| |
| |||||||
Log-Analyse und Auswertung: Trojaner-Infektion aus FacebookWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.08.2011, 09:44
| #1 |
 |  Trojaner-Infektion aus Facebook Hallo, ich habe mir einen Trojaner aus Facebook eingefangen. Über einen Link der mir von einem "Freund" im Chat gepostet wurde, ein Youtube Video sein sollte und ein Flashplayer Update erforderte. Über den Link zum Flashplayer Update kam der Virus dann auf meinen Rechner. Ich habe alle Scans mit dem Defogger, OTL u. Gmer ausgeführt. Die Logs davon sind anbei. Hier ist das OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.08.2011 09:49:21 - Run 1 OTL by OldTimer - Version 3.2.26.6 Folder = C:\Dokumente und Einstellungen\Manu\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,98 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 73,51% Memory free 3,83 Gb Paging File | 3,37 Gb Available in Paging File | 87,96% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 97,65 Gb Total Space | 13,07 Gb Free Space | 13,39% Space Free | Partition Type: NTFS Drive D: | 200,43 Gb Total Space | 114,04 Gb Free Space | 56,90% Space Free | Partition Type: NTFS Computer Name: MANU01 | User Name: Manu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.08.28 09:45:01 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Manu\Desktop\OTL.exe PRC - [2011.06.24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe PRC - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2011.04.18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.10.26 19:41:08 | 000,118,784 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe PRC - [2008.10.26 19:38:40 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe PRC - [2008.10.26 19:33:22 | 001,676,536 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe PRC - [2008.09.18 18:46:00 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2008.08.31 20:02:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE PRC - [2008.08.20 17:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.08.20 17:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe PRC - [2008.08.20 17:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.08.11 07:53:12 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2008.07.30 21:00:00 | 000,060,192 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe PRC - [2008.06.13 21:27:44 | 000,861,496 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\password_manager.exe PRC - [2008.06.13 18:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2008.05.14 17:42:40 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008.05.14 17:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe PRC - [2008.05.14 17:25:12 | 000,520,192 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.28 06:56:02 | 000,342,624 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe PRC - [2008.03.24 07:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2008.03.24 03:15:04 | 000,068,464 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006.12.28 20:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe ========== Modules (No Company Name) ========== MOD - [2011.08.12 03:10:16 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll MOD - [2011.08.12 03:10:07 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll MOD - [2011.08.12 03:10:01 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\6e563a58e6fc0117070d5b8fd59e4e1b\System.Management.ni.dll MOD - [2011.08.12 03:09:01 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll MOD - [2011.08.12 03:07:05 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll MOD - [2011.08.12 03:07:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll MOD - [2011.08.12 03:06:48 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll MOD - [2011.08.12 03:05:41 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll MOD - [2011.08.12 03:04:55 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011.06.15 22:23:10 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll MOD - [2011.06.15 02:16:59 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2009.01.29 22:04:19 | 001,683,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3152.38760__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2009.01.29 22:04:19 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3152.38973__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2009.01.29 22:04:19 | 000,266,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3152.38718__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2009.01.29 22:04:19 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3152.38771__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2009.01.29 22:04:19 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3152.38941__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2009.01.29 22:04:19 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3152.38905__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2009.01.29 22:04:19 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3152.38752__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2009.01.29 22:04:19 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2009.01.29 22:04:19 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3152.38738__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2009.01.29 22:04:13 | 000,348,160 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3152.38913__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:13 | 000,147,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Dashboard\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:13 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3152.38980__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:13 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3152.38919__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2009.01.29 22:04:13 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3152.38732__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:13 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3152.38912__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2009.01.29 22:04:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Runtime\2.0.3152.38986__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Runtime.dll MOD - [2009.01.29 22:04:12 | 000,806,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3152.38871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:12 | 000,585,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3152.38785__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:12 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3152.38858__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:12 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3152.38739__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:12 