|
Log-Analyse und Auswertung: Lanmanworkstation / Mediyes.F beseitigenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.09.2013, 12:59 | #1 |
| Lanmanworkstation / Mediyes.F beseitigen Hi, habe seit gestern ein Problem. Beim Hochfahren friert der Laptop für 10min ein und macht dann weiter. Im Ereignissprotokoll finde ich nur diese Fehlermeldung (siehe Anhang). Nach erstem suchen scheint ein Virus dafür verantwortlich zu sein. Anbei die Log Files von FRST. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-09-2013 Ran by ThinkPad User (administrator) on X60T-09E40DF847 on 19-09-2013 13:15:35 Running from C:\Dokumente und Einstellungen\ThinkPad User\Desktop\Download Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe (Microsoft Corporation) c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\KeyboardSurrogate.exe (Microsoft Corporation) C:\WINDOWS\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\WINDOWS\System32\tabbtnu.exe (Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) C:\Programme\LENOVO\HOTKEY\tposdsvc.exe (Lenovo Group Limited) C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Programme\Lenovo\Zoom\TpScrex.exe (Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\TCServer.exe (Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Acronis) C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe (Lenovo Group Limited) C:\Programme\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe (Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe (Lenovo.) C:\Programme\ThinkPad\Utilities\DOZESVC.EXE (Intel(R) Corporation) C:\Programme\Intel\WiFi\bin\EvtEng.exe (IBM Corporation) C:\WINDOWS\system32\tp4mon.exe (Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\TabTip.exe (Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo.) C:\WINDOWS\system32\TpShocks.exe (Lenovo Group Limited) C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Ltd.) C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Microsoft Corporation) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo Group Limited) C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (Lenovo Group Limited) C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe (Analog Devices, Inc.) C:\Programme\Analog Devices\Core\smax4pnp.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Analog Devices, Inc.) C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Lenovo Group Limited) C:\Programme\ThinkPad\Tablettverknüpfungen\TSMRESIDENT.EXE (Lenovo Group Limited) C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe (Acronis) C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Microsoft Corporation) C:\Programme\Microsoft Security Client\msseces.exe (Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (shbox.de) C:\Programme\FreePDF_XP\fpassist.exe (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Oracle Corporation) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Programme\RocketDock\RocketDock.exe (Native Instruments GmbH) C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe (Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Malwarebytes Corporation) C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Lenovo Group Limited) C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe (Raxco Software, Inc.) D:\Programme\Raxco\PerfectDisk\PDAgent.exe (Lenovo ) C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (HP) C:\WINDOWS\system32\HPZipm12.exe (Intel(R) Corporation) C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) C:\Programme\ThinkPad\Tablettverknüpfungen\TSMService.exe (Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe () C:\WINDOWS\system32\TpKmpSVC.exe () C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe (Lenovo Group Limited) C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe () C:\WINDOWS\system32\U2VSvr.exe (Sony DADC Austria AG.) C:\WINDOWS\system32\UAService7.exe () C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe (Magic Control Technology Corporation) C:\WINDOWS\system32\MTri1+.