| |
| |||||||
Log-Analyse und Auswertung: Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.03.2013, 00:59
| #1 |
 |  PUP.BundleInstaller.SOL Mein Computer hatte in den letzten 2-3 Tagen einige Systemabstürze. Ich habe Malwarebytes laufen lassen und es zeigt an, dass sich für zwei Objekte PUB.BundleInstaller.SOL finden lässt. Könnt Ihr mir bitte helfen? Was muss ich tun? Besten Dank Axel Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.12.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 Alex :: LENOVO-80D7E2D4 [Administrator] 12.03.2013 23:41:21 MBAM-log-2013-03-13 (00-02-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222518 Laufzeit: 10 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Downloads\avs media player (1).exe (PUP.BundleInstaller.SOL) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Downloads\avs media player.exe (PUP.BundleInstaller.SOL) -> Keine Aktion durchgeführt. (Ende) |
|
13.03.2013, 10:08
| #2 |
| |  Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Hallo allerseits!
__________________Ich habe gestern Abend im Eifer des Gefechtes eure Checkliste missachtet - Entschuldigung! Das wird nicht wieder vorkommen, da ich mir nun alles aufmerksam durchgelesen habe. Mein Computer hat folgende Symptome: - er hatte in den letzten 2 bis 3 Tagen mehrere Systemabstürze - vor 2 Tagen kam die Meldung, dass mein Akku defekt sei und ich ihn austauschen sollte, jedoch funktioniert der Akku weiterhin einwandfrei - schon seit längerem hat der Mozilla Firefox Browser Probleme und stürzt direkt nach dem Öffnen ab. Ich habe deshalb zunächst einmal Google Chrome installiert. - der Computer fährt manchmal sehr schnell in den Ruhemodus runter Mir scheint, dass der Computer nicht langsamer ist als sonst. Ich habe einen Scan mit Malewarebytes durchgeführt, bei dem folgende infizierte Dateien angezeigt wurden: C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Downloads\avs media player (1).exe (PUP.BundleInstaller.SOL) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Downloads\avs media player.exe (PUP.BundleInstaller.SOL) -> Keine Aktion durchgeführt. Ich habe dann die von euch vorgeschlagenen Punkte befolgt. Jedoch ist ein Problem aufgetreten: - OTL hat nur eine Textdatei nach dem Scan produziert. Die Extra.txt erschien nicht und konnte deshalb nicht gespeichert/gepostet werden (habe es drei mal versucht). Könnt Ihr mir damit helfen? GMER 2.1.19155 - hxxp://www.gmer.net Rootkit scan 2013-03-13 09:11:18 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9500420AS rev.0002SDM1 465,76GB Running: gmer_2.1.19155.exe; Driver: C:\DOKUME~1\Alex\LOKALE~1\Temp\kwxoifod.sys ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys Device mrxsmb.sys Device A5B59D20 AttachedDevice fltmgr.sys Device Cdfs.SYS Device DLAIFS_M.SYS ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- OTL logfile created on: 13.03.2013 08:43:22 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Alex\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 2,36 Gb Available Physical Memory | 79,18% Memory free 4,82 Gb Paging File | 4,38 Gb Available in Paging File | 90,84% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 461,45 Gb Total Space | 344,66 Gb Free Space | 74,69% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: LENOVO-80D7E2D4 | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.13 08:17:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe PRC - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2013.01.27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012.09.06 12:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2012.08.03 20:52:33 | 000,685,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.06.18 16:27:10 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStatsUpdater.exe PRC - [2012.01.18 13:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.03.28 19:02:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe PRC - [2007.03.27 18:56:42 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe PRC - [2007.03.27 18:52:22 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2007.03.27 18:51:10 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe PRC - [2007.03.27 18:46:42 | 000,180,224 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2007.03.27 18:44:34 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2007.03.09 06:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2007.03.08 05:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2007.02.27 16:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2007.02.27 16:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe PRC - [2007.02.08 12:19:44 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2007.02.08 12:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe PRC - [2007.02.08 12:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2007.02.08 12:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe PRC - [2007.02.08 10:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe PRC - [2007.01.30 17:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007.01.30 04:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE PRC - [2006.12.15 15:50:52 | 000,011,776 | ---- | M] ( ) -- c:\Programme\Lenovo\System Update\SUService.exe PRC - [2006.11.07 11:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE PRC - [2006.09.06 08:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2006.05.23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2006.05.18 15:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe PRC - [2006.02.14 06:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2006.02.02 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2004.07.27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe ========== Modules (No Company Name) ========== MOD - [2013.01.09 20:31:06 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fb004263\mscorlib.dll MOD - [2013.01.09 20:30:40 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_6489d234\system.dll MOD - [2013.01.09 20:30:33 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012.08.03 20:53:25 | 000,062,968 | ---- | M] () -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll MOD - [2012.06.18 16:27:10 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStatsUpdater.exe MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.03.28 19:02:00 | 000,235,056 | ---- | M] () -- C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll MOD - [2007.03.22 18:02:00 | 000,063,024 | ---- | M] () -- C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL MOD - [2007.03.07 18:31:00 | 000,063,024 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL MOD - [2007.03.06 15:40:04 | 000,118,784 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll MOD - [2007.02.27 16:48:38 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2007.02.27 16:45:10 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll MOD - [2007.02.08 12:11:32 | 000,569,344 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe MOD - [2007.02.08 12:00:06 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe MOD - [2007.02.08 11:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll MOD - [2007.02.08 11:59:30 | 000,139,264 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll MOD - [2007.02.08 10:40:16 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe MOD - [2007.01.30 17:21:54 | 000,110,592 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\xml4cmessages5_5.dll MOD - [2007.01.25 07:25:52 | 000,069,720 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll MOD - [2006.12.19 17:14:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL MOD - [2006.12.19 17:14:00 | 000,045,056 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2006.12.14 03:06:42 | 000,028,672 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\tphklock.dll MOD - [2006.11.10 05:26:02 | 000,030,256 | ---- | M] () -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll MOD - [2006.02.16 09:19:51 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.09 17:30:08 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.03 20:52:07 | 000,537,592 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.06.18 16:27:10 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStatsUpdater.exe -- (ColorZillaStatsUpdater) SRV - [2007.03.27 18:46:42 | 000,180,224 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007.03.27 18:44:34 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007.02.27 16:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2007.02.08 12:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007.02.08 12:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2007.02.08 10:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk) SRV - [2007.01.30 17:37:50 | 000,644,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007.01.30 04:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2006.12.15 15:50:52 | 000,011,776 | ---- | M] ( ) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2006.05.23 20:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.10.06 17:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.03.13 08:01:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{05B6F83F-C0C3-47A8-B763-3C666B4ADD83}\MpKsl14a09b80.sys -- (MpKsl14a09b80) DRV - [2012.08.03 20:38:55 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2012.08.03 20:38:05 | 000,057,256 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsmux.sys -- (acsmux) DRV - [2012.08.03 20:38:05 | 000,038,440 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\acsint.sys -- (acsint) DRV - [2007.03.28 19:02:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2007.03.28 04:22:58 | 002,204,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) DRV - [2007.03.14 21:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) DRV - [2007.03.02 16:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsX86.sys -- (Shockprf) DRV - [2007.03.02 16:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ApsHM86.sys -- (TPDIGIMN) DRV - [2007.02.27 10:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007.02.21 11:16:12 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2007.01.24 10:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.12.22 03:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006.12.22 03:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006.12.22 03:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006.12.19 17:14:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2006.11.15 09:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2006.11.15 04:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.15 02:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.06 09:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006.09.13 11:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2006.09.13 06:42:18 | 000,028,224 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2006.02.02 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006.02.02 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006.02.02 04:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006.02.02 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006.02.02 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006.02.02 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006.02.02 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2006.01.12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2005.11.18 11:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.11.18 11:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.11.08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2005.07.14 04:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk) DRV - [2001.08.18 04:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_Prot IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&babsrc=SP_ss&mntrId=3455b0d000000000000000215c46380d IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..extensions.enabledAddons: stats@colorzilla.com:2.7.12 FF - prefs.js..extensions.enabledAddons: {3bbd3c14-4c16-4989-8366-95bc9179779d}:10.10.27.6 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@alternatiff.com/AlternaTIFF: C:\Programme\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2012.01.12 14:20:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\webbooster@iminent.com: C:\Programme\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.09 17:30:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.11 22:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Extensions [2012.10.29 20:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\lzbe10s2.default\extensions [2012.08.26 08:46:46 | 000,000,000 | ---D | M] (FLV Runner) -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\lzbe10s2.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d} [2012.06.21 14:21:47 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\lzbe10s2.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.07.13 08:33:17 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\lzbe10s2.default\extensions\stats@colorzilla.com [2012.09.09 17:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.31 19:59:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.09.09 17:30:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.13 08:32:56 | 000,002,313 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.09.02 10:52:21 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google  riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.152\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Babylon ToolBar (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - plugin: AlternaTIFF (Enabled) = C:\Programme\MIE\AlternaTIFF\npzzatif.