| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner, selber versucht zu löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.01.2013, 13:55
| #1 |
 |  GVU Trojaner, selber versucht zu löschen Moin! Meine Freundin hat mir den GVU Trojaner auf mein Thinkpad Edge gehaun (Win XP Professional).. habe versucht ihn nach anleitungen im netz via Kaspersky Rescuedisk 10 sowie durch löschen von DisableRegistryTools zu bearbeiten... hat natürlich nicht funktioniert. Ich komme nurnoch über den Admin im Abgesicherten Modus rein mein User ist in jedem Modus befallen. OTL Code:
ATTFilter OTL logfile created on: 15.01.2013 23:39:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,75 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 86,19% Memory free 3,60 Gb Paging File | 3,54 Gb Available in Paging File | 98,23% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298,08 Gb Total Space | 2,17 Gb Free Space | 0,73% Space Free | Partition Type: NTFS Drive F: | 1,82 Gb Total Space | 1,82 Gb Free Space | 99,96% Space Free | Partition Type: FAT Computer Name: MAGIC-232F6A806 | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.15 23:35:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\Thure\wgsdgsdgdsgsd.exe -- (winmgmt) SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.12.22 20:07:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 01:18:35 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.12.18 01:17:31 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.11.22 00:13:25 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.23 13:25:24 | 000,087,040 | ---- | M] () [Auto | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012.02.14 00:26:45 | 000,072,704 | ---- | M] (Adobe Systems) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2011.06.29 12:01:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.05.25 13:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.04.19 00:39:00 | 000,143,360 | ---- | M] () [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2011.04.19 00:39:00 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2010.10.19 13:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.10.19 13:16:10 | 000,966,656 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2010.10.19 13:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.09.22 13:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2010.08.19 09:52:04 | 000,229,376 | ---- | M] () [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe -- (DCService.exe) SRV - [2010.06.25 12:13:48 | 000,332,536 | ---- | M] (QUALCOMM, Inc.) [Auto | Stopped] -- C:\Programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) SRV - [2010.02.19 03:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2005.03.01 09:45:30 | 000,327,680 | ---- | M] (Siemens) [On_Demand | Stopped] -- C:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe -- (xControlCOM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Thure\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Thure\LOKALE~1\Temp\ATICDSDr.sys -- (ATICDSDr) DRV - [2012.12.18 01:18:44 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.12.18 01:18:44 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.11.17 21:58:43 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.02.15 04:49:00 | 000,023,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\atidcmxx.sys -- (AtiDCM) DRV - [2011.04.19 00:39:00 | 000,012,144 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2010.09.23 08:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2010.09.16 18:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2010.08.27 12:53:32 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2010.08.07 16:48:30 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.07.30 17:11:06 | 001,053,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8192Ce.sys -- (RTL8192Ce) DRV - [2010.07.27 14:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.07.27 08:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.07.06 21:27:54 | 005,069,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2010.06.23 12:56:40 | 001,929,344 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService) DRV - [2010.06.22 17:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.06.17 16:18:24 | 000,193,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2010.05.19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2010.05.17 07:04:06 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.04.29 04:43:22 | 000,030,464 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.09.18 12:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2009.06.10 14:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2008.07.24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008.05.12 17:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2008.02.04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007.04.16 15:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2005.03.01 09:46:56 | 000,053,632 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gigusb.sys -- (Gigusb) DRV - [2005.03.01 09:36:02 | 000,008,448 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DectEnum.sys -- (DectEnum) DRV - [2005.03.01 09:33:18 | 000,113,408 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\siellif.sys -- (siellif) DRV - [2004.09.08 14:22:04 | 000,050,759 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IUAPIWDM.sys -- (IUAPIWDM) DRV - [2004.09.08 14:22:02 | 000,263,751 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hrcmpa.sys -- (HRCMPA) DRV - [2003.05.14 09:57:02 | 000,090,357 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P1110Vid.sys -- (P1110VID) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.12.22 20:07:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.04.27 10:40:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2012.02.13 13:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.13 15:06:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.14 09:10:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\updated\extensions [2013.01.14 09:10:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.14 09:11:15 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.12.22 20:07:32 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.12.22 20:07:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.14 00:14:34 | 000,002,288 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.12.22 20:07:24 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.12.22 20:07:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.12.22 20:07:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.22 20:07:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.22 20:07:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOKUME~1\Thure\ANWEND~1\MEDIAF~1\EXTENS~1\GENCRA~1.DLL File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SerExt] C:\WINDOWS\System32\SerExt.exe (Siemens AG) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7042021-79E4-4E36-A853-3C0DF04645D4}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.06.24 21:19:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.15 23:37:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.01.15 23:26:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2013.01.14 19:09:20 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013.01.14 17:02:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira [2012.12.30 17:45:03 | 000,000,000 | ---D | C] -- C:\Programme\Battlefield.1942.PC.Game(djDEVASTATE™) [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.15 23:38:19 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2013.01.15 23:35:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2013.01.15 23:35:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.15 23:33:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2013.01.15 23:27:10 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2013.01.15 23:27:01 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2013.01.15 12:34:10 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.01.14 16:54:07 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rifbrico.dat [2013.01.14 09:48:06 | 000,002,953 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js [2013.01.14 09:19:04 | 000,001,228 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1958367476-1417001333-1003UA.job [2013.01.14 08:57:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.10 23:02:04 | 000,518,840 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.10 23:02:04 | 000,494,406 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.10 23:02:04 | 000,102,070 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.10 23:02:04 | 000,085,234 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.12.30 18:19:02 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1958367476-1417001333-1003Core.job [2012.12.22 20:04:57 | 003,673,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.22 04:37:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.18 01:18:44 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys [2012.12.18 01:18:44 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.15 23:38:19 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable [2013.01.15 23:37:47 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Defogger.exe [2013.01.14 16:54:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rifbrico.dat [2013.01.14 09:48:06 | 000,002,953 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js [2013.01.14 09:47:56 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad [2012.02.15 03:44:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.02.15 03:44:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.02.15 03:44:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.02.15 03:44:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.02.15 03:44:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.02.15 02:56:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.08.12 11:13:13 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.06.29 12:10:50 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2011.06.25 10:50:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.06.24 22:59:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2011.06.24 22:59:42 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.06.24 22:59:41 | 000,205,156 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.06.24 22:59:41 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2011.06.24 22:52:45 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe [2011.06.24 22:19:22 | 000,102,070 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2011.06.24 22:19:22 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2011.06.24 22:19:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2011.06.24 22:19:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2011.06.24 22:19:21 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2011.06.24 22:19:21 | 000,085,234 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2011.06.24 22:19:20 | 000,518,840 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2011.06.24 22:19:20 | 000,494,406 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2011.06.24 22:14:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2011.06.24 22:14:13 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2011.06.24 22:13:05 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2011.06.24 22:11:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2011.06.24 22:10:17 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2011.06.24 22:09:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2011.06.24 22:09:58 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2011.06.24 22:09:06 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2011.06.24 22:08:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.06.24 22:08:02 | 003,673,752 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.06.24 21:21:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011.06.24 21:16:39 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat ========== ZeroAccess Check ========== [2011.06.24 22:58:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2011.11.01 21:35:05 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.02.14 00:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2011.08.15 11:29:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService [2011.06.24 22:47:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QUALCOMM [2012.02.13 13:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2011.07.17 11:49:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.01.2013 23:39:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,75 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 86,19% Memory free