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3152.38932__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2009.01.29 22:04:12 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3152.38899__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:12 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3152.38865__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:12 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2009.01.29 22:04:12 | 000,221,184 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3152.38778__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:12 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3152.38887__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2009.01.29 22:04:12 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2009.01.29 22:04:12 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3152.38864__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2009.01.29 22:04:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3152.38791__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2009.01.29 22:04:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3152.38870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2009.01.29 22:04:12 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3152.38886__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2009.01.29 22:04:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3036.27930__90ba9c70f846762e\LOG.Foundation.dll MOD - [2009.01.29 22:04:12 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3152.38898__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2009.01.29 22:04:12 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3036.27933__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2009.01.29 22:04:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3036.27945__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2009.01.29 22:04:12 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3036.27937__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2009.01.29 22:04:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3036.27960__90ba9c70f846762e\MOM.Foundation.dll MOD - [2009.01.29 22:04:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3036.27963__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2009.01.29 22:04:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2009.01.29 22:04:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3036.27961__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2009.01.29 22:04:12 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3036.27993__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2009.01.29 22:04:12 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2009.01.29 22:04:11 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3036.27933__90ba9c70f846762e\CLI.Foundation.dll MOD - [2009.01.29 22:04:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3036.27946__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2009.01.29 22:04:11 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3036.27976__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3036.27978__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3036.27959__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3036.28032__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2009.01.29 22:04:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay4.Graphics.Shared\2.0.3076.23108__90ba9c70f846762e\CLI.Aspect.PowerPlay4.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MultiVPU4.Graphics.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Aspect.MultiVPU4.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.3036.27990__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3036.27977__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3036.27962__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2009.01.29 22:04:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3036.27964__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2009.01.29 22:04:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3036.27948__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2009.01.29 22:04:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3036.27945__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2009.01.29 22:04:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3036.27940__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2009.01.29 22:04:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3036.27966__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2009.01.29 22:04:11 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3036.27961__90ba9c70f846762e\APM.Foundation.dll MOD - [2009.01.29 22:04:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3036.27964__90ba9c70f846762e\DEM.OS.dll MOD - [2009.01.29 22:04:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2009.01.29 22:04:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3036.27964__90ba9c70f846762e\DEM.Graphics.dll MOD - [2009.01.29 22:04:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2009.01.29 22:04:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3036.27944__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2009.01.29 22:04:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3036.27974__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2009.01.29 22:04:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3036.27965__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2009.01.29 22:04:11 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3036.27944__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.01.29 22:04:09 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3152.39004__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2009.01.29 22:04:09 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3152.38711_de_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll MOD - [2009.01.29 22:04:09 | 000,005,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.3152.38954_de_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll MOD - [2009.01.29 22:04:08 | 000,991,232 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3152.38725__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2009.01.29 22:04:08 | 000,417,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3152.38954__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2009.01.29 22:04:08 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3152.38746__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2009.01.29 22:04:08 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3152.38963__90ba9c70f846762e\MOM.Implementation.dll MOD - [2009.01.29 22:04:08 