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Broadcom Corporation.) C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Raxco Software, Inc.) C:\Programme\Gemeinsame Dateien\Raxco\Shared\PDEngine.exe (Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe (Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [TrackPointSrv] - C:\Windows\system32\tp4mon.exe [82944 2008-04-14] (IBM Corporation) HKLM\...\Run: [TabletWizard] - C:\WINDOWS\help\SplshWrp.exe [16384 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [TabletTip] - C:\Programme\Gemeinsame Dateien\microsoft shared\ink\tabtip.exe [271872 2008-04-14] (Microsoft Corporation) HKLM\...\Run: [TVT Scheduler Proxy] - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [1093632 2010-12-10] (Lenovo Group Limited) HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [337256 2010-07-01] (Lenovo.) HKLM\...\Run: [LenovoAutoScrollUtility] - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe [43960 2010-04-01] (Lenovo Group Limited) HKLM\...\Run: [TPKMAPHELPER] - C:\Programme\ThinkPad\Utilities\TpKmapAp.exe [868352 2007-01-09] (Lenovo) HKLM\...\Run: [EZEJMNAP] - C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [256576 2009-12-01] (Lenovo Group Ltd.) HKLM\...\Run: [ACTray] - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [425984 2010-09-17] (Lenovo ) HKLM\...\Run: [LPManager] - C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [185688 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [LPMailChecker] - C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe [124248 2009-07-23] (Lenovo Group Limited) HKLM\...\Run: [TP4EX] - C:\Windows\system32\tp4ex.exe [65536 2005-10-17] (Lenovo Group Limited) HKLM\...\Run: [AwaySch] - C:\Programme\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited) HKLM\...\Run: [SoundMAXPnP] - C:\Programme\Analog Devices\Core\smax4pnp.exe [925696 2005-05-20] (Analog Devices, Inc.) HKLM\...\Run: [SoundMAX] - C:\Programme\Analog Devices\SoundMAX\Smax4.exe [716800 2005-05-06] (Analog Devices, Inc.) HKLM\...\Run: [TSMResident] - C:\Programme\ThinkPad\Tablettverknüpfungen\TSMRESIDENT.EXE [476520 2010-03-29] (Lenovo Group Limited) HKLM\...\Run: [TabletButton] - C:\Programme\ThinkPad\Tablettverknüpfungen\TabletButton.EXE [58728 2010-03-29] (Lenovo Group Limited ) HKLM\...\Run: [LENTBCTL] - C:\Programme\ThinkPad\Tablettverknüpfungen\LENTBCTL.EXE [1230184 2010-03-29] (Lenovo Group Limited) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [TPFNF7] - C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe [62312 2010-03-26] (Lenovo Group Limited) HKLM\...\Run: [PWRMGRTR] - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor HKLM\...\Run: [VirtualCloneDrive] - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG) HKLM\...\Run: [TrueImageMonitor.exe] - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe [5587672 2011-06-28] (Acronis) HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe [395344 2011-06-28] (Acronis) HKLM\...\Run: [Adobe ARM] - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] - c:\Programme\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation) HKLM\...\Run: [GzSnd] - %ProgramFiles%\Gunze\GZTP_Pack\GzSnd.exe HKLM\...\Run: [FreePDF Assistant] - C:\Programme\FreePDF_XP\fpassist.exe [371200 2011-02-23] (shbox.de) HKLM\...\Run: [Util] - C:\WINDOWS\system32\Util.exe [184320 2009-02-09] () HKLM\...\Run: [CMS] - C:\Programme\CMS\EXE\Open.exe [325632 2010-11-25] () HKLM\...\Run: [QuickTime Task] - C:\Programme\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) Winlogon\Notify\ACNotify: C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) Winlogon\Notify\loginkey: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation) Winlogon\Notify\psfus: C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.) Winlogon\Notify\TabBtnWL: C:\Windows\system32\TabBtnWL.dll (Microsoft Corporation) Winlogon\Notify\tpgwlnotify: C:\Windows\system32\tpgwlnot.dll (Microsoft Corporation) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKCU\...