3,60 Gb Paging File | 3,54 Gb Available in Paging File | 98,23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 2,17 Gb Free Space | 0,73% Space Free | Partition Type: NTFS
Drive F: | 1,82 Gb Total Space | 1,82 Gb Free Space | 99,96% Space Free | Partition Type: FAT
Computer Name: MAGIC-232F6A806 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\my moments\Fotobuch.exe" = C:\Programme\my moments\Fotobuch.exe:*:Enabled:my moments Fotobuch -- (tweerlei Wruck + Buchmeier GbR)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Dokumente und Einstellungen\Thure\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\Thure\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CC9F819-DF47-70BA-A0C3-D8D042FBEC62}" = CCC Help Portuguese
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FA7C671-1916-41C2-8D10-FA1626004C1B}" = OpenOffice.org 3.3 Language Pack (French)
"{0FF88DC9-658E-466C-BEEC-5A6C7B53BDC3}" = Qualcomm Gobi 2000 Package for Lenovo
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1770BF50-58CE-55A2-593A-63BDA88F4E5F}" = CCC Help Spanish
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EA17545-85C3-F6CA-5689-E22FD43AD32C}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24AC75F0-8819-08AB-6E35-3BA31224A2CE}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{325AC911-74BA-62AB-D207-55C8F8517B25}" = Catalyst Control Center Localization All
"{35594B3E-7810-5857-F1A9-143FC0F2A171}" = CCC Help Polish
"{3A8AD60A-88A5-935F-7A49-5D8E5E16090F}" = CCC Help Chinese Traditional
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{525DB307-C8C5-2047-4B3E-D05A19A23008}" = CCC Help Chinese Standard
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5404B2B5-2270-B794-A533-EAA72D25C39B}" = CCC Help English
"{5453403C-91EF-A2AF-4163-0C292E7FA985}" = CCC Help Russian
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{551C7728-EA74-F67B-A68B-3B94A2CA12DB}" = CCC Help Finnish
"{556B23E2-30FF-4133-98F4-014943322F2B}" = ThinkPad Wireless LAN Adapter Software
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57858BAB-CC5F-B4BF-ACB7-C331DE42E86E}" = ccc-core-static
"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding
"{5BDFDDCE-9357-E4AD-A617-FEE5540B19A6}" = Catalyst Control Center InstallProxy
"{5DBE3E2C-25EA-C1A8-3FA6-AE8296127EC2}" = simfy
"{62C7888B-62C0-5B17-C25D-CFAD50FC9B6B}" = CCC Help Japanese
"{6356FF4B-19E1-5675-A6DE-30E7D7A7AA80}" = CCC Help Greek
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DA6F64D-B65D-4EB0-71CF-CA124BEC6CC4}" = CCC Help Korean
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A3F28F-0817-0EDE-5257-827789FD1686}" = Skins
"{71EF61F6-CDE7-846B-106E-C715BF74413A}" = ccc-utility
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7E7C9FB7-711A-4FF0-B22F-42BD08652096}" = talk&surf 6.0
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B9B8481-5BC3-12DD-A45C-B9E6622569BD}" = CCC Help Czech
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92739482-9BAC-7B22-5845-8078FF9C0D5D}" = CCC Help French
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A1BBB244-E62C-6231-E177-47E741F01824}" = ATI Catalyst Install Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A33FE0C8-024F-C7AA-616E-9BAC7E3970B6}" = CCC Help Turkish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CD1ADF68-16B1-295F-CF57-DCBC9ECE3F32}" = CCC Help Thai
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D73D5873-37CF-9A0D-148A-D699981188A4}" = CCC Help German
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE6DE775-094F-43C1-8AAF-F67C6A753292}" = Gigaset SX2x5isdn / 417x / 307x
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E314E23B-AB09-BDAF-9AD7-F116B46793E6}" = CCC Help Danish
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E91EA141-BA9B-DC39-DB3F-7372B6D940A6}" = CCC Help Hungarian
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EA85D4A0-E221-F4EB-2F62-2D977520446B}" = CCC Help Dutch
"{EFDC6B07-12C8-4049-8DE5-0B2EC63F953C}" = CCC Help Swedish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F8F28729-B336-492C-B4FD-53A9BBDF0482}" = Intel(R) PROSet/Wireless WiFi-Software
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"All ATI Software" = ATI - Software Uninstall Utility
"Avira AntiVir Desktop" = Avira Free Antivirus
"CNXT_AUDIO_HDA" = Conexant CX20582 SmartAudio HD
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Creative PD1110" = Creative WebCam NX Driver (1.02.01.0827)
"Free Studio_is1" = Free Studio version 5.4.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 3.10.00.00
"ie8" = Windows Internet Explorer 8
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MobilityDotNET" = DH Mobility Modder.NET
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Optus Mobile Broadband" = Optus Mobile Broadband
"Power Management Driver" = IBM ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"Simfy" = simfy
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"VLC media player" = VLC media player 1.1.10
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMFDist11" = Windows Media Format 11 runtime
"WorldUnlock Codes Calculator" = WorldUnlock Codes Calculator
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.12.2012 12:26:14 | Computer Name = MAGIC-232F6A806 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung thunderbird.exe, Version 12.0.0.4501, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x00048b76.
Error - 30.12.2012 12:33:20 | Computer Name = MAGIC-232F6A806 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul shlwapi.dll, Version 6.0.2900.5912, Fehleradresse 0x000592d7.
Error - 30.12.2012 13:47:29 | Computer Name = MAGIC-232F6A806 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung age of empires 2 setup.exe, Version 0.0.0.0,
fehlgeschlagenes Modul age of empires 2 setup.exe, Version 0.0.0.0, Fehleradresse
0x0013c4e2.
Error - 30.12.2012 19:19:05 | Computer Name = MAGIC-232F6A806 | Source = Google Update | ID = 20
Description =
Error - 02.01.2013 19:02:41 | Computer Name = MAGIC-232F6A806 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 8.1.0.137, fehlgeschlagenes
Modul icuuc34.dll, Version 3.4.0.0, Fehleradresse 0x0000eba3.
Error - 02.01.2013 19:18:37 | Computer Name = MAGIC-232F6A806 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 6.0.0.126, fehlgeschlagenes
Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x0000984e.
Error - 09.01.2013 18:21:13 | Computer Name = MAGIC-232F6A806 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung thunderbird.exe, Version 12.0.0.4501, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.6195, Fehleradresse 0x00048b76.
Error - 10.01.2013 18:19:43 | Computer Name = MAGIC-232F6A806 | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 14.01.2013 04:49:41 | Computer Name = MAGIC-232F6A806 | Source = MsiInstaller | ID = 11609
Description =
Error - 14.01.2013 04:49:46 | Computer Name = MAGIC-232F6A806 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 8.1.0.137, fehlgeschlagenes
Modul icuuc34.dll, Version 3.4.0.0, Fehleradresse 0x0000eba3.
[ System Events ]
Error - 15.01.2013 18:28:23 | Computer Name = MAGIC-232F6A806 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 15.01.2013 18:28:53 | Computer Name = MAGIC-232F6A806 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 15.01.2013 18:29:23 | Computer Name = MAGIC-232F6A806 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 15.01.2013 18:29:53 | Computer Name = MAGIC-232F6A806 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 15.01.2013 18:30:23 | Computer Name = MAGIC-232F6A806 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 15.01.2013 18:30:53 | Computer Name = MAGIC-232F6A806 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 15.01.2013 18:31:23 | Computer Name = MAGIC-232F6A806 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 15.01.2013 18:36:25 | Computer Name = MAGIC-232F6A806 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 15.01.2013 18:36:33 | Computer Name = MAGIC-232F6A806 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 15.01.2013 18:37:37 | Computer Name = MAGIC-232F6A806 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
Ich hatte vor ca. einem Jahr in Australien schonmal einen Virus mit dem sich ein Programmierer in meiner damaligen Firma schon einmal beschäftigt hatte, ich habe keine ahnung ob dort noch restfolgen sind (Damals ging die Tastatur nichtmehr) Schonmal danke im vorraus! Ich hoffe ihr könnt mein Netbook mit ca. 6000 Urlaubsfotos zurück holen... meine Freundin hat Computerverbot, zumindest auf meinen. |
|
16.01.2013, 14:12
| #2 |
| /// Malware-holic   | GVU Trojaner, selber versucht zu löschen hi
__________________wieso wurde combofix ausgeführt, hättest du die anleitungen gelesen, hättest du gesehen das da ausdrücklich gewarnt wird, reiche das Log nach. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2013.01.14 09:48:06 | 000,002,953 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.js
[2013.01.14 09:47:56 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dsgsdgdsgdsgw.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ |
|
16.01.2013, 14:27
| #3 |
| | GVU Trojaner, selber versucht zu löschen Hab das gelesen mit combofix, deshalb hab ich das auch nicht aktiv gemacht. das muss wenn dann unbeabsichtigt passiert sein bzw. ist es möglich das es damals vor einem jahr genutzt wurde? Oder durch die Rescuedisk?