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: ColorZillaStats = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal\2.7.12_0\ CHR - Extension: Babylon Toolbar = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\ O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (ColorZillaStats) - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - Startup: C:\Dokumente und Einstellungen\Alex\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.79.200.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2141362-64D6-4F9E-9E26-19BBB3C044F3}: DhcpNameServer = 130.79.200.200 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.13 08:31:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe [2013.03.13 08:06:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013.03.13 00:34:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.13 00:12:57 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2013.03.13 00:12:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2013.03.13 00:07:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\SpeedyPC Software [2013.03.13 00:07:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\DriverCure [2013.03.13 00:07:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Startmenü\Programme\SpeedyPC Software [2013.03.13 00:07:22 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SpeedyPC Software [2013.03.13 00:07:17 | 000,000,000 | ---D | C] -- C:\Programme\SpeedyPC Software [2013.03.13 00:07:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedyPC Software [2013.03.12 23:40:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Malwarebytes [2013.03.12 23:40:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.03.12 23:40:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.03.12 23:40:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.03.12 23:40:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.03.10 18:50:58 | 000,000,000 | ---D | C] -- C:\_SMA [2013.03.04 20:31:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2013.03.04 20:31:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2013.02.20 23:05:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Desktop\Stuererklaerung [2013.02.12 17:24:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\elsterformular [2013.02.12 17:23:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ElsterFormular [2013.02.12 17:23:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2013.02.12 17:22:56 | 000,000,000 | ---D | C] -- C:\Programme\ElsterFormular [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.13 08:17:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe [2013.03.13 08:16:21 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\defogger_reenable [2013.03.13 08:10:02 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013.03.13 08:04:18 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1870837180-2808861349-3579745600-1005UA.job [2013.03.13 08:04:01 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2013.03.13 08:03:59 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job [2013.03.13 08:00:31 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2013.03.13 08:00:07 | 000,025,304 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2013.03.13 07:59:55 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2013.03.13 07:59:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.03.13 00:59:58 | 000,008,245 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Trojaner_Board.odt [2013.03.13 00:48:02 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2013.03.13 00:07:41 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job [2013.03.13 00:07:26 | 000,000,833 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\SpeedyPC Pro.lnk [2013.03.13 00:07:25 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job [2013.03.13 00:07:25 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job [2013.03.12 23:40:30 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.12 23:04:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1870837180-2808861349-3579745600-1005Core.job [2013.03.12 16:25:09 | 000,008,887 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Festplatte_media_markt.odt [2013.03.12 15:00:22 | 000,021,741 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Tabak_Bestaende_ADBS.odt [2013.03.11 00:07:41 | 000,044,139 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\EINSEHEN_BNUS.odt [2013.03.09 16:24:50 | 000,109,738 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\MFB-Buchung-1225988.pdf [2013.03.08 22:10:26 | 000,020,621 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\BNUS_EINSEHEN_09_03_2013.odt [2013.03.06 17:07:37 | 000,002,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Google Chrome.lnk [2013.03.04 20:31:28 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2013.02.27 10:36:13 | 000,019,277 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\EINZUSEHEN.odt [2013.02.25 21:29:23 | 009,122,908 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\EOS_400D_HWG_deu.pdf [2013.02.22 08:52:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.02.19 08:54:49 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2013.02.18 13:01:04 | 000,093,246 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\MFB-Rechnung-1185935.pdf [2013.02.18 13:00:51 | 000,095,667 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\MFB-Buchung-1185935.pdf [2013.02.18 12:11:59 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.15 10:13:21 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.15 07:44:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.15 07:42:15 | 000,502,994 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.15 07:42:15 | 000,481,854 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.15 07:42:15 | 000,095,402 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.15 07:42:15 | 000,079,928 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.12 18:13:31 | 000,073,491 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\ESt2011***_Alexander.elfo [2013.02.12 17:23:54 | 000,000,861 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.13 08:16:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\defogger_reenable [2013.03.13 00:59:56 | 000,008,245 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Trojaner_Board.odt [2013.03.13 00:07:40 | 000,000,474 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job [2013.03.13 00:07:26 | 000,000,833 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\SpeedyPC Pro.lnk [2013.03.13 00:07:25 | 000,000,498 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job [2013.03.13 00:07:25 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job [2013.03.13 00:07:23 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job [2013.03.12 23:40:30 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.12 16:25:08 | 000,008,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Festplatte_media_markt.odt [2013.03.09 16:24:49 | 000,109,738 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\MFB-Buchung-1225988.pdf [2013.03.08 22:10:25 | 000,020,621 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\BNUS_EINSEHEN_09_03_2013.odt [2013.03.04 09:31:31 | 000,021,741 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Tabak_Bestaende_ADBS.odt [2013.03.03 21:15:34 | 000,044,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\EINSEHEN_BNUS.odt [2013.02.25 21:28:50 | 009,122,908 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\EOS_400D_HWG_deu.pdf [2013.02.18 13:01:03 | 000,093,246 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\MFB-Rechnung-1185935.pdf [2013.02.18 13:00:51 | 000,095,667 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\MFB-Buchung-1185935.pdf [2013.02.12 18:11:13 | 000,073,491 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\ESt2011_***.elfo [2013.02.12 17:23:54 | 000,000,861 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk [2012.06.21 22:45:30 | 000,132,066 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1870837180-2808861349-3579745600-1005-0.dat [2012.06.21 22:45:29 | 000,132,066 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.02.15 12:29:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.16 12:11:21 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.11 11:03:26 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.10.05 22:14:58 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2011.10.05 14:49:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011.10.05 14:40:51 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2011.10.05 14:40:11 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe [2011.10.05 14:35:34 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.10.05 14:34:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2011.10.05 14:34:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2011.10.05 14:34:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2011.10.05 14:34:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2011.10.05 14:34:10 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2011.10.05 14:34:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2011.10.05 14:28:47 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2011.10.05 14:28:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll [2011.10.05 14:26:09 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2011.10.05 14:26:09 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2011.10.05 14:25:32 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2011.10.05 14:25:32 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [2011.10.05 14:25:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2011.10.05 14:25:32 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2011.10.05 14:24:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2011.10.05 14:20:58 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config ========== ZeroAccess Check ========== [2006.01.27 18:19:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.13 08:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Babylon [2012.07.13 08:33:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\BabylonToolbar [2012.07.13 08:33:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ColorZillaStats [2013.03.13 00:07:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\DriverCure [2013.03.13 08:04:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Dropbox [2013.02.12 17:25:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\elsterformular [2011.12.11 11:12:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\InterVideo [2011.12.11 22:53:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Leadertech [2011.10.05 14:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Lenovo [2012.01.12 10:22:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Litlink v4 [2012.01.12 10:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\net.dacons.menucontrol [2011.12.11 22:51:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\OpenOffice.org [2013.03.13 00:07:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\SpeedyPC Software [2012.01.12 16:15:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Swiss Academic Software [2012.07.15 14:25:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Toolbar4 [2012.07.13 08:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.06.14 17:09:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2012.08.31 07:45:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco [2013.02.12 17:24:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2012.01.12 16:13:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar [2011.12.11 19:49:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo [2011.10.05 14:37:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor [2013.03.13 00:07:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedyPC Software [2012.01.12 14:20:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software [2011.10.05 14:27:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB ========== Purity Check ========== Besten Dank für eure Hilfe! Axl |
|
13.03.2013, 14:45
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Hallo,
__________________Zitat:
Warum bitte eine Professional Edition für Windows? Wer braucht das als Heimanwender? Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ |
|
13.03.2013, 19:24
| #4 | ||
| | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Hallo! Zitat:
Zitat:
Hier die Log von Malwarebytes, mehr Logs habe ich leider nicht: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.12.10 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 Alex :: LENOVO-80D7E2D4 [Administrator] 12.03.2013 23:41:21 MBAM-log-2013-03-13 (00-02-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222518 Laufzeit: 10 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Downloads\avs media player (1).exe (PUP.BundleInstaller.SOL) -> Keine Aktion durchgeführt. C:\Dokumente und Einstellungen\Alex\Eigene Dateien\Downloads\avs media player.exe (PUP.BundleInstaller.SOL) -> Keine Aktion durchgeführt. (Ende) Beste Grüße Axl |
|
14.03.2013, 10:46
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Ok, danke für die Erklärung  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.03.2013, 09:41
| #6 | |
| | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Hallo! Folgendes Problem ist bei MBAR (Malwarebytes Anti-Rootkit) aufgetreten. Wenn ich den Scan starten möchte, dann erscheint die Nachricht Zitat:
Dann habe ich die anderen beiden Scans laufen lassen. Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-14 18:06:28
-----------------------------
18:06:28.468 OS Version: Windows 5.1.2600 Service Pack 3
18:06:28.468 Number of processors: 2 586 0xF0B
18:06:28.468 ComputerName: LENOVO-80D7E2D4 UserName: Alex
18:06:36.390 Initialize success
18:08:10.250 AVAST engine defs: 13031401
18:08:16.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:08:16.593 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 3