\Run: [RocketDock] - C:\Programme\RocketDock\RocketDock.exe [495616 2007-09-02] () MountPoints2: {14dd29ce-8f9e-11e1-8845-0018deba06a7} - F:\AutoRun.exe MountPoints2: {14dd29d2-8f9e-11e1-8845-0018deba06a7} - F:\AutoRun.exe MountPoints2: {2c0497f1-b769-11e0-872c-0018deba06a7} - E:\LaunchU3.exe -a MountPoints2: {7cbec69c-97aa-11e1-8857-0018deba06a7} - E:\AutoRun.exe MountPoints2: {7cbec69d-97aa-11e1-8857-0018deba06a7} - E:\AutoRun.exe MountPoints2: {7cbec69f-97aa-11e1-8857-0018deba06a7} - E:\AutoRun.exe MountPoints2: {c8680f6e-784b-11e1-8820-0018deba06a7} - E:\LaunchU3.exe -a MountPoints2: {e0afe98a-d309-11e0-873c-0018deba06a7} - E:\AutoRun.exe HKU\Administrator\...\Run: [TabletWizard] - %windir%\help\wizard.hta HKU\Default User\...\Run: [TabletWizard] - %windir%\help\wizard.hta Lsa: [Notification Packages] scecli ACGina C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk ShortcutTarget: BTTray.lnk -> C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Programme\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SolidWorks Hintergrund-Downloader.lnk ShortcutTarget: SolidWorks Hintergrund-Downloader.lnk -> C:\Programme\Gemeinsame Dateien\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) BootExecute: PDBoot.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0136D2DA-3DBA-40B7-8A85-2D65A8E2B940} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {0136D2DA-3DBA-40B7-8A85-2D65A8E2B940} URL = hxxp://www.google.de/search?q={searchTerms} SearchScopes: HKCU - {6D4F0B2F-571B-4299-9D4F-02ADE3662E7E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU -&Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation) DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1DB93715-3B60-43EE-93E6-279BB3E1DF76} hxxp://91.57.35.64/cab/OCXChecker_6110.cab DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} hxxp://192.168.2.100/RemoteWeb.cab DPF: {542CB1D4-810D-4864-8F91-D530B50E89AE} hxxp://192.168.2.100/Components.cab DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} hxxp://192.168.2.100/VideoViewer.cab DPF: {7B40618E-CC3D-4E7C-800A-E0306DD8BD48} hxxp://192.168.0.100:5000/AVC_AX_757.cab DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} hxxp://192.168.0.110:10000/AVC_AX_742.cab DPF: {9B479D7B-916A-45B0-B042-D42865A60E21} hxxp://192.168.0.10/DvrOcx.cab DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} hxxp://87.158.23.93/cab/OCXChecker_8000.cab DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} hxxp://192.168.178.10/HiDvrOcx.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\Mozilla\Firefox\Profiles\zd9ts67c.default FF DefaultSearchEngine: Yahoo FF SelectedSearchEngine: Yahoo FF Homepage: https://www.google.de/ FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Programme\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\Mozilla\Firefox\Profiles\zd9ts67c.default\Extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com FF Extension: No Name - C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\Mozilla\Firefox\Profiles\zd9ts67c.default\Extensions\staged FF Extension: Microsoft .NET Framework Assistant - C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\Mozilla\Firefox\Profiles\zd9ts67c.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} FF Extension: DownloadHelper - C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\Mozilla\Firefox\Profiles\zd9ts67c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: ftd - C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\Mozilla\Firefox\Profiles\zd9ts67c.default\Extensions\ftd@ftd.com.