__________________Wie bekomm ich das Log wenn ich Combofix garnicht aktiv benutzt habe? Fix hab ich gedrückt, Neustart hat auch geklappt, finde aber kein neues Textdokument. Die Alten Logs OTL.txt, Extras.txt sowie gmer.log (leer) sind noch auf dem Desktop, is das in einer von den Dateien mit drin?! |
|
16.01.2013, 14:45
| #4 |
| /// Malware-holic | GVU Trojaner, selber versucht zu löschen ok, dann ist das combofix noch von damals drauf, machen wir erst mal damit weiter: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhal posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.01.2013, 14:59
| #5 |
| | GVU Trojaner, selber versucht zu löschen Bitteschöön  Code:
ATTFilter 14:54:50.0015 1116 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
14:54:50.0125 1116 ============================================================
14:54:50.0125 1116 Current date / time: 2013/01/16 14:54:50.0125
14:54:50.0125 1116 SystemInfo:
14:54:50.0125 1116
14:54:50.0125 1116 OS Version: 5.1.2600 ServicePack: 3.0
14:54:50.0125 1116 Product type: Workstation
14:54:50.0125 1116 ComputerName: MAGIC-232F6A806
14:54:50.0125 1116 UserName: Administrator
14:54:50.0125 1116 Windows directory: C:\WINDOWS
14:54:50.0125 1116 System windows directory: C:\WINDOWS
14:54:50.0125 1116 Processor architecture: Intel x86
14:54:50.0125 1116 Number of processors: 1
14:54:50.0125 1116 Page size: 0x1000
14:54:50.0125 1116 Boot type: Safe boot
14:54:50.0125 1116 ============================================================
14:54:55.0921 1116 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:54:55.0937 1116 Drive \Device\Harddisk1\DR4 - Size: 0x749DA000 (1.82 Gb), SectorSize: 0x200, Cylinders: 0xED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:54:55.0937 1116 ============================================================
14:54:55.0937 1116 \Device\Harddisk0\DR0:
14:54:55.0937 1116 MBR partitions:
14:54:55.0937 1116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
14:54:55.0937 1116 \Device\Harddisk1\DR4:
14:54:55.0937 1116 MBR partitions:
14:54:55.0937 1116 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3A4E91
14:54:55.0937 1116 ============================================================
14:54:56.0015 1116 C: <-> \Device\Harddisk0\DR0\Partition1
14:54:56.0218 1116 ============================================================
14:54:56.0218 1116 Initialize success
14:54:56.0218 1116 ============================================================
14:55:17.0703 1136 ============================================================
14:55:17.0703 1136 Scan started
14:55:17.0703 1136 Mode: Manual; SigCheck;
14:55:17.0703 1136 ============================================================
14:55:19.0359 1136 ================ Scan system memory ========================
14:55:19.0359 1136 System memory - ok
14:55:19.0406 1136 ================ Scan services =============================
14:55:20.0562 1136 Abiosdsk - ok
14:55:20.0671 1136 abp480n5 - ok
14:55:21.0046 1136 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:55:28.0093 1136 ACPI - ok
14:55:28.0187 1136 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:55:28.0375 1136 ACPIEC - ok
14:55:28.0593 1136 [ F3463E6967C3C396921551C0CDC633C1 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
14:55:28.0640 1136 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
14:55:28.0640 1136 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
14:55:28.0765 1136 adpu160m - ok
14:55:28.0953 1136 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:55:29.0281 1136 aec - ok
14:55:29.0421 1136 [ B8A5AE35B5BBB8E0DBD6689BB3261FEB ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
14:55:29.0484 1136 AegisP ( UnsignedFile.Multi.Generic ) - warning
14:55:29.0484 1136 AegisP - detected UnsignedFile.Multi.Generic (1)
14:55:29.0687 1136 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:55:29.0906 1136 AFD - ok
14:55:29.0953 1136 Aha154x - ok
14:55:30.0046 1136 aic78u2 - ok
14:55:30.0140 1136 aic78xx - ok
14:55:30.0234 1136 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:55:30.0437 1136 Alerter - ok
14:55:30.0546 1136 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
14:55:30.0656 1136 ALG - ok
14:55:30.0703 1136 AliIde - ok
14:55:30.0812 1136 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
14:55:30.0937 1136 AmdPPM - ok
14:55:31.0031 1136 amsint - ok
14:55:31.0390 1136 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
14:55:31.0656 1136 AntiVirSchedulerService - ok
14:55:31.0828 1136 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
14:55:31.0890 1136 AntiVirService - ok
14:55:32.0078 1136 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:55:32.0125 1136 Apple Mobile Device - ok
14:55:32.0312 1136 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:55:32.0609 1136 AppMgmt - ok
14:55:32.0656 1136 asc - ok
14:55:32.0718 1136 asc3350p - ok
14:55:32.0812 1136 asc3550 - ok
14:55:33.0187 1136 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:55:33.0328 1136 aspnet_state - ok
14:55:33.0468 1136 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:55:33.0625 1136 AsyncMac - ok
14:55:33.0765 1136 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:55:33.0953 1136 atapi - ok
14:55:34.0031 1136 Atdisk - ok
14:55:34.0578 1136 [ 327EAC8C955C19D3F6384CE3AAB5ED31 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
14:55:35.0328 1136 Ati HotKey Poller - ok
14:55:38.0406 1136 [ 1D99D1B43638E31EA5CF4A8FD199762B ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:55:44.0656 1136 ati2mtag - ok
14:55:44.0843 1136 ATICDSDr - ok
14:55:45.0015 1136 AtiDCM - ok
14:55:45.0359 1136 [ 7E13F3F0F4C4C337A6949A18D1D23089 ] AtiHdmiService C:\WINDOWS\system32\drivers\AtiHdmi.sys
14:55:46.0015 1136 AtiHdmiService - ok
14:55:46.0125 1136 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:55:46.0328 1136 Atmarpc - ok
14:55:46.0531 1136 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:55:46.0671 1136 AudioSrv - ok
14:55:46.0781 1136 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:55:46.0921 1136 audstub - ok
14:55:47.0140 1136 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:55:47.0218 1136 avgntflt - ok
14:55:47.0375 1136 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:55:47.0500 1136 avipbb - ok
14:55:47.0625 1136 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
14:55:47.0671 1136 avkmgr - ok
14:55:47.0875 1136 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:55:48.0000 1136 Beep - ok
14:55:48.0437 1136 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
14:55:49.0140 1136 BITS - ok
14:55:49.0593 1136 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
14:55:50.0046 1136 Bonjour Service - ok
14:55:50.0234 1136 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
14:55:50.0406 1136 Browser - ok
14:55:50.0828 1136 [ 9E8CF88D340E32FCB3C53955B2DF388F ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
14:55:51.0375 1136 btaudio - ok
14:55:51.0500 1136 [ 2F9F111D31AA3FBBE5781D829A4524E6 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
14:55:51.0578 1136 BTDriver - ok
14:55:52.0281 1136 [ D26B5B9A40A2B2191B35C76D5CBF5D2A ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
14:55:53.0500 1136 BTKRNL - ok
14:55:53.0875 1136 [ C261E704B5558BA04DD643A0D998327D ] btwdins C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
14:55:54.0343 1136 btwdins - ok
14:55:54.0531 1136 [ 485020A1E1FC5C51A800CA69C618D881 ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
14:55:54.0703 1136 BTWDNDIS - ok
14:55:54.0843 1136 [ 7696F6F2E63086EEEDB76B71BB7BB455 ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
14:55:54.0890 1136 BTWUSB - ok
14:55:54.0937 1136 catchme - ok
14:55:55.0078 1136 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:55:55.0281 1136 cbidf2k - ok
14:55:55.0453 1136 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:55:55.0625 1136 CCDECODE - ok
14:55:55.0718 1136 cd20xrnt - ok
14:55:55.0859 1136 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:55:56.0046 1136 Cdaudio - ok
14:55:56.0171 1136 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:55:56.0390 1136 Cdfs - ok
14:55:56.0546 1136 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:55:56.0687 1136 Cdrom - ok
14:55:56.0796 1136 Changer - ok
14:55:56.0921 1136 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:55:57.0078 1136 CiSvc - ok
14:55:57.0171 1136 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:55:57.0375 1136 ClipSrv - ok
14:55:57.0578 1136 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:55:57.0843 1136 clr_optimization_v2.0.50727_32 - ok