18:08:16.640 Disk 0 MBR read successfully
18:08:16.640 Disk 0 MBR scan
18:08:16.734 Disk 0 unknown MBR code
18:08:16.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 472522 MB offset 63
18:08:16.765 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4414 MB offset 967725360
18:08:16.781 Disk 0 scanning sectors +976767120
18:08:16.875 Disk 0 scanning C:\WINDOWS\system32\drivers
18:08:46.500 Service scanning
18:09:08.875 Service MpKsl37d80c84 c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{69BBEE3C-55A7-4014-9529-F3D8FBF239F5}\MpKsl37d80c84.sys **LOCKED** 32
18:09:36.562 Modules scanning
18:09:50.531 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
18:09:53.218 Disk 0 trace - called modules:
18:09:53.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
18:09:53.234 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac92ab8]
18:09:53.234 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000008e[0x8ac989e8]
18:09:53.250 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac6d940]
18:09:59.640 AVAST engine scan C:\WINDOWS
18:10:25.375 AVAST engine scan C:\WINDOWS\system32
18:19:35.687 AVAST engine scan C:\WINDOWS\system32\drivers
18:20:20.390 AVAST engine scan C:\Dokumente und Einstellungen\Alex
18:59:45.765 AVAST engine scan C:\Dokumente und Einstellungen\All Users
19:03:39.890 Scan finished successfully
22:45:34.515 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Alex\Desktop\MBR.dat"
22:45:34.515 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Alex\Desktop\aswMBR.txt"
Code:
ATTFilter 09:31:21.0359 4588 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:31:21.0593 4588 ============================================================
09:31:21.0593 4588 Current date / time: 2013/03/16 09:31:21.0593
09:31:21.0593 4588 SystemInfo:
09:31:21.0593 4588
09:31:21.0593 4588 OS Version: 5.1.2600 ServicePack: 3.0
09:31:21.0593 4588 Product type: Workstation
09:31:21.0593 4588 ComputerName: LENOVO-80D7E2D4
09:31:21.0593 4588 UserName: Alex
09:31:21.0593 4588 Windows directory: C:\WINDOWS
09:31:21.0593 4588 System windows directory: C:\WINDOWS
09:31:21.0593 4588 Processor architecture: Intel x86
09:31:21.0593 4588 Number of processors: 2
09:31:21.0593 4588 Page size: 0x1000
09:31:21.0593 4588 Boot type: Normal boot
09:31:21.0593 4588 ============================================================
09:31:25.0203 4588 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
09:31:25.0203 4588 ============================================================
09:31:25.0203 4588 \Device\Harddisk0\DR0:
09:31:25.0203 4588 MBR partitions:
09:31:25.0203 4588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39AE50F1
09:31:25.0203 4588 ============================================================
09:31:25.0234 4588 C: <-> \Device\Harddisk0\DR0\Partition1
09:31:25.0234 4588 ============================================================
09:31:25.0234 4588 Initialize success
09:31:25.0234 4588 ============================================================
09:31:41.0140 5528 ============================================================
09:31:41.0140 5528 Scan started
09:31:41.0140 5528 Mode: Manual; SigCheck; TDLFS;
09:31:41.0140 5528 ============================================================
09:31:41.0390 5528 ================ Scan system memory ========================
09:31:41.0390 5528 System memory - ok
09:31:41.0390 5528 ================ Scan services =============================
09:31:41.0750 5528 Abiosdsk - ok
09:31:41.0796 5528 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:31:42.0031 5528 abp480n5 - ok
09:31:42.0062 5528 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
09:31:42.0171 5528 ac97intc - ok
09:31:42.0281 5528 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:31:42.0406 5528 ACPI - ok
09:31:42.0406 5528 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:31:42.0500 5528 ACPIEC - ok
09:31:42.0625 5528 [ 1114C7A183A46840DC4A287BE0ABB944 ] AcPrfMgrSvc C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
09:31:42.0656 5528 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - warning
09:31:42.0656 5528 AcPrfMgrSvc - detected UnsignedFile.Multi.Generic (1)
09:31:42.0687 5528 [ E850B0A94E8703CCBC980B31594DC408 ] acsint C:\WINDOWS\system32\DRIVERS\acsint.sys
09:31:42.0734 5528 acsint - ok
09:31:42.0765 5528 [ EA2429C90AEAB09D7F3A99B16DA23CED ] acsmux C:\WINDOWS\system32\DRIVERS\acsmux.sys
09:31:42.0796 5528 acsmux - ok
09:31:42.0890 5528 [ 257E3F88829B0F50AA23CF67F285FD43 ] AcSvc C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
09:31:43.0000 5528 AcSvc ( UnsignedFile.Multi.Generic ) - warning
09:31:43.0000 5528 AcSvc - detected UnsignedFile.Multi.Generic (1)
09:31:43.0156 5528 [ 6296F30A2760B2ADAE778A9F71FE46FE ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:31:43.0218 5528 ADIHdAudAddService - ok
09:31:43.0265 5528 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:31:43.0375 5528 adpu160m - ok
09:31:43.0421 5528 [ E8694FC1DAC061AD989506B470552415 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
09:31:43.0500 5528 AEAudio - ok
09:31:43.0562 5528 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:31:43.0687 5528 aec - ok
09:31:43.0734 5528 [ 375EB0B97E3950ADEF3633C27A82438B ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:31:43.0750 5528 AegisP ( UnsignedFile.Multi.Generic ) - warning
09:31:43.0750 5528 AegisP - detected UnsignedFile.Multi.Generic (1)
09:31:43.0828 5528 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:31:43.0984 5528 AFD - ok
09:31:44.0015 5528 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:31:44.0109 5528 agp440 - ok
09:31:44.0140 5528 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:31:44.0281 5528 agpCPQ - ok
09:31:44.0296 5528 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:31:44.0359 5528 Aha154x - ok
09:31:44.0390 5528 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:31:44.0500 5528 aic78u2 - ok
09:31:44.0515 5528 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:31:44.0609 5528 aic78xx - ok
09:31:44.0656 5528 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:31:44.0750 5528 Alerter - ok
09:31:44.0796 5528 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
09:31:44.0921 5528 ALG - ok
09:31:44.0937 5528 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
09:31:45.0031 5528 AliIde - ok
09:31:45.0046 5528 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:31:45.0140 5528 alim1541 - ok
09:31:45.0171 5528 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:31:45.0265 5528 amdagp - ok
09:31:45.0281 5528 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
09:31:45.0328 5528 amsint - ok
09:31:45.0375 5528 [ 11AB185A7AF224800BBFB5B836974A17 ] ANC C:\WINDOWS\system32\drivers\ANC.SYS
09:31:45.0390 5528 ANC ( UnsignedFile.Multi.Generic ) - warning
09:31:45.0390 5528 ANC - detected UnsignedFile.Multi.Generic (1)
09:31:45.0468 5528 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:31:45.0578 5528 AppMgmt - ok
09:31:45.0625 5528 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:31:45.0718 5528 Arp1394 - ok
09:31:45.0734 5528 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
09:31:45.0812 5528 asc - ok
09:31:45.0828 5528 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:31:45.0921 5528 asc3350p - ok
09:31:45.0937 5528 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:31:46.0015 5528 asc3550 - ok
09:31:46.0187 5528 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:31:46.0234 5528 aspnet_state - ok
09:31:46.0234 5528 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:31:46.0328 5528 AsyncMac - ok
09:31:46.0390 5528 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:31:46.0468 5528 atapi - ok
09:31:46.0468 5528 Atdisk - ok
09:31:46.0484 5528 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:31:46.0593 5528 Atmarpc - ok
09:31:46.0625 5528 [ DBF0D7E2DF33B469EB55406FEA759350 ] atmeltpm C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
09:31:46.0687 5528 atmeltpm - ok
09:31:46.0734 5528 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:31:46.0843 5528 AudioSrv - ok
09:31:46.0875 5528 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:31:46.0953 5528 audstub - ok
09:31:46.0984 5528 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:31:47.0062 5528 Beep - ok
09:31:47.0250 5528 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
09:31:47.0609 5528 BITS - ok
09:31:47.0687 5528 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
09:31:47.0765 5528 Browser - ok
09:31:48.0140 5528 [ 9DA09B5800B9DE8336948664E3B9CC94 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:31:48.0531 5528 BTKRNL - ok
09:31:48.0718 5528 [ D14C346D293E6F83CBB55AC641FF941E ] btwdins C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
09:31:48.0781 5528 btwdins ( UnsignedFile.Multi.Generic ) - warning
09:31:48.0781 5528 btwdins - detected UnsignedFile.Multi.Generic (1)
09:31:48.0828 5528 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
09:31:48.0875 5528 BTWUSB - ok
09:31:48.0890 5528 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:31:48.0968 5528 cbidf - ok
09:31:48.0984 5528 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:31:49.0062 5528 cbidf2k - ok
09:31:49.0078 5528 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:31:49.0140 5528 cd20xrnt - ok
09:31:49.0156 5528 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:31:49.0281 5528 Cdaudio - ok
09:31:49.0328 5528 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:31:49.0421 5528 Cdfs - ok
09:31:49.0484 5528 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:31:49.0578 5528 Cdrom - ok
09:31:49.0593 5528 Changer - ok
09:31:49.0625 5528 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:31:49.0718 5528 CiSvc - ok
09:31:49.0781 5528 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:31:49.0875 5528 ClipSrv - ok
09:31:49.0937 5528 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:31:50.0046 5528 clr_optimization_v2.0.50727_32 - ok
09:31:50.0156 5528 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:31:50.0218 5528 clr_optimization_v4.0.30319_32 - ok
09:31:50.0250 5528 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:31:50.0343 5528 CmBatt - ok
09:31:50.0375 5528 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:31:50.0484 5528 CmdIde - ok
09:31:50.0578 5528 [ 091A2D76A1FFFA523CD453CBABC4078D ] ColorZillaStatsUpdater C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
09:31:50.0625 5528 ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - warning
09:31:50.0625 5528 ColorZillaStatsUpdater - detected UnsignedFile.Multi.Generic (1)
09:31:50.0656 5528 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:31:50.0750 5528 Compbatt - ok
09:31:50.0750 5528 COMSysApp - ok
09:31:50.0765 5528 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:31:50.0843 5528 Cpqarray - ok
09:31:50.0906 5528 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:31:50.0984 5528 CryptSvc - ok
09:31:51.0062 5528 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:31:51.0171 5528 dac2w2k - ok
09:31:51.0187 5528 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:31:51.0265 5528 dac960nt - ok
09:31:51.0453 5528 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:31:51.0656 5528 DcomLaunch - ok
09:31:51.0734 5528 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:31:51.0953 5528 Dhcp - ok
09:31:52.0015 5528 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:31:52.0093 5528 Disk - ok
09:31:52.0390 5528 [ 0711D2E0F17B31E537B2770A618DA41F ] Diskeeper C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe
09:31:52.0734 5528 Diskeeper ( UnsignedFile.Multi.Generic ) - warning
09:31:52.0734 5528 Diskeeper - detected UnsignedFile.Multi.Generic (1)
09:31:52.0781 5528 [ 35CBC02546335EA41A5D516DA6626C8A ] DLABOIOM C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:31:52.0812 5528 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
09:31:52.0812 5528 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
09:31:52.0828 5528 [ EC6AE8BC9F773382D2EED49E4DFDAE2A ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:31:52.0843 5528 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
09:31:52.0843 5528 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
09:31:52.0859 5528 [ 2104649B0B79B9F30122C545CBA0C655 ] DLADResN C:\WINDOWS\system32\DLA\DLADResN.SYS
09:31:52.0906 5528 DLADResN ( UnsignedFile.Multi.Generic ) - warning
09:31:52.0906 5528 DLADResN - detected UnsignedFile.Multi.Generic (1)
09:31:52.0953 5528 [ E4859CA5BD8412A9A60D62067A653522 ] DLAIFS_M C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:31:53.0000 5528 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
09:31:53.0000 5528 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
09:31:53.0000 5528 [ 20C24A3D1CF0825487C93F806625805E ] DLAOPIOM C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:31:53.0015 5528 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
09:31:53.0015 5528 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
09:31:53.0031 5528 [ 8A530DA5DC81954BCF1966813F699B49 ] DLAPoolM C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:31:53.0046 5528 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
09:31:53.0046 5528 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
09:31:53.0062 5528 [ 0605B66052F82B6F07204DBDB61C13FF ] DLARTL_N C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:31:53.0078 5528 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
09:31:53.0078 5528 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
09:31:53.0125 5528 [ 7EDA68AF6A91BF64AF6F301E39928EBF ] DLAUDFAM C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:31:53.0171 5528 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