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3152.38710__90ba9c70f846762e\ATIDEMOS.dll MOD - [2009.01.29 22:04:08 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3152.38961__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2009.01.29 22:04:08 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3152.38711__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2009.01.29 22:04:08 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3152.38710__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2009.01.29 22:04:08 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3152.38708__90ba9c70f846762e\APM.Server.dll MOD - [2009.01.29 22:04:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2009.01.29 22:04:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3152.38709__90ba9c70f846762e\AEM.Server.dll MOD - [2009.01.29 22:04:08 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3152.38992__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2009.01.29 22:04:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3036.27937__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2009.01.29 22:04:08 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3036.27949__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2009.01.29 22:04:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2009.01.29 22:04:08 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2009.01.29 22:04:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3152.38962__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009.01.29 22:04:08 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3036.27962__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2009.01.29 22:04:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3036.27961__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2009.01.29 22:04:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3036.27959__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2009.01.29 22:04:08 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3036.27979__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009.01.29 22:04:08 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3036.27941__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2009.01.29 22:04:08 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2009.01.29 22:04:08 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2009.01.29 22:04:08 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3152.38709__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009.01.29 21:46:06 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.01.29 21:46:03 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.01.29 21:46:01 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2008.10.26 19:38:40 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\DTS.exe MOD - [2008.10.26 19:37:30 | 000,634,880 | ---- | M] () -- C:\Programme\Lenovo Fingerprint Software\SharedResources.dll MOD - [2008.09.18 18:46:00 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL MOD - [2008.09.18 18:46:00 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe MOD - [2008.09.18 18:46:00 | 000,049,152 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2008.08.20 17:10:50 | 000,200,704 | ---- | M] () -- C:\Programme\Intel\WiFi\bin\iWMSProv.dll MOD - [2008.06.09 18:23:38 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008.05.14 17:25:12 | 000,520,192 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe MOD - [2008.05.14 17:08:56 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll MOD - [2008.05.14 17:08:56 | 000,139,264 | ---- | M] () -- c:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll MOD - [2007.08.13 11:39:15 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl31cl3.dll MOD - [2007.06.18 17:28:44 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL MOD - [2005.04.19 21:52:40 | 000,282,624 | ---- | M] () -- C:\Programme\Network Print Monitor\Driver.DLL MOD - [2003.04.21 12:12:14 | 000,119,808 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService) SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [Auto | Stopped] -- -- (AntiVirService) SRV - File not found [Auto | Stopped] -- -- (AntiVirSchedulerService) SRV - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2011.04.18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2008.10.26 19:41:08 | 000,118,784 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer) SRV - [2008.10.26 19:38:40 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DTS.exe -- (dtsvc) SRV - [2008.10.26 19:38:34 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\ADMonitor.exe -- (ADMonitor) SRV - [2008.10.26 19:33:22 | 001,676,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService) SRV - [2008.10.09 11:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor) SRV - [2008.09.18 18:46:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2008.08.20 17:38:30 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.08.20 17:18:34 | 000,905,216 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2008.08.20 17:08:02 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.06.13 18:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2008.05.14 17:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2008.05.14 17:25:12 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2008.04.25 09:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2008.03.28 06:56:02 | 000,342,624 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2008.03.24 08:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr) SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.06.29 00:27:08 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.29 00:27:08 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.07.18 14:58:34 | 000,822,400 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.11.24 11:43:30 | 000,154,672 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008.10.26 20:37:18 | 000,482,176 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008.09.25 01:49:52 | 000,031,680 | R--- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2008.09.18 18:46:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2008.08.29 00:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008.08.19 06:57:20 | 003,103,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008.08.04 12:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2008.07.30 21:00:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2008.05.14 17:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2008.05.14 17:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2008.05.07 20:24:22 | 000,021,280 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\PCDR5\pcd5srvc.pkms -- (PCD5SRVC{DF187064-5DA14001-05040000}) DRV - [2008.04.09 12:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2008.04.09 12:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2008.04.09 12:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2008.03.27 10:18:18 | 000,990,632 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008.03.27 10:18:12 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008.03.26 07:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm) DRV - [2008.03.26 07:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2008.02.22 16:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2008.02.15 11:01:00 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2008.02.04 10:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2008.01.09 09:52:32 | 000,040,960 | R--- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rts5161ccid.sys -- (USBCCID) DRV - [2007.11.29 10:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007.09.20 04:59:14 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007.07.30 04:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.07.30 03:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2007.06.18 17:29:52 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM) DRV - [2007.06.18 17:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM) DRV - [2007.06.18 17:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2007.06.18 17:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2007.06.18 17:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2007.06.18 17:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2007.06.18 17:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2007.06.18 17:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2007.02.16 16:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.02.08 21:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M) DRV - [2007.02.08 21:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2003.05.28 18:53:46 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32) DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.17 22:00:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.13 14:46:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Programme\Lenovo\Client Security Solution\PWM Firefox Extension [2009.06.01 16:08:38 | 000,000,000 | ---D | M] [2009.06.01 18:20:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\Mozilla\Extensions [2011.07.05 08:14:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\Mozilla\Firefox\Profiles\jxm42qss.default\extensions [2010.02.19 23:16:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\Mozilla\Firefox\Profiles\jxm42qss.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.06.03 17:40:41 | 000,001,330 | ---- | M] () -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\Mozilla\Firefox\Profiles\jxm42qss.default\searchplugins\wikipedia-en.xml [2011.07.10 00:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.21 00:57:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.06.13 14:46:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\MANU\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JXM42QSS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2010.02.13 10:22:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009.09.02 23:41:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.08.17 22:00:30 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.05.06 22:05:06 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.06 22:05:06 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.05.06 22:05:06 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.05.06 22:05:06 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.06 22:05:06 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.06 22:05:06 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.08.28 02:41:32 | 000,202,984 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 facebook.com O1 - Hosts: 127.0.0.1 www.facebook.com O1 - Hosts: 127.0.0.1 af-za.facebook.com O1 - Hosts: 127.0.0.1 az-az.facebook.com O1 - Hosts: 127.0.0.1 id-id.facebook.com O1 - Hosts: 127.0.0.1 ms-my.facebook.com O1 - Hosts: 127.0.0.1 bs-ba.facebook.com O1 - Hosts: 127.0.0.1 ca-es.facebook.com O1 - Hosts: 127.0.0.1 cs-cz.facebook.com O1 - Hosts: 127.0.0.1 cy-gb.facebook.com O1 - Hosts: 127.0.0.1 da-dk.facebook.com O1 - Hosts: 127.0.0.1 de-de.facebook.com O1 - Hosts: 127.0.0.1 et-ee.facebook.com O1 - Hosts: 127.0.0.1 en-gb.facebook.com O1 - Hosts: 127.0.0.1 es-la.facebook.com O1 - Hosts: 127.0.0.1 eo-eo.facebook.com O1 - Hosts: 127.0.0.1 eu-es.facebook.com O1 - Hosts: 127.0.0.1 tl-ph.facebook.com O1 - Hosts: 127.0.0.1 fo-fo.facebook.com O1 - Hosts: 127.0.0.1 fr-fr.facebook.com O1 - Hosts: 127.0.0.1 fy-nl.facebook.com O1 - Hosts: 127.0.0.1 ga-ie.facebook.com O1 - Hosts: 127.0.0.1 gl-es.facebook.com O1 - Hosts: 127.0.0.1 ko-kr.facebook.com O1 - Hosts: 50053 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] File not found O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [FingerPrintSoftware] C:\Programme\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [tray_ico] File not found O4 - HKLM..\Run: [tray_ico2] File not found O4 - HKLM..\Run: [tray_ico3] File not found O4 - HKLM..\Run: [tray_ico4] File not found O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - C:\Programme\Lenovo\HOTKEY\notifyf2.dll - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Manu\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Manu\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O31 - SafeBoot: AlternateShell - services32.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{061fa66c-d3cd-11de-bd4d-002186ff0313}\Shell - "" = AutoRun O33 - MountPoints2\{061fa66c-d3cd-11de-bd4d-002186ff0313}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{061fa66c-d3cd-11de-bd4d-002186ff0313}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{ec7e5a81-33d1-11e0-befb-002186ff0313}\Shell\AutoRun\command - "" = G:\RavMon.exe O33 - MountPoints2\{ec7e5a81-33d1-11e0-befb-002186ff0313}\Shell\explore\Command - "" = G:\RavMon.exe -e O33 - MountPoints2\{ec7e5a81-33d1-11e0-befb-002186ff0313}\Shell\open\Command - "" = G:\RavMon.