14:55:58.0000 1136 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:55:58.0265 1136 clr_optimization_v4.0.30319_32 - ok
14:55:58.0359 1136 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:55:58.0562 1136 CmBatt - ok
14:55:58.0609 1136 CmdIde - ok
14:55:59.0937 1136 [ 77D1BFC6DFC833C96765618F59CBC0C6 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDAU32.sys
14:56:02.0328 1136 CnxtHdAudService - ok
14:56:02.0421 1136 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:56:02.0625 1136 Compbatt - ok
14:56:02.0671 1136 COMSysApp - ok
14:56:02.0875 1136 Cpqarray - ok
14:56:03.0031 1136 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:56:03.0203 1136 CryptSvc - ok
14:56:03.0250 1136 dac2w2k - ok
14:56:03.0312 1136 dac960nt - ok
14:56:03.0656 1136 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:56:04.0218 1136 DcomLaunch - ok
14:56:04.0562 1136 [ 3B604417EBAE4E1E66E6ABD8CC55FD76 ] DCService.exe C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe
14:56:04.0765 1136 DCService.exe ( UnsignedFile.Multi.Generic ) - warning
14:56:04.0765 1136 DCService.exe - detected UnsignedFile.Multi.Generic (1)
14:56:04.0906 1136 [ 446F9B01D0892191048497322AA26E40 ] DectEnum C:\WINDOWS\system32\Drivers\DectEnum.sys
14:56:04.0937 1136 DectEnum ( UnsignedFile.Multi.Generic ) - warning
14:56:04.0937 1136 DectEnum - detected UnsignedFile.Multi.Generic (1)
14:56:05.0078 1136 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:56:05.0328 1136 Dhcp - ok
14:56:05.0453 1136 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:56:05.0625 1136 Disk - ok
14:56:05.0687 1136 dmadmin - ok
14:56:06.0296 1136 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:56:07.0296 1136 dmboot - ok
14:56:07.0468 1136 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:56:07.0765 1136 dmio - ok
14:56:07.0843 1136 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:56:08.0015 1136 dmload - ok
14:56:08.0203 1136 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:56:08.0328 1136 dmserver - ok
14:56:08.0406 1136 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:56:08.0640 1136 DMusic - ok
14:56:08.0765 1136 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:56:08.0937 1136 Dnscache - ok
14:56:09.0156 1136 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:56:09.0359 1136 Dot3svc - ok
14:56:09.0421 1136 dpti2o - ok
14:56:09.0578 1136 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:56:09.0703 1136 drmkaud - ok
14:56:09.0859 1136 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:56:10.0109 1136 EapHost - ok
14:56:10.0218 1136 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:56:10.0421 1136 ERSvc - ok
14:56:10.0640 1136 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
14:56:10.0734 1136 Eventlog - ok
14:56:10.0984 1136 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
14:56:11.0234 1136 EventSystem - ok
14:56:11.0843 1136 [ 33ABDDB21DE2F4BB1B05A5A3A671BD64 ] EvtEng C:\Programme\Intel\WiFi\bin\EvtEng.exe
14:56:12.0890 1136 EvtEng - ok
14:56:13.0093 1136 [ A52794C010C6DF5B4BC70C4AB5E04088 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
14:56:13.0296 1136 ewusbnet - ok
14:56:13.0500 1136 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
14:56:13.0640 1136 ew_hwusbdev - ok
14:56:13.0875 1136 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:56:14.0109 1136 Fastfat - ok
14:56:14.0375 1136 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:56:14.0609 1136 FastUserSwitchingCompatibility - ok
14:56:14.0734 1136 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
14:56:14.0937 1136 Fdc - ok
14:56:15.0015 1136 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:56:15.0234 1136 Fips - ok
14:56:15.0703 1136 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:56:16.0468 1136 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:56:16.0468 1136 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:56:16.0609 1136 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:56:16.0812 1136 Flpydisk - ok
14:56:17.0078 1136 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:56:17.0296 1136 FltMgr - ok
14:56:17.0609 1136 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:56:17.0656 1136 FontCache3.0.0.0 - ok
14:56:17.0750 1136 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:56:18.0031 1136 Fs_Rec - ok
14:56:18.0156 1136 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:56:18.0437 1136 Ftdisk - ok
14:56:18.0531 1136 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:56:18.0578 1136 GEARAspiWDM - ok
14:56:18.0718 1136 [ 5EC1AEA1364DA15BAF7CDD83A3F3CB0D ] Gigusb C:\WINDOWS\system32\Drivers\Gigusb.sys
14:56:18.0765 1136 Gigusb ( UnsignedFile.Multi.Generic ) - warning
14:56:18.0765 1136 Gigusb - detected UnsignedFile.Multi.Generic (1)
14:56:18.0843 1136 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:56:19.0062 1136 Gpc - ok
14:56:19.0343 1136 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:56:19.0515 1136 HDAudBus - ok
14:56:19.0718 1136 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:56:19.0937 1136 helpsvc - ok
14:56:19.0984 1136 HidServ - ok
14:56:20.0078 1136 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:56:20.0218 1136 HidUsb - ok
14:56:20.0328 1136 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:56:20.0546 1136 hkmsvc - ok
14:56:20.0593 1136 hpn - ok
14:56:20.0843 1136 [ 3CA6111453436CAF0681F343D5F0000C ] HRCMPA C:\WINDOWS\system32\DRIVERS\hrcmpa.sys
14:56:21.0046 1136 HRCMPA ( UnsignedFile.Multi.Generic ) - warning
14:56:21.0046 1136 HRCMPA - detected UnsignedFile.Multi.Generic (1)
14:56:21.0218 1136 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
14:56:21.0375 1136 HTCAND32 - ok
14:56:21.0546 1136 [ 04E3B3554076B8192A668EFE88A682A1 ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys
14:56:21.0640 1136 htcnprot - ok
14:56:21.0875 1136 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:56:22.0156 1136 HTTP - ok
14:56:22.0234 1136 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:56:22.0421 1136 HTTPFilter - ok
14:56:22.0609 1136 [ 92548543D50C9BCCDB31FFB7EC39249D ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
14:56:23.0109 1136 huawei_enumerator - ok
14:56:23.0375 1136 [ 1F40368DC40B17DE3FA0FBE8A9D82F9E ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
14:56:23.0609 1136 hwdatacard - ok
14:56:23.0703 1136 hwusbdev - ok
14:56:23.0796 1136 i2omgmt - ok
14:56:23.0890 1136 i2omp - ok
14:56:24.0062 1136 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:56:24.0265 1136 i8042prt - ok
14:56:24.0421 1136 [ 293131C1DA5F53CB05F75D637739D79C ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
14:56:24.0484 1136 IBMPMDRV - ok
14:56:24.0609 1136 [ 91FA023C5203503776BCCC9CF96A0C59 ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
14:56:24.0703 1136 IBMPMSVC - ok
14:56:25.0500 1136 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:56:26.0640 1136 idsvc - ok
14:56:26.0734 1136 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:56:27.0000 1136 Imapi - ok
14:56:27.0171 1136 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
14:56:27.0421 1136 ImapiService - ok
14:56:27.0531 1136 ini910u - ok
14:56:27.0625 1136 IntelIde - ok
14:56:27.0765 1136 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:56:28.0015 1136 Ip6Fw - ok
14:56:28.0109 1136 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:56:28.0343 1136 IpFilterDriver - ok
14:56:28.0406 1136 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:56:28.0625 1136 IpInIp - ok
14:56:28.0765 1136 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:56:29.0140 1136 IpNat - ok
14:56:29.0734 1136 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Programme\iPod\bin\iPodService.exe
14:56:30.0718 1136 iPod Service - ok
14:56:30.0875 1136 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:56:31.0125 1136 IPSec - ok
14:56:31.0265 1136 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:56:31.0375 1136 IRENUM - ok
14:56:31.0515 1136 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:56:31.0734 1136 isapnp - ok
14:56:31.0968 1136 [ BA82938F02E7DEFFD2B33C8E56348F68 ] IUAPIWDM C:\WINDOWS\system32\DRIVERS\IUAPIWDM.sys
14:56:32.0046 1136 IUAPIWDM ( UnsignedFile.Multi.Generic ) - warning
14:56:32.0046 1136 IUAPIWDM - detected UnsignedFile.Multi.Generic (1)
14:56:32.0390 1136 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
14:56:32.0562 1136 JavaQuickStarterService - ok
14:56:32.0718 1136 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:56:32.0875 1136 Kbdclass - ok