09:31:53.0171 5528 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
09:31:53.0203 5528 [ A18423BBC6D92B01FDF3C51E7510EE70 ] DLAUDF_M C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:31:53.0234 5528 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
09:31:53.0234 5528 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
09:31:53.0250 5528 dmadmin - ok
09:31:53.0562 5528 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:31:54.0203 5528 dmboot - ok
09:31:54.0296 5528 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:31:54.0437 5528 dmio - ok
09:31:54.0453 5528 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:31:54.0531 5528 dmload - ok
09:31:54.0562 5528 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:31:54.0671 5528 dmserver - ok
09:31:54.0703 5528 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:31:54.0796 5528 DMusic - ok
09:31:54.0843 5528 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:31:54.0921 5528 Dnscache - ok
09:31:55.0015 5528 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:31:55.0156 5528 Dot3svc - ok
09:31:55.0187 5528 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:31:55.0265 5528 dpti2o - ok
09:31:55.0281 5528 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:31:55.0359 5528 drmkaud - ok
09:31:55.0421 5528 [ 48C7008D23DCFCE0D0232F49307EFCED ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:31:55.0453 5528 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
09:31:55.0453 5528 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
09:31:55.0484 5528 [ 05467E44A42C777DD1534BB4539B16D1 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:31:56.0468 5528 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
09:31:56.0468 5528 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
09:31:56.0546 5528 [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:31:56.0671 5528 E100B - ok
09:31:56.0796 5528 [ 67396A6B3ADAC7FF233CADF6D1660DBA ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
09:31:56.0812 5528 e1express - ok
09:31:56.0859 5528 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:31:56.0968 5528 EapHost - ok
09:31:57.0000 5528 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:31:57.0093 5528 ERSvc - ok
09:31:57.0171 5528 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
09:31:57.0218 5528 Eventlog - ok
09:31:57.0328 5528 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
09:31:57.0359 5528 EventSystem - ok
09:31:57.0656 5528 [ 298C8F404968A600D1C298D43783BDB8 ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe
09:31:58.0093 5528 EvtEng ( UnsignedFile.Multi.Generic ) - warning
09:31:58.0093 5528 EvtEng - detected UnsignedFile.Multi.Generic (1)
09:31:58.0171 5528 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:31:58.0281 5528 Fastfat - ok
09:31:58.0359 5528 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:31:58.0437 5528 FastUserSwitchingCompatibility - ok
09:31:58.0453 5528 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:31:58.0531 5528 Fdc - ok
09:31:58.0578 5528 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:31:58.0718 5528 Fips - ok
09:31:58.0750 5528 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:31:58.0828 5528 Flpydisk - ok
09:31:58.0890 5528 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:31:59.0000 5528 FltMgr - ok
09:31:59.0078 5528 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:31:59.0125 5528 FontCache3.0.0.0 - ok
09:31:59.0156 5528 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:31:59.0250 5528 Fs_Rec - ok
09:31:59.0312 5528 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:31:59.0468 5528 Ftdisk - ok
09:31:59.0609 5528 [ 33D00F8CB70AC5F7A8101F79D5273615 ] G400 C:\WINDOWS\system32\DRIVERS\G400m.sys
09:31:59.0781 5528 G400 - ok
09:31:59.0828 5528 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:31:59.0937 5528 Gpc - ok
09:32:00.0015 5528 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
09:32:00.0093 5528 gusvc - ok
09:32:00.0156 5528 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:32:00.0265 5528 HDAudBus - ok
09:32:00.0359 5528 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:32:00.0453 5528 helpsvc - ok
09:32:00.0468 5528 HidServ - ok
09:32:00.0515 5528 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:32:00.0609 5528 hkmsvc - ok
09:32:00.0640 5528 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
09:32:00.0750 5528 hpn - ok
09:32:00.0875 5528 [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:32:00.0984 5528 HSFHWAZL - ok
09:32:01.0359 5528 [ 21C31273C6CC4826E74BE8AE3B09D4A8 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:32:02.0156 5528 HSF_DPV - ok
09:32:02.0296 5528 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:32:02.0421 5528 HTTP - ok
09:32:02.0453 5528 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:32:02.0546 5528 HTTPFilter - ok
09:32:02.0562 5528 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
09:32:02.0656 5528 i2omgmt - ok
09:32:02.0671 5528 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:32:02.0765 5528 i2omp - ok
09:32:02.0796 5528 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:32:02.0937 5528 i8042prt - ok
09:32:05.0187 5528 [ C1C2D6940D6EC2F247B0F3C11E0A18E0 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
09:32:09.0750 5528 ialm - ok
09:32:09.0890 5528 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:32:10.0000 5528 iaStor - ok
09:32:10.0062 5528 [ 326EDB99D2B509F6C48BF723C1817292 ] IBMPMDRV C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
09:32:10.0062 5528 IBMPMDRV - ok
09:32:10.0109 5528 [ C5764B846D2AE8EA9327F910EC7648F3 ] IBMPMSVC C:\WINDOWS\system32\ibmpmsvc.exe
09:32:10.0125 5528 IBMPMSVC - ok
09:32:10.0140 5528 [ BFC9F3ADAAD74E13F9CE16C8BD336F95 ] IBMTPCHK C:\WINDOWS\system32\Drivers\IBMBLDID.sys
09:32:10.0171 5528 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
09:32:10.0171 5528 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
09:32:10.0296 5528 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
09:32:10.0343 5528 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:32:10.0343 5528 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:32:10.0750 5528 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:32:11.0453 5528 idsvc - ok
09:32:11.0468 5528 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:32:11.0562 5528 Imapi - ok
09:32:11.0671 5528 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
09:32:11.0765 5528 ImapiService - ok
09:32:11.0812 5528 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:32:11.0937 5528 ini910u - ok
09:32:11.0953 5528 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:32:12.0031 5528 IntelIde - ok
09:32:12.0093 5528 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:32:12.0203 5528 intelppm - ok
09:32:12.0218 5528 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:32:12.0343 5528 Ip6Fw - ok
09:32:12.0375 5528 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:32:12.0468 5528 IpFilterDriver - ok
09:32:12.0484 5528 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:32:12.0562 5528 IpInIp - ok
09:32:12.0640 5528 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:32:12.0765 5528 IpNat - ok
09:32:12.0828 5528 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:32:12.0953 5528 IPSec - ok
09:32:13.0031 5528 [ 00D8E9DAEBE72A5DF3986FD418A995EB ] IPSSVC C:\WINDOWS\system32\IPSSVC.EXE
09:32:13.0078 5528 IPSSVC - ok
09:32:13.0093 5528 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:32:13.0187 5528 IRENUM - ok
09:32:13.0234 5528 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:32:13.0312 5528 isapnp - ok
09:32:13.0359 5528 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
09:32:13.0390 5528 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
09:32:13.0390 5528 Iviaspi - detected UnsignedFile.Multi.Generic (1)
09:32:13.0546 5528 [ A38441ED570F190CC041A7BE49488FA7 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
09:32:13.0578 5528 JavaQuickStarterService - ok
09:32:13.0593 5528 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:32:13.0703 5528 Kbdclass - ok
09:32:13.0812 5528 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:32:14.0000 5528 kmixer - ok
09:32:14.0046 5528 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:32:14.0109 5528 KSecDD - ok
09:32:14.0156 5528 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:32:14.0203 5528 lanmanserver - ok
09:32:14.0296 5528 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:32:14.0359 5528 lanmanworkstation - ok
09:32:14.0359 5528 lbrtfdc - ok
09:32:14.0406 5528 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:32:14.0484 5528 LmHosts - ok
09:32:14.0546 5528 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
09:32:14.0562 5528 mbamchameleon - ok
09:32:14.0578 5528 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:32:14.0625 5528 mdmxsdk - ok
09:32:14.0671 5528 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:32:14.0781 5528 Messenger - ok
09:32:14.0812 5528 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:32:14.0921 5528 mnmdd - ok
09:32:14.0968 5528 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:32:15.0093 5528 mnmsrvc - ok
09:32:15.0125 5528 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:32:15.0203 5528 Modem - ok
09:32:15.0234 5528 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:32:15.0328 5528 Mouclass - ok
09:32:15.0375 5528 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:32:15.0453 5528 MountMgr - ok
09:32:15.0546 5528 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
09:32:15.0609 5528 MozillaMaintenance - ok
09:32:15.0703 5528 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
09:32:15.0796 5528 MpFilter - ok
09:32:15.0812 5528 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:32:15.0921 5528 mraid35x - ok
09:32:16.0000 5528 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:32:16.0156 5528 MRxDAV - ok
09:32:16.0343 5528 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:32:16.0562 5528 MRxSmb - ok
09:32:16.0609 5528 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:32:16.0687 5528 MSDTC - ok
09:32:16.0718 5528 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:32:16.0828 5528 Msfs - ok
09:32:16.0828 5528 MSIServer - ok
09:32:16.0843 5528 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:32:16.0937 5528 MSKSSRV - ok
09:32:17.0015 5528 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Programme\Microsoft Security Client\MsMpEng.exe
09:32:17.0031 5528 MsMpSvc - ok
09:32:17.0046 5528 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:32:17.0109 5528 MSPCLOCK - ok
09:32:17.0125 5528 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:32:17.0218 5528 MSPQM - ok
09:32:17.0250 5528 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:32:17.0328 5528 mssmbios - ok
09:32:17.0390 5528 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:32:17.0421 5528 Mup - ok
09:32:17.0578 5528 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
09:32:17.0765 5528 napagent - ok
09:32:17.0859 5528 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:32:17.0984 5528 NDIS - ok
09:32:18.0015 5528 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:32:18.0046 5528 NdisTapi - ok
09:32:18.0062 5528 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:32:18.0156 5528 Ndisuio - ok
09:32:18.0187 5528 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:32:18.0296 5528 NdisWan - ok
09:32:18.0328 5528 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:32:18.0359 5528 NDProxy - ok
09:32:18.0375 5528 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:32:18.0484 5528 NetBIOS - ok
09:32:18.0562 5528 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:32:18.0703 5528 NetBT - ok
09:32:18.0781 5528 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
09:32:18.0984 5528 NetDDE - ok
09:32:19.0046 5528 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:32:19.0109 5528 NetDDEdsdm - ok
09:32:19.0140 5528 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
09:32:19.0218 5528 Netlogon - ok
09:32:19.0312 5528 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
09:32:19.0406 5528 Netman - ok
09:32:19.0500 5528 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:32:19.0562 5528 NetTcpPortSharing - ok
09:32:20.0500 5528 [ 9B18806954CB7F33B538CBF090562DB2 ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
09:32:22.0437 5528 NETw4x32 - ok
09:32:22.0515 5528 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:32:22.0625 5528 NIC1394 - ok
09:32:22.0734 5528 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
09:32:22.0828 5528 Nla - ok
09:32:22.0859 5528 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:32:22.0953 5528 Npfs - ok
09:32:23.0171 5528 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:32:23.0609 5528 Ntfs - ok
09:32:23.0625 5528 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:32:23.0687 5528 NtLmSsp - ok
09:32:23.0875 5528 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:32:24.0234 5528 NtmsSvc - ok
09:32:24.0265 5528 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:32:24.0343 5528 Null - ok
09:32:25.0109 5528 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:32:26.0578 5528 nv - ok
09:32:26.0593 5528 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:32:26.0687 5528 NwlnkFlt - ok
09:32:26.0703 5528 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:32:26.0796 5528 NwlnkFwd - ok
09:32:26.0843 5528 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:32:26.0953 5528 ohci1394 - ok
09:32:27.0015 5528 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:32:27.0125 5528 Parport - ok
09:32:27.0140 5528 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:32:27.0218 5528 PartMgr - ok