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe - (Avanquest Software ) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: CameraApplicationLauncher - hkey= - key= - C:\Programme\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe () MsConfig - StartUpReg: GhostStartTrayApp - hkey= - key= - File not found MsConfig - StartUpReg: Samsung PanelMgr - hkey= - key= - C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.08.28 09:45:01 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Manu\Desktop\OTL.exe [2011.08.28 05:01:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.8.1 [2011.08.28 02:20:50 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware [2011.08.27 09:41:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\Malwarebytes [2011.08.27 09:41:41 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.08.27 09:41:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.08.27 09:41:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.08.27 09:41:38 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.08.27 09:41:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.08.25 21:01:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2011.08.23 00:11:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.7.1 [2011.08.23 00:10:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa [2011.08.23 00:10:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix [2011.08.23 00:09:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2 [2011.08.23 00:07:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0 [2011.08.23 00:05:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\WinRAR [2011.08.23 00:00:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-9-0-lnk [2011.08.23 00:00:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-9-0 [2011.08.22 23:58:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico [2011.08.22 23:56:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1 [2011.08.22 23:56:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0-lnk [2011.08.22 23:56:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-8-0 [2011.08.22 23:54:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus [2011.08.22 23:54:46 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2009.01.29 21:59:34 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2009.01.29 21:59:29 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.08.28 09:45:01 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Manu\Desktop\OTL.exe [2011.08.28 09:43:15 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Manu\defogger_reenable [2011.08.28 09:39:38 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Manu\Desktop\Defogger.exe [2011.08.28 09:38:08 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Manu\.rnd [2011.08.28 09:37:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2011.08.28 09:37:48 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.08.28 09:37:40 | 000,001,024 | ---- | M] () -- C:\.rnd [2011.08.28 09:37:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.08.28 09:37:32 | 2124,443,648 | -HS- | M] () -- C:\hiberfil.sys [2011.08.28 05:01:05 | 000,000,222 | ---- | M] () -- C:\WINDOWS\info1 [2011.08.28 02:20:54 | 000,000,629 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.28 01:51:59 | 000,000,144 | ---- | M] () -- C:\WINDOWS\wiso.ini [2011.08.28 00:42:00 | 000,001,719 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2011.08.27 00:28:04 | 000,048,640 | ---- | M] () -- C:\Dokumente und Einstellungen\Manu\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.24 01:15:59 | 000,463,354 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.08.24 01:15:59 | 000,444,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.08.24 01:15:59 | 000,086,180 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.08.24 01:15:59 | 000,072,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.08.23 00:10:12 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar [2011.08.23 00:10:12 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe [2011.08.23 00:10:12 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar [2011.08.23 00:10:11 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar [2011.08.23 00:05:26 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar [2011.08.23 00:00:31 | 000,000,215 | ---- | M] () -- C:\boot.ini [2011.08.22 23:59:03 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok [2011.08.22 23:54:46 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2011.08.12 03:03:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.08.28 09:43:15 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Manu\defogger_reenable [2011.08.28 09:39:38 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Manu\Desktop\Defogger.exe [2011.08.28 09:37:37 | 000,001,024 | ---- | C] () -- C:\.rnd [2011.08.28 06:02:20 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Manu\.rnd [2011.08.27 09:41:41 | 000,000,629 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.08.23 00:10:12 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar [2011.08.23 00:10:12 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar [2011.08.23 00:10:11 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar [2011.08.23 00:05:27 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist [2011.08.23 00:05:26 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar [2011.08.23 00:05:26 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe [2011.08.23 00:02:32 | 000,000,222 | ---- | C] () -- C:\WINDOWS\info1 [2011.08.23 00:01:27 | 2124,443,648 | -HS- | C] () -- C:\hiberfil.sys [2011.08.22 23:59:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok [2011.08.22 23:54:46 | 000,001,719 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2011.08.22 23:54:46 | 000,001,575 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2010.10.01 00:51:46 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.08.16 23:41:05 | 000,180,456 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.06.03 11:39:56 | 000,000,144 | ---- | C] () -- C:\WINDOWS\wiso.ini [2009.06.01 21:13:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.06.01 15:36:07 | 000,048,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Manu\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.06.01 11:56:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.06.01 10:25:09 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2009.06.01 10:18:38 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll [2009.04.24 11:56:36 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2009.03.30 18:24:23 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Manu\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.01.29 22:38:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.01.29 22:19:25 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2009.01.29 22:19:25 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2009.01.29 22:19:20 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe [2009.01.29 22:15:42 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL [2009.01.29 22:15:42 | 000,000,173 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.01.29 22:13:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009.01.29 22:13:07 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009.01.29 22:13:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009.01.29 22:13:07 