14:56:32.0968 1136 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:56:33.0171 1136 kbdhid - ok
14:56:33.0375 1136 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:56:33.0656 1136 kmixer - ok
14:56:33.0796 1136 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:56:34.0078 1136 KSecDD - ok
14:56:34.0281 1136 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
14:56:34.0453 1136 LanmanServer - ok
14:56:34.0640 1136 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:56:34.0875 1136 lanmanworkstation - ok
14:56:34.0921 1136 lbrtfdc - ok
14:56:35.0109 1136 [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi C:\WINDOWS\system32\DRIVERS\smiif32.sys
14:56:35.0156 1136 lenovo.smi - ok
14:56:35.0328 1136 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:56:35.0484 1136 LmHosts - ok
14:56:35.0593 1136 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:56:35.0812 1136 Messenger - ok
14:56:35.0906 1136 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:56:36.0093 1136 mnmdd - ok
14:56:36.0203 1136 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:56:36.0390 1136 mnmsrvc - ok
14:56:36.0500 1136 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:56:36.0687 1136 Modem - ok
14:56:36.0859 1136 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:56:37.0015 1136 Mouclass - ok
14:56:37.0156 1136 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:56:37.0281 1136 mouhid - ok
14:56:37.0406 1136 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:56:37.0562 1136 MountMgr - ok
14:56:37.0781 1136 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
14:56:37.0921 1136 MozillaMaintenance - ok
14:56:37.0968 1136 mraid35x - ok
14:56:38.0171 1136 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:56:38.0468 1136 MRxDAV - ok
14:56:38.0796 1136 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:56:39.0343 1136 MRxSmb - ok
14:56:39.0453 1136 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:56:39.0562 1136 MSDTC - ok
14:56:39.0734 1136 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:56:39.0906 1136 Msfs - ok
14:56:39.0953 1136 MSIServer - ok
14:56:40.0031 1136 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:56:40.0187 1136 MSKSSRV - ok
14:56:40.0343 1136 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:56:40.0453 1136 MSPCLOCK - ok
14:56:40.0640 1136 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:56:40.0828 1136 MSPQM - ok
14:56:41.0000 1136 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:56:41.0156 1136 mssmbios - ok
14:56:41.0328 1136 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
14:56:41.0500 1136 MSTEE - ok
14:56:41.0687 1136 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:56:41.0859 1136 Mup - ok
14:56:41.0968 1136 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:56:42.0218 1136 NABTSFEC - ok
14:56:42.0468 1136 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
14:56:42.0843 1136 napagent - ok
14:56:43.0140 1136 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:56:43.0406 1136 NDIS - ok
14:56:43.0468 1136 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:56:43.0687 1136 NdisIP - ok
14:56:43.0765 1136 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:56:43.0906 1136 NdisTapi - ok
14:56:44.0015 1136 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:56:44.0218 1136 Ndisuio - ok
14:56:44.0390 1136 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:56:44.0593 1136 NdisWan - ok
14:56:44.0781 1136 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:56:44.0890 1136 NDProxy - ok
14:56:45.0000 1136 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:56:45.0218 1136 NetBIOS - ok
14:56:45.0406 1136 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:56:45.0671 1136 NetBT - ok
14:56:45.0828 1136 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
14:56:46.0109 1136 NetDDE - ok
14:56:46.0218 1136 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:56:46.0375 1136 NetDDEdsdm - ok
14:56:46.0453 1136 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:56:46.0593 1136 Netlogon - ok
14:56:46.0875 1136 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
14:56:47.0187 1136 Netman - ok
14:56:47.0437 1136 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:56:47.0656 1136 NetTcpPortSharing - ok
14:56:47.0859 1136 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
14:56:48.0156 1136 Nla - ok
14:56:48.0234 1136 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:56:48.0453 1136 Npfs - ok
14:56:48.0859 1136 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:56:49.0500 1136 Ntfs - ok
14:56:49.0640 1136 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:56:49.0781 1136 NtLmSsp - ok
14:56:50.0218 1136 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:56:50.0890 1136 NtmsSvc - ok
14:56:51.0000 1136 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:56:51.0171 1136 Null - ok
14:56:51.0265 1136 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:56:51.0453 1136 NwlnkFlt - ok
14:56:51.0609 1136 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:56:51.0781 1136 NwlnkFwd - ok
14:56:51.0937 1136 [ F1FDA9093A04D77063AE84FE3F9A30A0 ] P1110VID C:\WINDOWS\system32\DRIVERS\P1110VID.sys
14:56:52.0187 1136 P1110VID - ok
14:56:52.0312 1136 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
14:56:52.0531 1136 Parport - ok
14:56:52.0609 1136 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:56:52.0812 1136 PartMgr - ok
14:56:53.0000 1136 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:56:53.0312 1136 ParVdm - ok
14:56:53.0515 1136 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
14:56:53.0625 1136 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
14:56:53.0625 1136 PassThru Service - detected UnsignedFile.Multi.Generic (1)
14:56:53.0734 1136 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:56:53.0984 1136 PCI - ok
14:56:54.0031 1136 PCIDump - ok
14:56:54.0140 1136 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:56:54.0343 1136 PCIIde - ok
14:56:54.0484 1136 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:56:54.0781 1136 Pcmcia - ok
14:56:54.0828 1136 PDCOMP - ok
14:56:54.0875 1136 PDFRAME - ok
14:56:54.0968 1136 PDRELI - ok
14:56:55.0062 1136 PDRFRAME - ok
14:56:55.0171 1136 perc2 - ok
14:56:55.0265 1136 perc2hib - ok
14:56:55.0593 1136 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
14:56:55.0625 1136 PlugPlay - ok
14:56:55.0781 1136 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:56:55.0906 1136 PolicyAgent - ok
14:56:56.0031 1136 [ EB719C46A32D17C34D52E6C726F1CF8C ] Power Manager DBC Service C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
14:56:56.0140 1136 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - warning
14:56:56.0140 1136 Power Manager DBC Service - detected UnsignedFile.Multi.Generic (1)
14:56:56.0265 1136 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:56:56.0453 1136 PptpMiniport - ok
14:56:56.0609 1136 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
14:56:56.0796 1136 Processor - ok
14:56:56.0890 1136 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:56:57.0062 1136 ProtectedStorage - ok
14:56:57.0203 1136 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:56:57.0406 1136 PSched - ok
14:56:57.0500 1136 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:56:57.0703 1136 Ptilink - ok
14:56:57.0875 1136 [ 93C49354CEB0828F5D286E50BB767EB2 ] PwmEWSvc C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
14:56:58.0031 1136 PwmEWSvc ( UnsignedFile.Multi.Generic ) - warning
14:56:58.0031 1136 PwmEWSvc - detected UnsignedFile.Multi.Generic (1)
14:56:58.0328 1136 [ A11531B61CE8CEFB28879A99420DCB81 ] QDLService2kLenovo C:\Programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
14:56:58.0765 1136 QDLService2kLenovo - ok
14:56:58.0812 1136 ql1080 - ok
14:56:58.0921 1136 Ql10wnt - ok
14:56:58.0968 1136 ql12160 - ok
14:56:59.0062 1136 ql1240 - ok
14:56:59.0156 1136 ql1280 - ok
14:56:59.0281 1136 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:56:59.0437 1136 RasAcd - ok
14:56:59.0593 1136 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:56:59.0890 1136 RasAuto - ok
14:57:00.0000 1136 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:57:00.0250 1136 Rasl2tp - ok
14:57:00.0468 1136 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:57:00.0734 1136 RasMan - ok
14:57:00.0953 1136 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:57:01.0109 1136 RasPppoe - ok
14:57:01.0171 1136 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:57:01.0343 1136 Raspti - ok