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ========================== Services (Whitelisted) ================= R2 AcPrfMgrSvc; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [98304 2010-09-17] (Lenovo ) R2 AcrSch2Svc; C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe [805032 2011-06-28] (Acronis) R2 AcSvc; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [237568 2010-09-17] (Lenovo ) S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2012-10-11] () R2 afcdpsrv; C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [3246040 2011-07-27] (Acronis) R2 ASRSVC; C:\Programme\ThinkPad\Tablettverknüpfungen\ASR\ASRSVC.exe [79136 2010-03-29] (Lenovo Group Limited) R2 btwdins; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [349528 2010-09-22] (Broadcom Corporation.) S3 CoordinatorServiceHost; C:\Programme\SolidWorks\swScheduler\DTSCoordinatorService.exe [89160 2011-11-10] (Dassault Systèmes SolidWorks Corp.) R2 Dnscache; C:\Windows\System32\poualyzdi.dll [241664 2012-06-03] (Parental Solutions Inc.) R2 DozeSvc; C:\Programme\ThinkPad\Utilities\DOZESVC.EXE [128360 2011-02-04] (Lenovo.) R2 EvtEng; C:\Programme\Intel\WiFi\bin\EvtEng.exe [866576 2010-10-19] (Intel(R) Corporation) S3 FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-04-09] (Flexera Software, Inc.) R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2007-01-30] (Lenovo Group Limited) S2 LENOVO.MICMUTE; C:\Programme\LENOVO\HOTKEY\MICMUTE.exe [45496 2010-11-24] (Lenovo Group Limited) R2 MBAMScheduler; C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [117656 2013-08-18] (Mozilla Foundation) R2 MsMpSvc; c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation) S4 msvsmon80; C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2799808 2005-09-23] (Microsoft Corporation) R2 NIHardwareService; C:\Programme\Gemeinsame Dateien\Native Instruments\Hardware\NIHardwareService.exe [4230144 2011-12-16] (Native Instruments GmbH) S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2005-12-24] (Microsoft Corporation) R2 PDAgent; D:\Programme\Raxco\PerfectDisk\PDAgent.exe [1415032 2012-10-04] (Raxco Software, Inc.) R3 PDEngine; C:\Programme\Gemeinsame Dateien\Raxco\Shared\PDEngine.exe [2166648 2012-10-04] (Raxco Software, Inc.) R2 Power Manager DBC Service; C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe [61440 2011-02-04] () R2 RegSrvc; C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe [477456 2010-10-19] (Intel(R) Corporation) R2 S24EventMonitor; C:\Programme\Intel\WiFi\bin\S24EvMon.exe [966656 2010-10-19] (Intel(R) Corporation) S3 SolidWorks Licensing Service; C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-04-09] (SolidWorks) R2 SUService; C:\Programme\Lenovo\System Update\SUService.exe [28672 2009-06-12] (Lenovo Group Limited) R2 TabletSVC; C:\Programme\ThinkPad\Tablettverknüpfungen\TSMService.exe [71016 2010-03-29] (Lenovo Group Limited) R2 ThinkVantage Registry Monitor Service; C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [1029432 2010-12-10] (Lenovo Group Limited) R2 TPHKLOAD; C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe [99328 2010-12-03] (Lenovo Group Limited) R2 TPHKSVC; C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe [64440 2010-12-02] (Lenovo Group Limited) R2 TpKmpSVC; C:\WINDOWS\system32\TpKmpSVC.exe [32768 2006-06-29] () R2 TVT Backup Protection Service; C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe [1118208 2010-12-10] () R2 TVT Backup Service; C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe [1425408 2010-12-10] (Lenovo Group Limited) R2 TVT Scheduler; C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [1171456 2010-12-10] (Lenovo Group Limited) R2 U2VSvr; C:\WINDOWS\system32\U2VSvr.exe [192512 2009-02-09] () R2 Update-Service; C:\Windows\System32\UpdSvc.dll [114000 2011-11-10] (Joosoft.com GmbH) R2 UserAccess7; C:\WINDOWS\system32\UAService7.exe [221184 2011-12-29] (Sony DADC Austria AG.) S3 WMPNetworkSvc; C:\Programme\Windows Media Player\WMPNetwk.exe [920576 2006-11-03] (Microsoft Corporation) R2 JavaQuickStarterService; "C:\Programme\Java\jre7\bin\jqs.exe" -service -config "C:\Programme\Java\jre7\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R3 AEAudioService; C:\Windows\System32\drivers\AEAudio.sys [93952 2006-08-07] (Andrea Electronics Corporation) R1 ANC; C:\Windows\System32\drivers\ANC.SYS [11520 2005-09-28] (IBM Corp.) R3 atmeltpm; C:\Windows\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.) S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [533152 2009-09-18] (Broadcom Corporation.) R3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [37160 