09:32:27.0234 5528 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:32:27.0312 5528 ParVdm - ok
09:32:27.0359 5528 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:32:27.0468 5528 PCI - ok
09:32:27.0468 5528 PCIDump - ok
09:32:27.0484 5528 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:32:27.0562 5528 PCIIde - ok
09:32:27.0625 5528 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:32:27.0718 5528 Pcmcia - ok
09:32:27.0718 5528 PDCOMP - ok
09:32:27.0734 5528 PDFRAME - ok
09:32:27.0734 5528 PDRELI - ok
09:32:27.0734 5528 PDRFRAME - ok
09:32:27.0750 5528 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
09:32:27.0859 5528 perc2 - ok
09:32:27.0859 5528 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:32:27.0953 5528 perc2hib - ok
09:32:28.0015 5528 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
09:32:28.0031 5528 PlugPlay - ok
09:32:28.0078 5528 [ DEDEF40E1D05842639491365CB2C069E ] pmem C:\WINDOWS\System32\drivers\pmemnt.sys
09:32:28.0093 5528 pmem ( UnsignedFile.Multi.Generic ) - warning
09:32:28.0093 5528 pmem - detected UnsignedFile.Multi.Generic (1)
09:32:28.0093 5528 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:32:28.0156 5528 PolicyAgent - ok
09:32:28.0187 5528 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:32:28.0281 5528 PptpMiniport - ok
09:32:28.0312 5528 [ 1D80309FED4BABF8EA9E7B84A394348B ] PROCDD C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
09:32:28.0328 5528 PROCDD - ok
09:32:28.0359 5528 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
09:32:28.0468 5528 Processor - ok
09:32:28.0484 5528 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:32:28.0546 5528 ProtectedStorage - ok
09:32:28.0578 5528 [ CE5114C9D3AB67E6F6F8017C5F975292 ] psadd C:\WINDOWS\system32\DRIVERS\psadd.sys
09:32:28.0593 5528 psadd - ok
09:32:28.0625 5528 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:32:28.0734 5528 PSched - ok
09:32:28.0750 5528 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:32:28.0859 5528 Ptilink - ok
09:32:28.0906 5528 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:32:28.0937 5528 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
09:32:28.0937 5528 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
09:32:28.0968 5528 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:32:29.0062 5528 ql1080 - ok
09:32:29.0078 5528 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:32:29.0187 5528 Ql10wnt - ok
09:32:29.0203 5528 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:32:29.0312 5528 ql12160 - ok
09:32:29.0328 5528 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:32:29.0406 5528 ql1240 - ok
09:32:29.0437 5528 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:32:29.0515 5528 ql1280 - ok
09:32:29.0546 5528 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:32:29.0625 5528 RasAcd - ok
09:32:29.0687 5528 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:32:29.0828 5528 RasAuto - ok
09:32:29.0875 5528 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:32:29.0984 5528 Rasl2tp - ok
09:32:30.0078 5528 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:32:30.0203 5528 RasMan - ok
09:32:30.0218 5528 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:32:30.0296 5528 RasPppoe - ok
09:32:30.0312 5528 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:32:30.0406 5528 Raspti - ok
09:32:30.0468 5528 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:32:30.0625 5528 Rdbss - ok
09:32:30.0625 5528 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:32:30.0718 5528 RDPCDD - ok
09:32:30.0796 5528 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:32:30.0968 5528 rdpdr - ok
09:32:31.0046 5528 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:32:31.0156 5528 RDPWD - ok
09:32:31.0218 5528 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:32:31.0359 5528 RDSessMgr - ok
09:32:31.0390 5528 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:32:31.0500 5528 redbook - ok
09:32:31.0640 5528 [ 83A5D92ACE4465C667D1D55FCDAB2658 ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
09:32:31.0765 5528 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
09:32:31.0765 5528 RegSrvc - detected UnsignedFile.Multi.Generic (1)
09:32:31.0796 5528 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:32:31.0937 5528 RemoteAccess - ok
09:32:31.0968 5528 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:32:32.0078 5528 RemoteRegistry - ok
09:32:32.0109 5528 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
09:32:32.0171 5528 rimmptsk - ok
09:32:32.0203 5528 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
09:32:32.0250 5528 rimsptsk - ok
09:32:32.0281 5528 [ ACE2CE73D7B04EAC48FB80482E05E770 ] risdptsk C:\WINDOWS\system32\DRIVERS\risdptsk.sys
09:32:32.0343 5528 risdptsk - ok
09:32:32.0359 5528 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
09:32:32.0421 5528 rismxdp - ok
09:32:32.0468 5528 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
09:32:32.0578 5528 RpcLocator - ok
09:32:32.0750 5528 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:32:32.0875 5528 RpcSs - ok
09:32:32.0953 5528 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
09:32:33.0078 5528 RSVP - ok
09:32:33.0468 5528 [ 1A0D1E2D62E9306F961A7E08E72028B6 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
09:32:34.0203 5528 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
09:32:34.0203 5528 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
09:32:34.0218 5528 [ E2C6ABCBEFB1D44F6AAEB1CD5D6062D4 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:32:34.0281 5528 s24trans ( UnsignedFile.Multi.Generic ) - warning
09:32:34.0281 5528 s24trans - detected UnsignedFile.Multi.Generic (1)
09:32:34.0312 5528 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
09:32:34.0375 5528 SamSs - ok
09:32:34.0437 5528 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:32:34.0531 5528 SCardSvr - ok
09:32:34.0625 5528 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:32:34.0765 5528 Schedule - ok
09:32:34.0812 5528 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:32:34.0937 5528 Secdrv - ok
09:32:34.0984 5528 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
09:32:35.0078 5528 seclogon - ok
09:32:35.0109 5528 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
09:32:35.0187 5528 SENS - ok
09:32:35.0218 5528 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:32:35.0296 5528 serenum - ok
09:32:35.0343 5528 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:32:35.0468 5528 Serial - ok
09:32:35.0515 5528 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:32:35.0593 5528 Sfloppy - ok
09:32:35.0734 5528 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:32:36.0000 5528 SharedAccess - ok
09:32:36.0062 5528 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:32:36.0078 5528 ShellHWDetection - ok
09:32:36.0140 5528 [ 6873EDC0D75E1E255208442EA3E018C1 ] Shockprf C:\WINDOWS\system32\DRIVERS\Apsx86.sys
09:32:36.0187 5528 Shockprf - ok
09:32:36.0203 5528 Simbad - ok
09:32:36.0234 5528 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:32:36.0312 5528 sisagp - ok
09:32:37.0562 5528 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:32:39.0953 5528 Skype C2C Service - ok
09:32:40.0078 5528 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
09:32:40.0156 5528 SkypeUpdate - ok
09:32:40.0187 5528 [ 350483C5A139F8A39ED3191AFF39BED0 ] smihlp C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
09:32:40.0203 5528 smihlp - ok
09:32:40.0234 5528 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:32:40.0296 5528 Sparrow - ok
09:32:40.0328 5528 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:32:40.0421 5528 splitter - ok
09:32:40.0468 5528 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:32:40.0515 5528 Spooler - ok
09:32:40.0546 5528 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:32:40.0640 5528 sr - ok
09:32:40.0734 5528 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
09:32:40.0937 5528 srservice - ok
09:32:41.0109 5528 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:32:41.0343 5528 Srv - ok
09:32:41.0390 5528 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:32:41.0468 5528 SSDPSRV - ok
09:32:41.0593 5528 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:32:41.0921 5528 stisvc - ok
09:32:42.0000 5528 [ 6B79112C59D6A620299D298FB4BD4AD6 ] SUService c:\programme\lenovo\system update\suservice.exe
09:32:42.0031 5528 SUService ( UnsignedFile.Multi.Generic ) - warning
09:32:42.0031 5528 SUService - detected UnsignedFile.Multi.Generic (1)
09:32:42.0062 5528 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:32:42.0156 5528 swenum - ok
09:32:42.0203 5528 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:32:42.0296 5528 swmidi - ok
09:32:42.0296 5528 SwPrv - ok
09:32:42.0328 5528 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
09:32:42.0406 5528 symc810 - ok
09:32:42.0421 5528 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:32:42.0515 5528 symc8xx - ok
09:32:42.0531 5528 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:32:42.0625 5528 sym_hi - ok
09:32:42.0640 5528 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:32:42.0718 5528 sym_u3 - ok
09:32:42.0828 5528 [ 7C02DB7416D52C02B131D0E3A8D2337C ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:32:43.0046 5528 SynTP - ok
09:32:43.0109 5528 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:32:43.0187 5528 sysaudio - ok
09:32:43.0250 5528 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:32:43.0375 5528 SysmonLog - ok
09:32:43.0484 5528 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:32:43.0640 5528 TapiSrv - ok
09:32:43.0812 5528 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:32:44.0031 5528 Tcpip - ok
09:32:44.0078 5528 [ 109D1F5CD9CC370A87901DB3DDD533F1 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
09:32:44.0078 5528 TcUsb - ok
09:32:44.0109 5528 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:32:44.0187 5528 TDPIPE - ok
09:32:44.0203 5528 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:32:44.0281 5528 TDTCP - ok
09:32:44.0328 5528 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:32:44.0437 5528 TermDD - ok
09:32:44.0562 5528 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
09:32:44.0703 5528 TermService - ok
09:32:44.0781 5528 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
09:32:44.0781 5528 Themes - ok
09:32:45.0187 5528 [ 250BC19D25BC35ABCDFF22E044FB507F ] ThinkVantage Registry Monitor Service C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
09:32:45.0593 5528 ThinkVantage Registry Monitor Service - ok
09:32:45.0656 5528 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:32:45.0781 5528 TlntSvr - ok
09:32:45.0812 5528 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
09:32:45.0906 5528 TosIde - ok
09:32:45.0937 5528 [ 9C72FDD0FA2D3BE3BD5CCA211FB19916 ] TPDIGIMN C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
09:32:45.0953 5528 TPDIGIMN - ok
09:32:46.0000 5528 [ 5068C862446A28CD987A3AAC54F481DA ] TPHDEXLGSVC C:\WINDOWS\system32\TPHDEXLG.exe
09:32:46.0265 5528 TPHDEXLGSVC - ok
09:32:46.0296 5528 [ 542770C8925E13B29B1BA63F05898058 ] TPHKDRV C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
09:32:46.0390 5528 TPHKDRV - ok
09:32:46.0421 5528 [ 44672DE6CEA9569C21C4B7A8D2560750 ] TPPWRIF C:\WINDOWS\system32\drivers\Tppwrif.sys
09:32:46.0468 5528 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
09:32:46.0468 5528 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
09:32:46.0515 5528 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:32:46.0656 5528 TrkWks - ok
09:32:46.0671 5528 [ 6880CC241678CC3A148082C05B1DB786 ] TSMAPIP C:\WINDOWS\system32\drivers\TSMAPIP.SYS
09:32:46.0703 5528 TSMAPIP - ok
09:32:47.0062 5528 [ 778F61836C36BE955D78DB7325F80CC7 ] TSSCoreService C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
09:32:47.0531 5528 TSSCoreService - ok
09:32:47.0781 5528 [ C8DA890DF821DBE5CD5B9A10C6C82D51 ] TVT Backup Protection Service C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe
09:32:48.0109 5528 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - warning
09:32:48.0109 5528 TVT Backup Protection Service - detected UnsignedFile.Multi.Generic (1)
09:32:48.0468 5528 [ 951675971BB6DE44284CCE95F33F7421 ] TVT Backup Service C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
09:32:49.0031 5528 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
09:32:49.0031 5528 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
09:32:49.0515 5528 [ 38A974E3D0D0C09317AF364C8359A6E4 ] TVT Scheduler c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
09:32:50.0718 5528 TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
09:32:50.0718 5528 TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
09:32:50.0781 5528 [ 49258A02A1E8D304ED88B0F1C56B1738 ] tvtfilter C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
09:32:50.0828 5528 tvtfilter - ok
09:32:50.0859 5528 [ C254BFF0A928EA7D5CCDC2522D56FD01 ] TVTI2C C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
09:32:50.0875 5528 TVTI2C - ok
09:32:50.0906 5528 [ 2E72C66682E9274C97AE3F5A57C2FA33 ] tvtnetwk C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
09:32:50.0968 5528 tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
09:32:50.0968 5528 tvtnetwk - detected UnsignedFile.Multi.Generic (1)
09:32:51.0000 5528 [ 0727CCE3FF1A4446F4A1D507361567AB ] TVTPktFilter C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
09:32:51.0078 5528 TVTPktFilter - ok
09:32:51.0140 5528 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:32:51.0250 5528 Udfs - ok
09:32:51.0250 5528 UIUSys - ok
09:32:51.0281 5528 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
09:32:51.0343 5528 ultra - ok