14:57:01.0515 1136 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:57:01.0812 1136 Rdbss - ok
14:57:01.0875 1136 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:57:02.0093 1136 RDPCDD - ok
14:57:02.0359 1136 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:57:02.0671 1136 rdpdr - ok
14:57:02.0937 1136 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:57:03.0218 1136 RDPWD - ok
14:57:03.0375 1136 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:57:03.0640 1136 RDSessMgr - ok
14:57:03.0859 1136 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:57:04.0046 1136 redbook - ok
14:57:04.0468 1136 [ 03D281098CE722210C48E1E8CAFEA260 ] RegSrvc C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
14:57:05.0015 1136 RegSrvc - ok
14:57:05.0156 1136 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:57:05.0359 1136 RemoteAccess - ok
14:57:05.0500 1136 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:57:05.0687 1136 RemoteRegistry - ok
14:57:05.0890 1136 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
14:57:06.0156 1136 RpcLocator - ok
14:57:06.0515 1136 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:57:06.0734 1136 RpcSs - ok
14:57:06.0937 1136 [ F1ED9FFA59C369E72BC53A7631346F61 ] RSUSBSTOR C:\WINDOWS\system32\Drivers\RtsUStor.sys
14:57:07.0015 1136 RSUSBSTOR - ok
14:57:07.0187 1136 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:57:07.0421 1136 RSVP - ok
14:57:08.0140 1136 [ 5915A91ED141F3E37005E3123F355CCE ] RTL8192Ce C:\WINDOWS\system32\DRIVERS\rtl8192Ce.sys
14:57:09.0406 1136 RTL8192Ce - ok
14:57:10.0093 1136 [ 91843B70A7867D68FD59E1A60BA9D2B8 ] S24EventMonitor C:\Programme\Intel\WiFi\bin\S24EvMon.exe
14:57:11.0328 1136 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
14:57:11.0328 1136 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
14:57:11.0562 1136 [ 27FC71DA659305E260ACBDA15A318399 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
14:57:11.0578 1136 s24trans ( UnsignedFile.Multi.Generic ) - warning
14:57:11.0578 1136 s24trans - detected UnsignedFile.Multi.Generic (1)
14:57:11.0718 1136 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
14:57:11.0875 1136 SamSs - ok
14:57:12.0046 1136 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:57:12.0312 1136 SCardSvr - ok
14:57:12.0500 1136 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:57:12.0796 1136 Schedule - ok
14:57:12.0921 1136 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:57:13.0015 1136 Secdrv - ok
14:57:13.0156 1136 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
14:57:13.0328 1136 seclogon - ok
14:57:13.0406 1136 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
14:57:13.0625 1136 SENS - ok
14:57:13.0734 1136 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
14:57:13.0968 1136 Serial - ok
14:57:14.0453 1136 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
14:57:14.0656 1136 Sfloppy - ok
14:57:14.0953 1136 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:57:15.0515 1136 SharedAccess - ok
14:57:15.0671 1136 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:57:15.0750 1136 ShellHWDetection - ok
14:57:15.0953 1136 [ A684CE1204C1375479B2EEB0FF85B774 ] siellif C:\WINDOWS\system32\Drivers\siellif.sys
14:57:16.0078 1136 siellif ( UnsignedFile.Multi.Generic ) - warning
14:57:16.0078 1136 siellif - detected UnsignedFile.Multi.Generic (1)
14:57:16.0187 1136 Simbad - ok
14:57:16.0484 1136 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
14:57:16.0578 1136 SkypeUpdate - ok
14:57:16.0656 1136 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:57:16.0796 1136 SLIP - ok
14:57:16.0906 1136 Sparrow - ok
14:57:17.0046 1136 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:57:17.0250 1136 splitter - ok
14:57:17.0359 1136 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:57:17.0515 1136 Spooler - ok
14:57:17.0703 1136 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:57:17.0843 1136 sr - ok
14:57:18.0000 1136 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
14:57:18.0281 1136 srservice - ok
14:57:18.0546 1136 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:57:19.0062 1136 Srv - ok
14:57:19.0203 1136 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:57:19.0343 1136 SSDPSRV - ok
14:57:19.0515 1136 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:57:19.0578 1136 ssmdrv - ok
14:57:19.0828 1136 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:57:20.0390 1136 stisvc - ok
14:57:20.0484 1136 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:57:20.0671 1136 streamip - ok
14:57:20.0750 1136 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:57:20.0937 1136 swenum - ok
14:57:21.0546 1136 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe
14:57:22.0109 1136 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:57:22.0109 1136 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:57:22.0250 1136 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:57:22.0437 1136 swmidi - ok
14:57:22.0500 1136 SwPrv - ok
14:57:22.0546 1136 symc810 - ok
14:57:22.0640 1136 symc8xx - ok
14:57:22.0734 1136 sym_hi - ok
14:57:22.0828 1136 sym_u3 - ok
14:57:23.0718 1136 [ 4F3FA14E8D306005F3F4CB771E806F40 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:57:24.0468 1136 SynTP - ok
14:57:24.0578 1136 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:57:24.0796 1136 sysaudio - ok
14:57:24.0968 1136 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:57:25.0296 1136 SysmonLog - ok
14:57:25.0500 1136 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:57:25.0828 1136 TapiSrv - ok
14:57:26.0125 1136 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:57:26.0546 1136 Tcpip - ok
14:57:26.0640 1136 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:57:26.0828 1136 TDPIPE - ok
14:57:26.0937 1136 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:57:27.0109 1136 TDTCP - ok
14:57:27.0218 1136 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:57:27.0421 1136 TermDD - ok
14:57:27.0687 1136 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
14:57:28.0062 1136 TermService - ok
14:57:28.0218 1136 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
14:57:28.0250 1136 Themes - ok
14:57:28.0390 1136 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:57:28.0500 1136 TlntSvr - ok
14:57:28.0546 1136 TosIde - ok
14:57:28.0640 1136 [ C037817E2498D9DB736E4BA355B1F4E7 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwrif.sys
14:57:28.0671 1136 TPPWRIF - ok
14:57:28.0781 1136 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:57:29.0031 1136 TrkWks - ok
14:57:29.0250 1136 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:57:29.0468 1136 Udfs - ok
14:57:29.0515 1136 ultra - ok
14:57:29.0859 1136 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
14:57:30.0531 1136 Update - ok
14:57:30.0750 1136 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:57:30.0968 1136 upnphost - ok
14:57:31.0109 1136 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
14:57:31.0312 1136 UPS - ok
14:57:31.0484 1136 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:57:31.0546 1136 USBAAPL - ok
14:57:31.0640 1136 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:57:31.0796 1136 usbccgp - ok
14:57:31.0875 1136 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:57:32.0078 1136 usbehci - ok
14:57:32.0312 1136 [ FB0E8B624D1F7E214EDB3D6E56B4EC88 ] usbfilter C:\WINDOWS\system32\DRIVERS\usbfilter.sys
14:57:32.0328 1136 usbfilter - ok
14:57:32.0437 1136 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:57:32.0640 1136 usbhub - ok
14:57:32.0750 1136 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:57:32.0921 1136 usbohci - ok
14:57:33.0015 1136 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:57:33.0203 1136 usbscan - ok
14:57:33.0328 1136 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:57:33.0515 1136 usbstor - ok
14:57:33.0734 1136 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
14:57:33.0968 1136 usbvideo - ok
14:57:34.0062 1136 [ B6CC50279D6CD28E090A5D33244ADC9A ] usb_rndisx C:\WINDOWS\system32\DRIVERS\usb8023x.sys
14:57:34.0343 1136 usb_rndisx - ok
14:57:34.0500 1136 [ 2CC2660B3EC3434C88D2C808DD7937D4 ] VClone C:\WINDOWS\system32\DRIVERS\VClone.sys
14:57:34.0515 1136 VClone ( UnsignedFile.Multi.Generic ) - warning
14:57:34.0515 1136 VClone - detected UnsignedFile.Multi.Generic (1)
14:57:34.0593 1136 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:57:34.0812 1136 VgaSave - ok
14:57:34.0859 1136 ViaIde - ok