2008-02-04] (Broadcom Corporation.) R3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [993576 2010-09-23] (Broadcom Corporation.) S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [156816 2008-07-24] (Broadcom Corporation.) S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [56992 2009-05-11] (Broadcom Corporation.) S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [51752 2010-09-16] (Broadcom Corporation.) S3 CE3; C:\Windows\System32\DRIVERS\ce3n5.sys [27164 2001-08-18] (Xircom, Inc.) R2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [104088 2012-09-11] (Raxco Software, Inc.) S3 DJM-2000Audio; C:\Windows\System32\drivers\DJM-2000Audio.sys [32256 2010-05-18] (Pioneer Corporation.) R2 DriverX; C:\Windows\System32\Drivers\driverx.sys [234140 2008-09-17] (Tetradyne Software, Inc.) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG) R3 GzTpHid; C:\Windows\System32\DRIVERS\GzTpHid.sys [27008 2009-07-16] (GUNZE) R3 HBtnKey; C:\Windows\System32\DRIVERS\tkbtnpn.sys [14632 2009-07-29] (Lenovo) S0 hotcore2; C:\Windows\System32\drivers\hotcore2.sys [30808 2006-08-23] (Paragon Software Group) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51120 2004-12-15] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-12-15] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-12-15] (HP) S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [217016 2010-06-02] (Conexant Systems, Inc.) S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [993464 2010-06-02] (Conexant Systems, Inc.) R1 IBMTPCHK; C:\WINDOWS\system32\Drivers\IBMBLDID.sys [4224 2008-05-12] () S3 jmusblc; C:\Windows\System32\Drivers\jmusblc.sys [17648 2010-01-25] (Mueller Elektronik) S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUMDS.SYS [24056 2011-03-30] (KORG INC.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation) R1 MpKsl0eba4a36; c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{36B149D2-E867-47BF-BA57-4F9B98915B4F}\MpKsl0eba4a36.sys [40392 2013-09-19] (Microsoft Corporation) R3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6609920 2010-10-07] (Intel Corporation) R2 PDFSFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [69016 2012-08-23] (Raxco Software, Inc.) R2 pmem; C:\WINDOWS\System32\drivers\pmemnt.sys [7012 2011-03-17] (Microsoft Corporation) R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited) R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation) S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2012-12-11] (Silicon Laboratories) S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [63104 2012-12-11] (Silicon Laboratories) R1 Smapint; C:\Windows\System32\drivers\Smapint.sys [14848 2006-10-02] (Microsoft Corporation) R2 smihlp; C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys [12560 2009-03-13] (UPEK Inc.) R3 T1PExGrp; C:\Windows\System32\DRIVERS\T1PExGrp.sys [18560 2009-05-12] (Magic Control Technology Corp.) R3 T1PMrGrp; C:\Windows\System32\DRIVERS\T1PMrGrp.sys [19456 2009-05-12] (Magic Control Technology Corp.) S3 t1pusb; C:\Windows\System32\drivers\t1pusb.sys [86784 2009-05-12] (Magic Control Technology Corp.) R1 TDSMAPI; C:\Windows\System32\drivers\TDSMAPI.SYS [9343 2006-10-02] () R1 TPHKDRV; C:\Windows\System32\DRIVERS\TPHKDRV.sys [17844 2008-05-12] (Lenovo Group Limited) R1 TPPWRIF; C:\Windows\System32\drivers\Tppwrif.sys [12144 2011-02-04] (Lenovo Group Limited) R1 TSMAPIP; C:\Windows\System32\drivers\TSMAPIP.SYS [4608 2010-03-26] () R1 TSMSMI; C:\Windows\System32\DRIVERS\TSMSMI32.SYS [15784 2010-03-29] (Lenovo Group Limited) R3 TwoTrack; C:\Windows\System32\DRIVERS\TwoTrack.sys [11520 2001-08-17] (IBM Corporation) R3 wisdpen; C:\Windows\System32\DRIVERS\wisdpen.sys [30888 2009-07-16] (Wacom Technology) S2 altio; \??