dxapi.sys
0x911EB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x89444000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x91000000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8A215000 \SystemRoot\System32\Drivers\ATSwpWDF.sys
0x8A28A000 \SystemRoot\system32\drivers\usbccgp.sys
0x8A2A1000 \SystemRoot\system32\drivers\USBD.SYS
0x8A2A3000 \SystemRoot\system32\DRIVERS\5U875.sys
0x8A2B5000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8A307000 \SystemRoot\system32\DRIVERS\e36gwh.sys
0x8A363000 \SystemRoot\system32\DRIVERS\e36gcm.sys
0x82710000 \SystemRoot\System32\TSDDD.dll
0x82740000 \SystemRoot\System32\cdd.dll
0x82760000 \SystemRoot\System32\ATMFD.DLL
0x8F600000 \SystemRoot\system32\drivers\luafv.sys
0x8A200000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8F61B000 \SystemRoot\system32\drivers\WudfPf.sys
0x8FFEC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAC612000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAC658000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAC668000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAC67B000 \SystemRoot\system32\drivers\HTTP.sys
0xAC700000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAC719000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAC72B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAC74E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAC789000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC7BC000 \??\C:\Windows\system32\drivers\acedrv11.sys
0xAC600000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE817000 \SystemRoot\system32\drivers\peauth.sys
0xAE8B2000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE8BC000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAE8DD000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE8EA000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0xAE8F2000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE942000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE994000 \SystemRoot\System32\drivers\ipnat.sys
0xAE9C3000 \SystemRoot\System32\Drivers\fastfat.SYS
0xC2477000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xC2588000 \SystemRoot\system32\DRIVERS\monitor.sys
0xC2593000 \SystemRoot\system32\DRIVERS\e36gbus.sys
0xC2400000 \SystemRoot\system32\DRIVERS\e36gmdm.sys
0xC245A000 \SystemRoot\system32\DRIVERS\e36gmdfl.sys
0xC2480000 \SystemRoot\system32\DRIVERS\e36gmgmt.sys
0xC24D6000 \SystemRoot\system32\DRIVERS\WwanUsbMp.sys
0xC2544000 \??\C:\Users\PHILIP~1\AppData\Local\Temp\ugtdipoc.sys
0x76F90000 \Windows\System32\ntdll.dll
0x47E50000 \Windows\System32\smss.exe
0x771D0000 \Windows\System32\apisetschema.dll
0x00C30000 \Windows\System32\autochk.exe
0x771A0000 \Windows\System32\imm32.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
0x77190000 \Windows\System32\lpk.dll
0x77110000 \Windows\System32\comdlg32.dll
0x77100000 \Windows\System32\nsi.dll
0x76DF0000 \Windows\System32\setupapi.dll
0x76D90000 \Windows\System32\difxapi.dll
0x76D30000 \Windows\System32\shlwapi.dll
0x770F0000 \Windows\System32\normaliz.dll
0x76C30000 \Windows\System32\wininet.dll
0x770E0000 \Windows\System32\psapi.dll
0x76B90000 \Windows\System32\advapi32.dll
0x76A30000 \Windows\System32\ole32.dll
0x76960000 \Windows\System32\msctf.dll
0x76820000 \Windows\System32\urlmon.dll
0x76800000 \Windows\System32\sechost.dll
0x767C0000 \Windows\System32\ws2_32.dll
0x76710000 \Windows\System32\rpcrt4.dll
0x76670000 \Windows\System32\usp10.dll
0x76620000 \Windows\System32\Wldap32.dll
0x76590000 \Windows\System32\oleaut32.dll
0x76560000 \Windows\System32\imagehlp.dll
0x764B0000 \Windows\System32\msvcrt.dll
0x76460000 \Windows\System32\gdi32.dll
0x763D0000 \Windows\System32\clbcatq.dll
0x75780000 \Windows\System32\shell32.dll
0x756B0000 \Windows\System32\user32.dll
0x754B0000 \Windows\System32\iertutil.dll
0x753D0000 \Windows\System32\kernel32.dll
0x75380000 \Windows\System32\KernelBase.dll
0x75260000 \Windows\System32\crypt32.dll
0x75240000 \Windows\System32\devobj.dll
0x75210000 \Windows\System32\cfgmgr32.dll
0x751E0000 \Windows\System32\wintrust.dll
0x75150000 \Windows\System32\comctl32.dll
0x770D0000 \Windows\System32\msasn1.dll