14:57:34.0984 1136 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:57:35.0140 1136 VolSnap - ok
14:57:35.0484 1136 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
14:57:35.0750 1136 VSS - ok
14:57:35.0921 1136 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
14:57:36.0265 1136 W32Time - ok
14:57:36.0359 1136 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:57:36.0515 1136 Wanarp - ok
14:57:36.0859 1136 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
14:57:37.0093 1136 Wdf01000 - ok
14:57:37.0187 1136 WDICA - ok
14:57:37.0406 1136 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:57:37.0609 1136 wdmaud - ok
14:57:37.0781 1136 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:57:37.0968 1136 WebClient - ok
14:57:38.0296 1136 [ D3AA34EC10B0FE1EFA2E1E17058C7697 ] winmgmt C:\DOKUME~1\Thure\wgsdgsdgdsgsd.exe
14:57:38.0312 1136 Suspicious file (NoAccess): C:\DOKUME~1\Thure\wgsdgsdgdsgsd.exe. md5: D3AA34EC10B0FE1EFA2E1E17058C7697
14:57:38.0312 1136 winmgmt ( LockedFile.Multi.Generic ) - warning
14:57:38.0312 1136 winmgmt - detected LockedFile.Multi.Generic (1)
14:57:38.0625 1136 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:57:38.0750 1136 WmdmPmSN - ok
14:57:39.0218 1136 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:57:40.0015 1136 Wmi - ok
14:57:40.0093 1136 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:57:40.0312 1136 WmiAcpi - ok
14:57:40.0578 1136 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:57:40.0828 1136 WmiApSrv - ok
14:57:41.0437 1136 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:57:42.0265 1136 WPFFontCache_v0400 - ok
14:57:42.0406 1136 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:57:42.0593 1136 WS2IFSL - ok
14:57:42.0734 1136 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:57:42.0953 1136 wscsvc - ok
14:57:43.0031 1136 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:57:43.0171 1136 WSTCODEC - ok
14:57:43.0359 1136 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:57:43.0468 1136 wuauserv - ok
14:57:43.0812 1136 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:57:44.0562 1136 WZCSVC - ok
14:57:44.0906 1136 [ 97CAFBDC866F7C2BA09E912697BA3E79 ] xControlCOM C:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe
14:57:45.0156 1136 xControlCOM ( UnsignedFile.Multi.Generic ) - warning
14:57:45.0156 1136 xControlCOM - detected UnsignedFile.Multi.Generic (1)
14:57:45.0375 1136 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:57:45.0593 1136 xmlprov - ok
14:57:45.0937 1136 ================ Scan global ===============================
14:57:46.0031 1136 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
14:57:46.0265 1136 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
14:57:46.0656 1136 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
14:57:46.0796 1136 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
14:57:46.0796 1136 [Global] - ok
14:57:46.0828 1136 ================ Scan MBR ==================================
14:57:46.0937 1136 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
14:57:47.0437 1136 \Device\Harddisk0\DR0 - ok
14:57:47.0546 1136 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR4
14:57:47.0578 1136 \Device\Harddisk1\DR4 - ok
14:57:47.0625 1136 ================ Scan VBR ==================================
14:57:47.0671 1136 [ D96575D17C9F26EF3E75B5AC1784B05A ] \Device\Harddisk0\DR0\Partition1
14:57:47.0687 1136 \Device\Harddisk0\DR0\Partition1 - ok
14:57:47.0781 1136 [ 50D957946EAB9E6BE2E20EFDDD861601 ] \Device\Harddisk1\DR4\Partition1
14:57:47.0781 1136 \Device\Harddisk1\DR4\Partition1 - ok
14:57:47.0828 1136 ============================================================
14:57:47.0828 1136 Scan finished
14:57:47.0828 1136 ============================================================
14:57:48.0078 1128 Detected object count: 18
14:57:48.0078 1128 Actual detected object count: 18
14:58:05.0156 1128 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0156 1128 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0218 1128 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0218 1128 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0265 1128 DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0265 1128 DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0312 1128 DectEnum ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0312 1128 DectEnum ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0359 1128 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0359 1128 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0468 1128 Gigusb ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0468 1128 Gigusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0515 1128 HRCMPA ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0515 1128 HRCMPA ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0562 1128 IUAPIWDM ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0562 1128 IUAPIWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0609 1128 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0609 1128 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0656 1128 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0656 1128 Power Manager DBC Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0703 1128 PwmEWSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0703 1128 PwmEWSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0703 1128 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0703 1128 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0750 1128 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0750 1128 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0796 1128 siellif ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0796 1128 siellif ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0843 1128 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0843 1128 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0890 1128 VClone ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0890 1128 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:58:05.0937 1128 winmgmt ( LockedFile.Multi.Generic ) - skipped by user
14:58:05.0937 1128 winmgmt ( LockedFile.Multi.Generic ) - User select action: Skip
14:58:05.0984 1128 xControlCOM ( UnsignedFile.Multi.Generic ) - skipped by user
14:58:05.0984 1128 xControlCOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.01.2013, 18:28
| #6 | |
| /// Malware-holic | GVU Trojaner, selber versucht zu löschen Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> GVU Trojaner, selber versucht zu löschen |
|
16.01.2013, 23:23
| #7 |
| | GVU Trojaner, selber versucht zu löschenCode:
ATTFilter ComboFix 13-01-16.01 - Administrator 16.01.2013 22:43:02.4.1 - x86 MINIMAL ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\dds_trash_log.cmd . . ((((((((((((((((((((((( Dateien erstellt von 2012-12-16 bis 2013-01-16 )))))))))))))))))))))))))))))) . . 2013-01-16 13:18 . 2013-01-16 13:18 -------- d-----w- C:\_OTL 2013-01-14 18:09 . 2013-01-15 15:09 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-01-14 16:02 . 2013-01-14 16:02 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Avira 2012-12-30 19:52 . 2012-12-30 19:52 -------- d-sh--w- c:\dokumente und einstellungen\NetworkService\IETldCache 2012-12-30 16:45 . 2012-12-30 16:48 -------- d-----w- c:\programme\Battlefield.1942.PC.Game(djDEVASTATE™) 2012-12-22 19:07 . 2012-12-22 19:07 73696 ----a-w- c:\programme\Mozilla Firefox\breakpadinjector.dll 2012-12-22 19:07 . 2012-12-22 19:07 421200 ----a-w- c:\programme\Mozilla Firefox\msvcp100.dll 2012-12-22 19:07 . 2012-12-22 19:07 770384 ----a-w- c:\programme\Mozilla Firefox\msvcr100.dll 2012-12-22 19:07 . 2012-12-22 19:07 96224 ----a-w- c:\programme\Mozilla Firefox\webapprt-stub.exe 2012-12-22 19:07 . 2012-12-22 19:07 157272 ----a-w- c:\programme\Mozilla Firefox\webapp-uninstaller.exe . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-21 15:24 . 2012-04-03 16:18 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-21 15:24 . 2011-06-25 10:11 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-18 00:18 . 2012-10-15 19:16 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-12-18 00:18 . 2012-10-15 19:16 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-12-16 12:23 . 2011-06-24 21:10 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-21 23:13 . 2012-11-21 23:13 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-21 23:13 . 2012-11-21 23:13 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-11-21 23:13 . 