09:32:51.0406 5528 [ AB0A7CA90D9E3D6A193905DC1715DED0 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
09:32:51.0468 5528 UMWdf - ok
09:32:51.0656 5528 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:32:52.0000 5528 Update - ok
09:32:52.0078 5528 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:32:52.0218 5528 upnphost - ok
09:32:52.0250 5528 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
09:32:52.0359 5528 UPS - ok
09:32:52.0390 5528 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:32:52.0484 5528 usbehci - ok
09:32:52.0531 5528 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:32:52.0625 5528 usbhub - ok
09:32:52.0656 5528 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:32:52.0765 5528 usbprint - ok
09:32:52.0796 5528 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:32:52.0890 5528 usbscan - ok
09:32:52.0984 5528 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:32:53.0062 5528 USBSTOR - ok
09:32:53.0109 5528 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:32:53.0187 5528 usbuhci - ok
09:32:53.0218 5528 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:32:53.0312 5528 VgaSave - ok
09:32:53.0343 5528 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:32:53.0437 5528 viaagp - ok
09:32:53.0437 5528 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
09:32:53.0515 5528 ViaIde - ok
09:32:53.0578 5528 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:32:53.0687 5528 VolSnap - ok
09:32:53.0921 5528 [ 80E63B86C40C5E067475DC98F845A6DD ] vpnagent C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
09:32:54.0265 5528 vpnagent - ok
09:32:54.0281 5528 [ EA39F36302DACBCDCDB113313718E768 ] vpnva C:\WINDOWS\system32\DRIVERS\vpnva.sys
09:32:54.0312 5528 vpnva - ok
09:32:54.0453 5528 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
09:32:54.0656 5528 VSS - ok
09:32:54.0750 5528 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
09:32:54.0843 5528 W32Time - ok
09:32:54.0890 5528 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:32:55.0015 5528 Wanarp - ok
09:32:55.0015 5528 WDICA - ok
09:32:55.0062 5528 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:32:55.0171 5528 wdmaud - ok
09:32:55.0218 5528 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:32:55.0390 5528 WebClient - ok
09:32:55.0687 5528 [ 307D248F97835B6879BDD361086924FE ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:32:56.0265 5528 winachsf - ok
09:32:56.0406 5528 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:32:56.0546 5528 winmgmt - ok
09:32:56.0921 5528 [ F2E9FCB970D02E1647E185DA1D2E3CA9 ] WMConnectCDS C:\Programme\Windows Media Connect 2\wmccds.exe
09:32:58.0609 5528 WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning
09:32:58.0609 5528 WMConnectCDS - detected UnsignedFile.Multi.Generic (1)
09:32:58.0671 5528 [ 140EF97B64F560FD78643CAE2CDAD838 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
09:32:58.0828 5528 WmdmPmSN - ok
09:32:59.0093 5528 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:32:59.0343 5528 Wmi - ok
09:32:59.0375 5528 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:32:59.0453 5528 WmiAcpi - ok
09:32:59.0531 5528 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:32:59.0671 5528 WmiApSrv - ok
09:32:59.0687 5528 [ 1385E5AA9C9821790D33A9563B8D2DD0 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
09:32:59.0734 5528 WpdUsb - ok
09:33:00.0093 5528 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:33:00.0640 5528 WPFFontCache_v0400 - ok
09:33:00.0718 5528 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:33:00.0812 5528 wscsvc - ok
09:33:00.0828 5528 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:33:00.0937 5528 wuauserv - ok
09:33:01.0140 5528 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:33:01.0531 5528 WZCSVC - ok
09:33:01.0593 5528 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:33:01.0703 5528 xmlprov - ok
09:33:01.0703 5528 ================ Scan global ===============================
09:33:01.0765 5528 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
09:33:01.0937 5528 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
09:33:02.0093 5528 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
09:33:02.0156 5528 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
09:33:02.0156 5528 [Global] - ok
09:33:02.0156 5528 ================ Scan MBR ==================================
09:33:02.0187 5528 [ 32343790F0648F49C6704A6A9E366586 ] \Device\Harddisk0\DR0
09:33:02.0718 5528 \Device\Harddisk0\DR0 - ok
09:33:02.0718 5528 ================ Scan VBR ==================================
09:33:02.0718 5528 [ A6D007E2D3718C9A3AE2EB7E091244F5 ] \Device\Harddisk0\DR0\Partition1
09:33:02.0718 5528 \Device\Harddisk0\DR0\Partition1 - ok
09:33:02.0718 5528 ============================================================
09:33:02.0718 5528 Scan finished
09:33:02.0718 5528 ============================================================
09:33:02.0828 5484 Detected object count: 34
09:33:02.0828 5484 Actual detected object count: 34
09:33:27.0125 5484 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0125 5484 AcPrfMgrSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 AcSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 AcSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 btwdins ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 btwdins ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 ColorZillaStatsUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 Diskeeper ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 Diskeeper ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0140 5484 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0140 5484 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 TVT Backup Protection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:33:27.0156 5484 WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user
09:33:27.0156 5484 WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:34:19.0687 4572 Deinitialize success
|
|
16.03.2013, 19:04
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Bitte MBAR nochmal probieren, die Meldung besagt dass du Windows neu starten musst damit MBAR starten kann
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 07:45
| #8 |
| | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Hallo! Mbar hat jetzt funktioniert. Jedoch habe in dem mit WinRar geöffneten Ordner keine Logfiles gefunden. Wo könnten diese sein? |
|
18.03.2013, 11:46
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Hast du die Anleitung nicht gelesen? Du musst das MBAR-Archiv logischerweise erstmal komplett entpacken, dann kannst du in den entpackten Ordner und von dort aus MBAR starten. Dann erstellt es dir auch das Log da rein
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 22:04
| #10 | |
| | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Hallo! Zitat:
Hier die noch ausstehende Log-File Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.18.12
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Alex :: LENOVO-80D7E2D4 [administrator]
18.03.2013 21:54:40
mbar-log-2013-03-18 (21-54-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26642
Time elapsed: 2 hour(s), 9 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Schönen Abend noch und sorry für meine PC-Tollpatschigkeit |
|
19.03.2013, 00:02
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Ist soweit unauffällig JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2013, 18:34
| #12 |
| | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Hallo! hier die gewünschten Logfiles: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Alex on 22.03.2013 at 17:26:08,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1870837180-2808861349-3579745600-1005\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc
Successfully deleted: [Registry Key] hkey_classes_root\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\babylon
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\b
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\babylon.dskbnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\3192aa38321c641458dbdaf83979d193
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\s
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{291bccc1-6890-484a-89d3-318c928dac1b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2eecd738-5844-4a99-b4b6-146bf802613b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{97f2ff5b-260c-4ccf-834a-2dda4e29e39e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{98889811-442d-49dd-99d7-dc866be87dbc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b8276a94-891d-453c-9ff3-715c042a2575}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ffb9adcb-8c79-4c29-81d3-74d46a93d370}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\babylon"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\babylontoolbar"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\drivercure"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\speedypc software"
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\toolbar4"
Successfully deleted: [Folder] "C:\Programme\babylontoolbar"
Successfully deleted: [Folder] "C:\Programme\speedypc software"
Successfully deleted: [Folder] "C:\Programme\Gemeinsame Dateien\speedypc software"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Programme\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\mozilla\firefox\profiles\lzbe10s2.default\user.js
Successfully deleted: [Folder] C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\mozilla\firefox\profiles\lzbe10s2.default\smartbar
Successfully deleted: [Folder] C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\mozilla\firefox\profiles\lzbe10s2.default\extensions\{c9b68337-e93a-44ea-94dc-cb300ec06444}
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\webbooster@iminent.com
Successfully deleted the following from C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\mozilla\firefox\profiles\lzbe10s2.default\prefs.js
user_pref("CT3201318.1000082.isPlayDisplay", "true");
user_pref("CT3201318.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
user_pref("CT3201318.1000234.TWC_TMP_city", "KOELN");
user_pref("CT3201318.1000234.TWC_TMP_country", "DE");
user_pref("CT3201318.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3201318.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3201318.FirstTime", "true");
user_pref("CT3201318.FirstTimeFF3", "true");
user_pref("CT3201318.UserID", "UN98576157915795937");
user_pref("CT3201318.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3201318.embeddedsData", "[{\"appId\":\"129768733323172459\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3201318.enableAlerts", "never");
user_pref("CT3201318.event_data", "%5B%5D");
user_pref("CT3201318.fired_events", "");
user_pref("CT3201318.firstTimeDialogOpened", "true");
user_pref("CT3201318.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3201318.fixUrls", true);
user_pref("CT3201318.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3201318.isNewTabEnabled", true);
user_pref("CT3201318.isPerformedSmartBarTransition", "true");
user_pref("CT3201318.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3201318.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3201318.key_date", "15");
user_pref("CT3201318.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://FLVRunner.Our
user_pref("CT3201318.search.searchAppId", "129768733323172459");
user_pref("CT3201318.search.searchCount", "0");
user_pref("CT3201318.searchInNewTabEnabledInHidden", "true");
user_pref("CT3201318.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3201318.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3201318.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3201318\"}");
user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FLVRunner.OurToolbar.com//xpi\"}");
user_pref("CT3201318.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FLV Runner\"}");
user_pref("CT3201318.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3201318.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3201318.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1342357971005");
user_pref("CT3201318.serviceLayer_services_appTracking_lastUpdate", "1342357972065");
user_pref("CT3201318.serviceLayer_services_appsMetadata_lastUpdate", "1342357970967");
user_pref("CT3201318.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1342357971306");
user_pref("CT3201318.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345908985069");
user_pref("CT3201318.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352026287264");
user_pref("CT3201318.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "1342357971696");
user_pref("CT3201318.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "1342357971765");
user_pref("CT3201318.serviceLayer_services_optimizer_lastUpdate", "1342357971267");
user_pref("CT3201318.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1342357971377");
user_pref("CT3201318.serviceLayer_services_searchAPI_lastUpdate", "1342357970613");
user_pref("CT3201318.serviceLayer_services_serviceMap_lastUpdate", "1352026286883");
user_pref("CT3201318.serviceLayer_services_toolbarContextMenu_lastUpdate", "1342357971083");
user_pref("CT3201318.serviceLayer_services_toolbarSettings_lastUpdate", "1352039625520");
user_pref("CT3201318.serviceLayer_services_translation_lastUpdate", "1352026286981");
user_pref("CT3201318.settingsINI", true);
user_pref("CT3201318.smartbar.CTID", "CT3201318");
user_pref("CT3201318.smartbar.Uninstall", "0");
user_pref("CT3201318.smartbar.isHidden", true);
user_pref("CT3201318.smartbar.toolbarName", "FLV Runner ");
user_pref("CT3201318.toolbarBornServerTime", "15-7-2012");