Processes (total 92):
0 System Idle Process
4 System
372 C:\Windows\System32\smss.exe
492 csrss.exe
548 C:\Windows\System32\wininit.exe
556 csrss.exe
596 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
688 C:\Windows\System32\winlogon.exe
792 C:\Windows\System32\svchost.exe
876 C:\Windows\System32\DTS.exe
900 C:\Windows\System32\ibmpmsvc.exe
940 C:\Windows\System32\AtService.exe
968 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\svchost.exe
1512 C:\Windows\System32\svchost.exe
1632 C:\Windows\System32\wlanext.exe
1640 C:\Windows\System32\svchost.exe
1648 C:\Windows\System32\conhost.exe
1784 C:\Windows\System32\spoolsv.exe
1840 C:\Windows\System32\svchost.exe
1868 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1968 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
2000 C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
108 C:\Windows\System32\svchost.exe
412 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
452 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
748 C:\Program Files\Bonjour\mDNSResponder.exe
1068 C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
1392 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1360 C:\Windows\System32\conhost.exe
1000 C:\Windows\System32\svchost.exe
2072 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
2104 C:\Program Files\Lenovo\Communications Utility\CamMute.exe
2172 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
2232 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
2308 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2408 C:\Windows\System32\svchost.exe
2444 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
2492 C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
2560 C:\Program Files\Lenovo\Access Connections\AcSvc.exe
2596 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2616 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2664 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3344 unsecapp.exe
3392 WmiPrvSE.exe
3636 C:\Windows\System32\alg.exe
3912 C:\Windows\System32\svchost.exe
4028 C:\Windows\System32\taskhost.exe
2396 C:\Windows\System32\dwm.exe
3044 C:\Windows\explorer.exe
3772 C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
1384 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
1108 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
3816 C:\Windows\System32\rundll32.exe
3828 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
4048 C:\Program Files\Lenovo\ZOOM\TpScrex.exe
2904 C:\Windows\System32\TpShocks.exe
2928 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
1120 C:\Program Files\PDF24\pdf24.exe
420 C:\Windows\System32\hkcmd.exe
2908 C:\Windows\System32\igfxpers.exe
4152 C:\Program Files\iTunes\iTunesHelper.exe
4172 C:\Windows\System32\igfxsrvc.exe
4240 C:\Program Files\Digital Line Detect\DLG.exe
4424 C:\Windows\System32\igfxext.exe
4540 C:\Windows\System32\SearchIndexer.exe
4692 C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
4704 C:\Program Files\iPod\bin\iPodService.exe
5140 C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
2188 C:\Windows\System32\svchost.exe
5228 C:\Program Files\Windows Media Player\wmpnetwk.exe
5712 C:\Program Files\Intel\AMT\LMS.exe
1708 C:\Program Files\Lenovo\System Update\SUService.exe
456 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
600 C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
1368 C:\Windows\System32\svchost.exe
3736 C:\Users\PHILIP\Desktop\xxxx47he.exe
2572 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
996 C:\Windows\System32\audiodg.exe
2288 C:\Windows\System32\notepad.exe
5920 C:\Windows\System32\SearchProtocolHost.exe
3668 C:\Windows\System32\SearchFilterHost.exe
1876 dllhost.exe
4004 dllhost.exe
6004 C:\Users\PHILIP\Desktop\MBRCheck.exe
3920 C:\Windows\System32\conhost.exe
5656 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000031`31f00000 (NTFS)
\\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000037`c7a00000 (NTFS)
\\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-08VAT2, Rev: 14.01A14

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

cosinus 04.05.2011 10:55
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Xenos 08.05.2011 12:41
Hey Arne,

schon einmal vielen Dank für die super Unterstützung. Es hat ein paar Tage gedauert, hier nun die (hoffentlich letzten) Logs.

Beste Grüße, Philip

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6524

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

07.05.2011 10:20:05
mbam-log-2011-05-07 (10-20-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|Q:\|S:\|)
Durchsuchte Objekte: 362695
Laufzeit: 1 Stunde(n), 23 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/08/2011 at 01:36 PM

Application Version : 4.52.1000

Core Rules Database Version : 7012
Trace Rules Database Version: 4824

Scan type : Complete Scan
Total Scan Time : 01:02:44

Memory items scanned : 989
Memory threats detected : 0
Registry items scanned : 11388
Registry threats detected : 0
File items scanned : 37222
File threats detected : 84

Adware.Tracking Cookie
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ad.zanox[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@bs.serving-sys[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@content.yieldmanager[4].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ad.yieldmanager[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@webmasterplan[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@traffictrack[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@de.sitestat[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@content.yieldmanager[10].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@mediaplex[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@atwola[4].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tradedoubler[6].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@content.yieldmanager[9].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@eyewonder[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@adserver.traffictrack[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@doubleclick[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tracking.mindshare[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ad.adc-serv[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@adserver.traffictrack[4].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@xiti[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@adfarm1.adition[6].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@track.adform[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@content.yieldmanager[5].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tradedoubler[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ad.adnet[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@zanox[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@serving-sys[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@www.zanox-affiliate[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ad2.adfarm1.adition[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ads.creative-serving[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tracking.quisma[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@advertising[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@unitymedia[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tracking.hannoversche[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@apmebf[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@atdmt[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@atwola[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@2o7[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@zanox-affiliate[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\Low\PHILIP@smartadserver[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\Low\PHILIP@atdmt[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\Low\PHILIP@msnportal.112.2o7[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\Low\PHILIP@ww251.smartadserver[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\Low\PHILIP@doubleclick[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ad.yieldmanager[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@traffictrack[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@bs.serving-sys[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@adfarm1.adition[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@zanox[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@apmebf[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tracking.mindshare[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@adfarm1.adition[5].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tto2.traffictrack[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@content.yieldmanager[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@webmasterplan[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@serving-sys[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ar.atwola[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@zanox-affiliate[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@content.yieldmanager[7].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ad.performance-netzwerk[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tradedoubler[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@adfarm1.adition[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@mediaplex[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tradedoubler[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ar.atwola[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tradedoubler[4].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@tracking.quisma[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@atwola[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@atwola[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ad.zanox[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@content.yieldmanager[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ad.yieldmanager[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@adfarm1.adition[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@adserver.traffictrack[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@www.zanox-affiliate[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@content.yieldmanager[8].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@doubleclick[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@zbox.zanox[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@ad.yieldmanager[4].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@zanox[3].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@atdmt[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@apmebf[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@content.yieldmanager[1].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@imrworldwide[2].txt
C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Cookies\PHILIP@2o7[1].txt

cosinus 08.05.2011 14:32
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131