2012-11-21 23:13 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-21 23:13 . 2011-06-25 16:09 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-17 20:58 . 2012-10-15 19:16 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-11-13 11:55 . 2011-06-24 21:13 1866496 ----a-w- c:\windows\system32\win32k.sys 2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\system32\msxml4.dll 2012-11-06 02:01 . 2011-06-24 21:11 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2011-06-24 21:09 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2011-06-24 21:19 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2011-06-24 21:15 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2011-06-24 21:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2011-06-24 21:09 385024 ----a-w- c:\windows\system32\html.iec 2012-12-22 19:07 . 2011-06-25 09:50 262112 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2010-10-14 1938728] "SwitchBoard"="c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304] "SerExt"="SerExt.exe" [2005-03-01 61440] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-04-18 759144] "LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2010-04-01 43960] "avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-12-18 384800] "SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "OTL"="c:\dokumente und einstellungen\Administrator\Desktop\OTL.exe" [2013-01-15 602112] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\ BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2010-9-22 607584] . [HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^talk&surf 6.0 - Monitor.lnk] path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\talk&surf 6.0 - Monitor.lnk backup=c:\windows\pss\talk&surf 6.0 - Monitor.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2007-05-10 20:46 624248 ----a-w- c:\programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-05 16:44 500208 ------w- c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-21 17:57 406992 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader] 2012-04-17 13:05 651264 ----a-w- c:\programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-07 06:51 421160 ----a-w- c:\programme\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 06:38 421888 ----a-w- c:\programme\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "iPod Service"=3 (0x3) "Bonjour Service"=2 (0x2) "SkypeUpdate"=2 (0x2) "helpsvc"=2 (0x2) "Apple Mobile Device"=2 (0x2) "Adobe LM Service"=3 (0x3) "Ati HotKey Poller"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Programme\\ICQ7.5\\ICQ.exe"= "c:\\Programme\\Bonjour\\mDNSResponder.exe"= "c:\\Programme\\Messenger\\msmsgs.exe"= "c:\\Programme\\my moments\\Fotobuch.exe"= "c:\\Programme\\iTunes\\iTunes.exe"= "c:\\Programme\\VideoLAN\\VLC\\vlc.exe"= "c:\\Programme\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 . R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x] R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [x] R2 DCService.exe;DCService.exe;c:\dokumente und einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe [x] R2 PassThru Service;Internet Pass-Through Service;c:\programme\HTC\Internet Pass-Through\PassThruSvr.exe [x] R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [x] R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\programme\ThinkPad\Utilities\PWMEWSVC.exe [x] R2 QDLService2kLenovo;Qualcomm Gobi 2000 Download Service (Lenovo);c:\programme\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [x] R2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [x] R3 ATICDSDr;ATICDSDr;c:\dokume~1\Thure\LOKALE~1\Temp\ATICDSDr.sys [x] R3 AtiDCM;AtiDCM;c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Temp\atidcmxx.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 Gigusb;Dect USB Driver;c:\windows\system32\Drivers\Gigusb.sys [x] R3 HRCMPA;ISDN Wan driver (Ver. 1.20.0032);c:\windows\system32\DRIVERS\hrcmpa.sys [x] R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x] R3 IUAPIWDM;ISDN USB Interface (Ver. 1.20.0032);c:\windows\system32\DRIVERS\IUAPIWDM.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] R3 siellif;siellif;c:\windows\system32\Drivers\siellif.sys [x] R3 SwitchBoard;SwitchBoard;c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 xControlCOM;xControlCOM;c:\programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe [x] S3 DectEnum;DectEnum;c:\windows\system32\Drivers\DectEnum.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 90239713 *Deregistered* - 90239713 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs SGHIDI vsapint wlidsvc . Inhalt des "geplante Tasks" Ordners . 2013-01-15 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-06-25 23:39] . . ------- Zusätzlicher Suchlauf ------- . IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - . - - - - Entfernte verwaiste Registrierungseinträge - - - - . SafeBoot-Wdf01000.sys MSConfigStartUp-Facebook Update - c:\dokumente und einstellungen\Thure\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2013-01-16 22:54 Windows 5.1.2600 Service Pack 3 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,d3,83,39,9a,3e,33,49,ba,f4,12,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,d3,83,39,9a,3e,33,49,ba,f4,12,\ . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'winlogon.exe'(232) c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . Zeit der Fertigstellung: 2013-01-16 22:57:43 ComboFix-quarantined-files.txt 2013-01-16 21:57 ComboFix2.txt 2012-02-15 03:41 . Vor Suchlauf: 2.671.984.640 Bytes frei Nach Suchlauf: 3.042.844.672 Bytes frei . - - End Of File - - D1793398690C71CDADCA3CD0DE8FCEA6 |
|
17.01.2013, 15:33
| #8 |
| /// Malware-holic | GVU Trojaner, selber versucht zu löschen Hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 15:59
| #9 |
| | GVU Trojaner, selber versucht zu löschen Gibt schwirigkeiten.... habe windows im normalen modus gestartet damit ich für das update internet zugang habe, der virus hat sich wie gewohnt geöffnet und ich habe den rechner wieder runter gefahren... wollte dann wieder im abgesichterten modus starten. Wenn ich den Abgesicherten Modus auswähle lädt er für 4-5 sec. und startet dann den computer neu. noch vor der auswahl admin/user. |
|
17.01.2013, 17:02
| #10 |
| /// Malware-holic | GVU Trojaner, selber versucht zu löschen bitte finger weg von illegalen Streams wie Kinox.to auch pornoseiten etc. Erstellen wir einen bootbaren USB Stick für OTLPE Wichtig: Der USB Stick muss mindestens 512 MB oder mehr haben. Sichere gegebenfalls alle Dateien von dem USB Stick, diese werden nach den folgenden Schritten nicht mehr vorhanden sein.
C:\).
Nun boote von mit der OTLPE USB Stick. Hinweis: Wie boote ich von CD (einfach statt ner CD USB Device auswählen)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 17:40
| #11 |
| | GVU Trojaner, selber versucht zu löschen "No USB Discs Found" sagt der... ne idee? Habs mit 2 Sticks (16gb und 2gb) versucht... jeweils keine chance. Auch an nem anderen Port nicht. Dieser Laptop läuft auf Windows Vista... |
|
17.01.2013, 17:43
| #12 |
| /// Malware-holic | GVU Trojaner, selber versucht zu löschen Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD. Lade  OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Bebilderte Anleitung: OTLpe-Scan
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 17:52
| #13 |
| | GVU Trojaner, selber versucht zu löschen Das Brennen ist das kleinste Problem. Ein größeres sollte das fehlende Laufwerk im infizierten Netbook sein... Ich kann versuchen bei einem Freund den USB Stick zu erstellen. |
|
17.01.2013, 18:09
| #14 |
| /// Malware-holic | GVU Trojaner, selber versucht zu löschen hi ja, dann bei nem Freund versuchen. sind denn wichtige Daten drauf, ansonsten setzen wirs halt zurück und sichern es ab.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.01.2013, 18:32
| #15 |
| | GVU Trojaner, selber versucht zu löschen Ca. 21 gb Urlaubserinnerungen sowie einige Grafikarbeiten... das ist zwar ärgerlich und einiges an arbeit um sie wieder zu erstellen etc. aber wäre nicht zuuu wild. Die Fotos kann ich ggf wieder bekommen.... muss ich klären. |
|
| Themen zu GVU Trojaner, selber versucht zu löschen |
| adobe, adobe after effects, antivir, avira, bho, bonjour, calculator, converter, einstellungen, firefox, flash player, format, google, gvu trojaner entfernen windows xp, homepage, kaspersky, monitor, mozilla, msiinstaller, msvcr80.dll, nodrives, plug-in, realtek, rundll, scan, security, software, tastatur, trojaner, windows internet |
Linear-Darstellung