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009.01.29 22:13:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009.01.29 22:13:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009.01.29 22:06:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009.01.29 22:02:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2009.01.29 22:02:08 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009.01.29 22:02:08 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009.01.29 22:02:07 | 000,172,033 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009.01.29 22:02:07 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Atibrtmon.exe [2009.01.29 21:59:34 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2009.01.29 21:59:34 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2009.01.29 21:46:14 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config [2008.10.26 19:38:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\DTS.exe [2008.10.26 19:38:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ADMonitor.exe [2008.03.28 06:51:36 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.01.27 04:25:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.01.27 04:15:11 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.01.27 03:01:44 | 000,463,354 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.01.27 03:01:44 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.01.27 03:01:44 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.01.27 03:01:44 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.01.27 03:01:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.01.27 03:01:21 | 000,444,810 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.01.27 03:01:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.01.27 03:01:21 | 000,072,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.01.27 03:01:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.01.27 03:01:19 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.01.27 03:01:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.01.27 03:01:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006.01.27 03:01:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.01.27 03:01:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.01.27 03:01:02 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.01.27 03:00:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.01.26 19:09:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.01.26 19:08:46 | 000,315,560 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2010.06.03 09:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2009.03.30 17:13:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo [2009.01.29 22:20:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor [2009.04.24 12:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2009.01.29 22:15:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2009.01.29 22:07:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\CachedFiles [2009.07.01 01:14:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\InterVideo [2009.03.30 18:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\Lenovo [2010.10.01 02:10:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\pdfforge [2011.07.10 00:50:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\Search Settings [2011.08.28 09:37:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.01.29 22:18:29 | 000,000,000 | ---D | M] -- C:\AuthLog [2009.04.24 11:52:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2009.01.29 22:21:36 | 000,000,000 | ---D | M] -- C:\drivers [2009.03.30 16:33:16 | 000,000,000 | ---D | M] -- C:\I386 [2009.04.23 15:26:25 | 000,000,000 | ---D | M] -- C:\Icons [2009.01.29 21:54:50 | 000,000,000 | ---D | M] -- C:\Intel [2011.08.28 02:20:54 | 000,000,000 | ---D | M] -- C:\Malwarebytes' Anti-Malware [2009.01.29 22:37:54 | 000,000,000 | ---D | M] -- C:\MFGFLOW [2009.04.16 14:28:06 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.01.29 22:27:45 | 000,000,000 | ---D | M] -- C:\Program Files [2011.08.27 09:41:38 | 000,000,000 | R--D | M] -- C:\Programme [2009.03.30 19:28:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2009.06.08 18:47:33 | 000,000,000 | RHSD | M] -- C:\RRbackups [2009.01.30 06:19:43 | 000,000,000 | ---D | M] -- C:\SUPPORT [2009.06.08 18:15:24 | 000,000,000 | ---D | M] -- C:\SWSHARE [2009.03.30 16:32:23 | 000,000,000 | ---D | M] -- C:\SWTOOLS [2011.08.23 00:21:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.04.16 15:24:40 | 000,000,000 | ---D | M] -- C:\VALUEADD [2011.08.28 06:01:15 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: REGEDIT.EXE > [2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\I386\REGEDIT.EXE [2004.08.04 14:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2005.04.01 20:33:14 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=B0B3908F5432F9DBBCD83CA4C33F0D82 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-23 23:08:30 ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\WINDOWS:E27B79AC2CC91052 < End of report > Und was ich auch schon gemacht habe sind einige Scans mit Malwarebytes. Die Logs von den Scans kann ich auch posten. Habe alle abgespeichert. Seid den Scans läuft der Rechner auch wieder schneller. Aber ich bezweifle, dass der Virus weg ist. Die exe vom Virus hieß übrigens L1rezerv.exe. Ich hoffe mir kann jemand helfen. Vielen Dank schonmal. Gruß Manu PS: Gebt kurz Bescheid, wenn ich die Malwarebytes-Logs posten soll. |
|
28.08.2011, 16:48
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner-Infektion aus FacebookZitat:
__________________ |
|
28.08.2011, 16:52
| #3 | ||||||
| | Trojaner-Infektion aus Facebook Nummer 1:
__________________Zitat:
Nummer 2 Zitat:
Zitat:
Zitat:
Zitat:
Zitat:
|
|
28.08.2011, 17:09
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner-Infektion aus Facebook Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.08.2011, 18:31
| #5 |
| | Trojaner-Infektion aus Facebook Ok, danke! Werde ich gleich machen. Nur noch eine kurze Frage: Dieser Virus hat meine beiden Virenscanner deaktiviert und ich kann sie gar nicht mehr öffnen. Das System findet sie auch nicht mehr. Ich weiß jetzt nicht, ob davon überhaupt noch was exisitert und wie ich die wieder ein- oder ausschalten kann... Hab mir allerdings eine Virensoftware gekauft, aber noch nicht installiert, weil ich dachte, das bringt jetzt nichts. Soll ich die erst installieren? |
|
28.08.2011, 19:55
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner-Infektion aus FacebookZitat:
Ist auch etwas unglücklich, dass du gleich voreilig etwas kaufen musstest! Für reine private Zwecke muss man kein Geld für nen Virenscanner ausgeben! Was hast du dir da jetzt genau gekauft?