user_pref("CT3201318.toolbarCurrentServerTime", "4-11-2012");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958");
user_pref("extensions.BabylonToolbar_i.hardId", "3455b0d000000000000000215c46380d");
user_pref("extensions.BabylonToolbar_i.id", "3455b0d000000000000000215c46380d");
user_pref("extensions.BabylonToolbar_i.instlDay", "15534");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:33:13");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Emptied folder: C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\mozilla\firefox\profiles\lzbe10s2.default\minidumps [1 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.03.2013 at 17:30:17,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 22/03/2013 um 18:02:05 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Alex - LENOVO-80D7E2D4
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Alex\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\DOKUME~1\Alex\LOKALE~1\Temp\BabylonToolbar
Ordner Gelöscht : C:\DOKUME~1\Alex\LOKALE~1\Temp\Iminent
Ordner Gelöscht : C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\lzbe10s2.default\CT3201318
Ordner Gelöscht : C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\lzbe10s2.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
***** [Internet Browser] *****
-\\ Internet Explorer v7.0.6000.17123
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0.1 (de)
Datei : C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\lzbe10s2.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v25.0.1364.172
Datei : C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [11537 octets] - [22/03/2013 18:02:05]
########## EOF - C:\AdwCleaner[S1].txt - [11598 octets] ##########
Code:
ATTFilter OTL logfile created on: 22.03.2013 18:14:58 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Alex\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,59% Memory free 4,82 Gb Paging File | 4,06 Gb Available in Paging File | 84,40% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 461,45 Gb Total Space | 336,13 Gb Free Space | 72,84% Space Free | Partition Type: NTFS Unable to calculate disk information. Computer Name: LENOVO-80D7E2D4 | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - c:\Programme\Microsoft Security Client\MpCmdRun.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStatsUpdater.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe () PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) PRC - c:\Programme\Lenovo\System Update\SUService.exe ( ) PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe (InstallShield Software Corporation) ========== Modules (No Company Name) ========== MOD - C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll () MOD - C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll () MOD - C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.172\pdf.dll () MOD - C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_fb004263\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_6489d234\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll () MOD - C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStatsUpdater.exe () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Lenovo\NPDIRECT\tpfnf7.dll () MOD - C:\Programme\ThinkVantage\PrdCtr\GR\LPRESMGR.DLL () MOD - C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll () MOD - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () MOD - C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe () MOD - C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll () MOD - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () MOD - C:\Programme\Gemeinsame Dateien\Lenovo\xml4cmessages5_5.dll () MOD - C:\Programme\Lenovo\HOTKEY\HKVOLKEY.dll () MOD - C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL () MOD - C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL () MOD - C:\Programme\Lenovo\HOTKEY\tphklock.dll () MOD - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.dll () MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Skype C2C Service) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (ColorZillaStatsUpdater) -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStatsUpdater.exe () SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TVT Scheduler) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe ( ) SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\Installshield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (MpKsl01f368b1) -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{7B442D0F-1932-4C56-AF48-61B5F4A8FFE0}\MpKsl01f368b1.sys (Microsoft Corporation) DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys () DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.) DRV - (acsmux) -- C:\WINDOWS\system32\drivers\acsmux.sys (Cisco Systems, Inc.) DRV - (acsint) -- C:\WINDOWS\system32\drivers\acsint.sys (Cisco Systems, Inc.) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (NETw4x32) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (smihlp) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys () DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.) DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC) DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1870837180-2808861349-3579745600-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1870837180-2808861349-3579745600-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1870837180-2808861349-3579745600-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1870837180-2808861349-3579745600-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1870837180-2808861349-3579745600-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1870837180-2808861349-3579745600-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKU\S-1-5-21-1870837180-2808861349-3579745600-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1870837180-2808861349-3579745600-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@alternatiff.com/AlternaTIFF: C:\Programme\MIE\AlternaTIFF\npzzatif.dll (Medical Informatics Engineering, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2012.01.12 14:20:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.09 17:30:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.11 22:39:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Extensions [2013.03.22 18:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\lzbe10s2.default\extensions [2012.07.13 08:33:17 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Mozilla\Firefox\Profiles\lzbe10s2.default\extensions\stats@colorzilla.com [2012.09.09 17:29:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.31 19:59:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALEX\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LZBE10S2.DEFAULT\EXTENSIONS\{3BBD3C14-4C16-4989-8366-95BC9179779D} [2012.09.09 17:30:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.02 10:52:21 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.172\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Babylon ToolBar (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll CHR - plugin: AlternaTIFF (Enabled) = C:\Programme\MIE\AlternaTIFF\npzzatif.dll CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: ColorZillaStats = C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cgfambohdeocadlemmdceabhlgccijal\2.7.12_0\ O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (ColorZillaStats) - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1870837180-2808861349-3579745600-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Alex\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1870837180-2808861349-3579745600-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Citavi Picker... - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.79.200.200 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2141362-64D6-4F9E-9E26-19BBB3C044F3}: DhcpNameServer = 130.79.200.200 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Programme\Lenovo\HOTKEY\notifyf2.dll) - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (C:\Programme\Lenovo\HOTKEY\tphklock.dll) - C:\Programme\Lenovo\HOTKEY\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.03.22 17:25:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.03.22 17:25:13 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.22 17:24:44 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Alex\Desktop\JRT.exe [2013.03.20 22:00:11 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013.03.20 22:00:11 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [2013.03.18 19:42:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Desktop\mbar-1.01.0.1021 (1) [2013.03.16 09:30:09 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Alex\Desktop\tdsskiller.exe [2013.03.14 18:03:34 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Alex\Desktop\aswMBR.exe [2013.03.13 08:31:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe [2013.03.13 00:34:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.03.13 00:12:57 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group [2013.03.13 00:12:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard [2013.03.13 00:07:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Startmenü\Programme\SpeedyPC Software [2013.03.13 00:07:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedyPC Software [2013.03.12 23:40:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Malwarebytes [2013.03.12 23:40:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.03.12 23:40:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.03.12 23:40:21 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.03.12 23:40:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.03.10 18:50:58 | 000,000,000 | ---D | C] -- C:\_SMA [2013.03.04 20:31:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2013.03.04 20:31:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2013.03.04 12:59:24 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2013.03.04 12:59:24 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2013.03.04 12:59:23 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2013.02.20 23:05:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Alex\Desktop\Stuererklaerung [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.22 18:16:01 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013.03.22 18:10:38 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2013.03.22 18:08:07 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2013.03.22 18:06:46 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job [2013.03.22 18:06:16 | 000,025,304 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2013.03.22 18:05:50 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2013.03.22 18:05:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.03.22 18:00:43 | 000,609,993 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\adwcleaner.exe [2013.03.22 18:00:03 | 000,000,474 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job [2013.03.22 17:48:01 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2013.03.22 17:24:15 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Alex\Desktop\JRT.exe [2013.03.22 17:04:00 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1870837180-2808861349-3579745600-1005UA.job [2013.03.22 16:59:16 | 000,015,428 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Brief_Societe_Histoire_Quatre_Cantons.odt [2013.03.21 14:56:18 | 000,000,150 | -H-- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\.~lock.Tabak_Bestaende_ADBS.odt# [2013.03.20 23:04:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1870837180-2808861349-3579745600-1005Core.job [2013.03.20 20:51:16 | 000,009,651 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\strasbour-paris.odt [2013.03.19 19:39:54 | 008,861,030 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\festgabedenthei00apotgoog.pdf [2013.03.18 19:43:38 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.03.16 09:29:36 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Alex\Desktop\tdsskiller.exe [2013.03.15 08:52:04 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.03.15 08:50:51 | 000,022,218 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Tabak_Bestaende_ADBS.odt [2013.03.14 22:45:34 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\MBR.dat [2013.03.14 18:03:15 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Alex\Desktop\aswMBR.exe [2013.03.14 17:56:09 | 013,786,977 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\mbar-1.01.0.1021 (1).zip [2013.03.14 17:46:50 | 013,786,977 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\mbar-1.01.0.1021.zip [2013.03.14 07:43:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.03.13 10:09:38 | 000,002,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Google Chrome.lnk [2013.03.13 08:50:07 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\gmer_2.1.19155.exe [2013.03.13 08:17:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Alex\Desktop\OTL.exe [2013.03.13 08:16:21 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\defogger_reenable [2013.03.13 00:59:58 | 000,008,245 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Trojaner_Board.odt [2013.03.13 00:07:26 | 000,000,833 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\SpeedyPC Pro.lnk [2013.03.13 00:07:25 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job [2013.03.13 00:07:25 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job [2013.03.12 23:40:30 | 000,000,763 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.12 16:25:09 | 000,008,887 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Festplatte_media_markt.odt [2013.03.11 00:07:41 | 000,044,139 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\EINSEHEN_BNUS.odt [2013.03.09 16:24:50 | 000,109,738 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\MFB-Buchung-1225988.pdf [2013.03.08 22:10:26 | 000,020,621 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\BNUS_EINSEHEN_09_03_2013.odt [2013.03.04 20:31:28 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2013.02.27 10:36:13 | 000,019,277 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\EINZUSEHEN.odt [2013.02.25 21:29:23 | 009,122,908 | ---- | M] () -- C:\Dokumente und Einstellungen\Alex\Desktop\EOS_400D_HWG_deu.pdf [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.22 18:01:07 | 000,609,993 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\adwcleaner.exe [2013.03.22 14:30:25 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Brief_Societe_Histoire_Quatre_Cantons.odt [2013.03.21 14:56:18 | 000,000,150 | -H-- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\.