__________________ --> Trojaner-Infektion aus Facebook |
|
28.08.2011, 20:06
| #7 |
| | Trojaner-Infektion aus Facebook Kaspersky Internet Security 2012. Hab ich auf anraten von nem Kumpel gekauft... Gut, und meine beiden Virenscanner? Die soll ich für ESET ja ausschalten. Kann ich aber nicht... Was mach ich jetzt? ESET einfach durchführen? |
|
28.08.2011, 20:13
| #8 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner-Infektion aus FacebookZitat:
Suites sind fette Softwarepakete und die allerfeinsten Systembremsen. Hier lesen => Editorial | c't Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.08.2011, 20:16
| #9 |
| | Trojaner-Infektion aus Facebook Ja sollte gehen. Sorry, dass ich nochmal frage, aber was mach ich mit Avira und McAffee? Die kann ich nicht mehr ansteuern... |
|
28.08.2011, 20:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner-Infektion aus Facebook Avira und McAfee nutzt man ja auch nicht zusammen! Da die beiden Scanner jetzt bei der Bereinigung mehr stören könnten, rate ich dir dazu, beide zu deinstallieren. Wenn wir durch sind, solltest du auf Avast oder MS Security Essentials umsteigen - einen der beiden aber erst dann installieren wenn wir hier wirklich fertig sind!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.08.2011, 20:40
| #11 |
| | Trojaner-Infektion aus Facebook Erledigt. Die waren wohl schon deinstalliert. Ich werde jetzt diesen ESET Scan durchführen. |
|
28.08.2011, 21:39
| #12 |
| | Trojaner-Infektion aus Facebook Das dauert |
|
28.08.2011, 22:51
| #13 | |
| | Trojaner-Infektion aus Facebook So hier ist das log vom ESET: Zitat:
|
|
29.08.2011, 10:04
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner-Infektion aus Facebook Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - [2011.06.24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
SRV - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
[2010.02.19 23:16:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Manu\Anwendungsdaten\Mozilla\Firefox\Profiles\jxm42qss.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] File not found
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{061fa66c-d3cd-11de-bd4d-002186ff0313}\Shell - "" = AutoRun
O33 - MountPoints2\{061fa66c-d3cd-11de-bd4d-002186ff0313}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{061fa66c-d3cd-11de-bd4d-002186ff0313}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{ec7e5a81-33d1-11e0-befb-002186ff0313}\Shell\AutoRun\command - "" = G:\RavMon.exe
O33 - MountPoints2\{ec7e5a81-33d1-11e0-befb-002186ff0313}\Shell\explore\Command - "" = G:\RavMon.exe -e
O33 - MountPoints2\{ec7e5a81-33d1-11e0-befb-002186ff0313}\Shell\open\Command - "" = G:\RavMon.exe
[2011.08.23 00:10:12 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.08.23 00:10:12 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.08.23 00:10:11 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.08.23 00:02:32 | 000,000,222 | ---- | C] () -- C:\WINDOWS\info1
[2011.08.22 23:59:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:E27B79AC2CC91052
:Files
C:\Programme\Application Updater
C:\Programme\Gemeinsame Dateien\Spigot
C:\WINDOWS\Temp\1150781195.exe
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.08.2011, 19:18
| #15 | |
| | Trojaner-Infektion aus Facebook Hier ist das Log vom OTL Fix: Zitat:
|
|
| Themen zu Trojaner-Infektion aus Facebook |
| 0x00000001, avg, avira, bho, branding, c:\windows\system32\rundll32.exe, einstellungen, error, explorer, firefox, fontcache, format, homepage, hotkey, lenovo, logfile, malwarebytes, microsoft, monitor, plug-in, realtek, registry, rundll, security, security scan, security update, senden, software, trojaner, virus, wallpaper, winlogon, winlogon.exe |
Linear-Darstellung