~lock.Tabak_Bestaende_ADBS.odt# [2013.03.20 20:51:10 | 000,009,651 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\strasbour-paris.odt [2013.03.19 19:39:49 | 008,861,030 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\festgabedenthei00apotgoog.pdf [2013.03.18 19:43:38 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.03.14 22:45:34 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\MBR.dat [2013.03.14 17:56:27 | 013,786,977 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\mbar-1.01.0.1021 (1).zip [2013.03.14 17:47:13 | 013,786,977 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\mbar-1.01.0.1021.zip [2013.03.13 08:50:30 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\gmer_2.1.19155.exe [2013.03.13 08:16:21 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\defogger_reenable [2013.03.13 00:59:56 | 000,008,245 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Trojaner_Board.odt [2013.03.13 00:07:40 | 000,000,474 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job [2013.03.13 00:07:26 | 000,000,833 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\SpeedyPC Pro.lnk [2013.03.13 00:07:25 | 000,000,498 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job [2013.03.13 00:07:25 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job [2013.03.13 00:07:23 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job [2013.03.12 23:40:30 | 000,000,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.12 16:25:08 | 000,008,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Festplatte_media_markt.odt [2013.03.09 16:24:49 | 000,109,738 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\MFB-Buchung-1225988.pdf [2013.03.08 22:10:25 | 000,020,621 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\BNUS_EINSEHEN_09_03_2013.odt [2013.03.04 09:31:31 | 000,022,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\Tabak_Bestaende_ADBS.odt [2013.03.03 21:15:34 | 000,044,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\EINSEHEN_BNUS.odt [2013.02.25 21:28:50 | 009,122,908 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Desktop\EOS_400D_HWG_deu.pdf [2012.06.21 22:45:30 | 000,132,066 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1870837180-2808861349-3579745600-1005-0.dat [2012.06.21 22:45:29 | 000,132,066 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.02.15 12:29:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.16 12:11:21 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.11 11:03:26 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.10.05 22:14:58 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2011.10.05 14:49:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2011.10.05 14:40:51 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2011.10.05 14:40:11 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe [2011.10.05 14:35:34 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.10.05 14:34:10 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2011.10.05 14:34:10 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2011.10.05 14:34:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2011.10.05 14:34:10 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2011.10.05 14:34:10 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2011.10.05 14:34:10 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2011.10.05 14:28:47 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2011.10.05 14:28:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll [2011.10.05 14:26:09 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE [2011.10.05 14:26:09 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2011.10.05 14:25:32 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2011.10.05 14:25:32 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [2011.10.05 14:25:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [2011.10.05 14:25:32 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2011.10.05 14:24:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2011.10.05 14:20:58 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config ========== ZeroAccess Check ========== [2006.01.27 18:19:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.03.2013 18:14:58 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Alex\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,59% Memory free
4,82 Gb Paging File | 4,06 Gb Available in Paging File | 84,40% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 461,45 Gb Total Space | 336,13 Gb Free Space | 72,84% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Computer Name: LENOVO-80D7E2D4 | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1870837180-2808861349-3579745600-1005\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.HKFOLL7VPGQF5X3LMN23O4WH5E] -- C:\Dokumente und Einstellungen\Alex\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Spotify\spotify.exe" = C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Spotify\spotify.exe:*:Enabled:Spotify
"C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Alex\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{604CD5A1-4520-4844-B064-A3D884B77E91}" = SpeedyPC Pro
"{628ED0F8-590B-49CF-A525-A1696BD79304}" = Cisco AnyConnect Secure Mobility Client
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AwayTask" = Maintenance Manager
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"ElsterFormular" = ElsterFormular
"F13EE0B22AD5D087DFA50E3D4D6F13FC1AAAFB32" = Windows-Treiberpaket - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"FBReader for Windows" = FBReader for Windows
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Kyocera Product Library" = Kyocera Product Library
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 1.1.11
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WMCSetup" = Windows Media Connect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1870837180-2808861349-3579745600-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.03.2013 13:05:51 | Computer Name = LENOVO-80D7E2D4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
Error - 15.03.2013 08:09:53 | Computer Name = LENOVO-80D7E2D4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 8.0.0.456, fehlgeschlagenes
Modul acrord32.dll, Version 8.0.0.456, Fehleradresse 0x000c8405.
Error - 18.03.2013 12:18:27 | Computer Name = LENOVO-80D7E2D4 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 18.03.2013 12:18:32 | Computer Name = LENOVO-80D7E2D4 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 19.03.2013 02:32:44 | Computer Name = LENOVO-80D7E2D4 | Source = MsiInstaller | ID = 11609
Description =
Error - 19.03.2013 10:08:46 | Computer Name = LENOVO-80D7E2D4 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 20.03.2013 02:50:56 | Computer Name = LENOVO-80D7E2D4 | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 21.03.2013 12:22:50 | Computer Name = LENOVO-80D7E2D4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 8.0.0.456, fehlgeschlagenes
Modul acrord32.dll, Version 8.0.0.456, Fehleradresse 0x000c8405.
Error - 22.03.2013 11:57:28 | Computer Name = LENOVO-80D7E2D4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 8.0.0.456, fehlgeschlagenes
Modul acrord32.dll, Version 8.0.0.456, Fehleradresse 0x000c8405.
Error - 22.03.2013 12:22:20 | Computer Name = LENOVO-80D7E2D4 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
P4 4.2.223.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
NIL.
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 22.03.2013 13:06:20 | Computer Name = LENOVO-80D7E2D4 | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 22.03.2013 13:08:56 | Computer Name = LENOVO-80D7E2D4 | Source = acvpnui | ID = 67108866
Description = Function: PreferenceMgr::loadPreferences File: .\PreferenceMgr.cpp Line:
967 Invoked Function: PreferenceInfo::getPreference Return Code: 0 (0x00000000) Description:
AutoConnectOnStart
Error - 22.03.2013 13:09:01 | Computer Name = LENOVO-80D7E2D4 | Source = acvpnui | ID = 67108866
Description = Function: MFDartBox::getDARTInstallDir File: .\MFDartBox.cpp Line: 328
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 22.03.2013 13:09:02 | Computer Name = LENOVO-80D7E2D4 | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1421 NULL object. Cannot establish a connection at this time.
Error - 22.03.2013 13:10:46 | Computer Name = LENOVO-80D7E2D4 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 22.03.2013 13:10:46 | Computer Name = LENOVO-80D7E2D4 | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL
Error - 22.03.2013 13:10:46 | Computer Name = LENOVO-80D7E2D4 | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL
Error - 22.03.2013 13:10:47 | Computer Name = LENOVO-80D7E2D4 | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionWinInet::HandleError File: .\Utility\HttpSession_wininet.cpp
Line:
1050 Invoked Function: CHttpSessionWinInet::HandleError Return Code: 12007 (0x00002EE7)
Description:
The server name or address could not be resolved
Error - 22.03.2013 13:10:47 | Computer Name = LENOVO-80D7E2D4 | Source = acvpnagent | ID = 67108866
Description = Function: CFileUploader::PostDataGetResponse File: ..\FileUploader.cpp
Line:
407 Invoked Function: CFileUploader::SendHttpRequest Return Code: -29032423 (0xFE450019)
Description:
HTTP_SESSION_ERROR_DNS_RESOLUTION
Error - 22.03.2013 13:10:47 | Computer Name = LENOVO-80D7E2D4 | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::PostDataFile File: ..\PhoneHomeAgent.cpp
Line:
1649 Invoked Function: CFileUploader::PostDataGetResponse Return Code: -29032423
(0xFE450019) Description: HTTP_SESSION_ERROR_DNS_RESOLUTION Failed to post customer
experence feedback data (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco\Cisco
AnyConnect Secure Mobility Client\CustomerExperienceFeedback\outbound\feedback_data1.cef)
[ System Events ]
Error - 17.03.2013 14:06:19 | Computer Name = LENOVO-80D7E2D4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1811
Error - 18.03.2013 02:19:28 | Computer Name = LENOVO-80D7E2D4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1811
Error - 18.03.2013 02:42:10 | Computer Name = LENOVO-80D7E2D4 | Source = System Error | ID = 1003
Description = Fehlercode 40000080, 1. Parameter 8ab17130, 2. Parameter 8a6342b0,
3. Parameter 805512b8, 4. Parameter 00000001.
Error - 19.03.2013 02:33:30 | Computer Name = LENOVO-80D7E2D4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1811
Error - 19.03.2013 05:56:28 | Computer Name = LENOVO-80D7E2D4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1811
Error - 21.03.2013 03:05:33 | Computer Name = LENOVO-80D7E2D4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1811
Error - 21.03.2013 09:05:26 | Computer Name = LENOVO-80D7E2D4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1811
Error - 22.03.2013 02:31:45 | Computer Name = LENOVO-80D7E2D4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1811
Error - 22.03.2013 07:06:34 | Computer Name = LENOVO-80D7E2D4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1811
Error - 22.03.2013 13:07:56 | Computer Name = LENOVO-80D7E2D4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1811
< End of report >
Axl |
|
22.03.2013, 18:36
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.03.2013, 14:50
| #14 |
| | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Hallo! Habe beide Scans ausgeführt. Freut mich zu hören, dass anscheinend nichts in Richtung Trojaner den Computer angegriffen hat. Jedoch bleiben folgende Symptome, die weiterhin auftreten: - Meldung Netzwerkkabel sei nicht angeschlossen, auch wenn die Verbindung weiterhin besteht und funktioniert - Systemabstürze - PC fährt in den Ruhemodus während ich daran arbeite Wüsstest du vielleicht, woran das sonst noch liegen könnte? Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.23.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 7.0.5730.11 Alex :: LENOVO-80D7E2D4 [Administrator] 23.03.2013 08:54:56 mbam-log-2013-03-23 (08-54-56).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 224903 Laufzeit: 32 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=84eb979fcc295d4f974bb8c2ed369dd4
# engine=13465
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-23 12:02:01
# local_time=2013-03-23 01:02:01 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 88 94 2783249 28156582 0 0
# scanned=102230
# found=0
# cleaned=0
# scan_time=12167
Besten Gruss Axl |
|
23.03.2013, 16:58
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Sind meine Systemabstürze verursacht von PUP.BundleInstaller.SOL? |
| akku-defekt meldung, bho, browser, compu, computer, einstellungen, explorer, festplatte, firefox, format, google, homepage, infizierte, installation, laufe, laufen, logfile, malwarebytes, monitor, mozilla, object, objekte, pdf, pup.bundleinstaller.sol, registry, ruhemodus, scan, security, senden, software, systemabstürze, tagen, temp, trojaner |
Linear-Darstellung