\C:\Programme\Altium\AD 10\System\Drivers\altio.sys [x] S1 GIGAPORTHD_AA; system32\DRIVERS\GIGAdrv.sys [x] S3 GIGA_01; system32\DRIVERS\GIGAWdm.sys [x] S3 Huawei; system32\DRIVERS\ewdcsc.sys [x] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x] S4 IntelIde; No ImagePath S3 Netaapl; system32\DRIVERS\netaapl.sys [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation) U5 UnlockerDriver5; C:\Programme\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () S3 USBAAPL; System32\Drivers\usbaapl.sys [x] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-19 13:15 - 2013-09-19 13:15 - 00000000 ____D C:\FRST 2013-09-19 13:12 - 2013-09-19 13:12 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Desktop\Download 2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 _____ C:\Dokumente und Einstellungen\ThinkPad User\defogger_reenable 2013-09-19 11:41 - 2013-09-19 11:41 - 00001704 _____ C:\Dokumente und Einstellungen\All Users\Desktop\PerfectDisk 12.5.lnk 2013-09-19 11:41 - 2013-09-19 11:41 - 00001684 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PerfectDisk 12.5.lnk 2013-09-19 11:41 - 2013-09-19 11:41 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Raxco 2013-09-19 11:41 - 2013-09-19 11:41 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Raxco 2013-09-19 11:39 - 2013-09-19 11:39 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\Malwarebytes 2013-09-19 11:38 - 2013-09-19 11:38 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-19 11:38 - 2013-09-19 11:38 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware 2013-09-19 11:38 - 2013-09-19 11:38 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware 2013-09-19 11:38 - 2013-09-19 11:38 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2013-09-19 11:38 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2013-09-19 08:53 - 2013-09-19 08:53 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\IETldCache 2013-09-19 08:52 - 2013-09-19 11:11 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini 2013-09-19 08:52 - 2013-09-19 08:59 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator 2013-09-19 08:52 - 2012-01-20 23:00 - 00000145 _____ C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat 2013-09-19 08:52 - 2011-03-17 13:58 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia 2013-09-19 08:52 - 2011-03-16 12:31 - 00001599 _____ C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk 2013-09-19 08:52 - 2011-03-16 12:31 - 00000772 _____ C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk 2013-09-19 08:52 - 2011-03-16 12:31 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör 2013-09-19 08:52 - 2011-03-16 12:31 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme 2013-09-19 08:52 - 2011-03-16 06:04 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Verlauf 2013-09-19 08:52 - 2011-03-16 06:04 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart 2013-09-19 08:52 - 2011-03-16 06:04 - 00000000 ___RD C:\Dokumente und Einstellungen\Administrator\Startmenü 2013-09-19 08:52 - 2011-03-16 06:04 - 00000000 ___HD C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung 2013-09-19 08:52 - 2011-03-16 06:04 - 00000000 ___HD C:\Dokumente und Einstellungen\Administrator\Druckumgebung 2013-09-13 09:01 - 2013-09-19 13:02 - 02354880 _____ C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat 2013-09-11 12:36 - 2013-09-11 12:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2013-09-03 12:01 - 2013-09-03 12:04 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Eigene Dateien\ToolBar 2013-09-02 23:43 - 2013-09-06 22:32 - 00000000 ____D C:\Huerth 2013-09-02 23:23 - 2013-09-02 23:23 - 00000000 ____D C:\tempvideo 2013-09-02 22:52 - 2013-09-02 23:16 - 00000000 ____D C:\temppicture 2013-09-02 22:18 - 2013-09-04 12:17 - 00000000 ____D C:\Lechernich 2013-09-02 22:13 - 2013-09-10 22:34 - 00000000 _____ C:\DebugTraceNormal.log 2013-09-02 15:18 - 2013-09-02 15:19 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Desktop\Solidworks 2013-09-02 14:57 - 2013-09-02 14:57 - 00000000 ____D C:\Programme\Unlocker 2013-09-02 14:57 - 2013-09-02 14:57 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Startmenü\Programme\Unlocker ==================== One Month Modified Files and Folders ======= 2013-09-19 13:15 - 2013-09-19 13:15 - 00000000 ____D C:\FRST 2013-09-19 13:14 - 2011-03-16 12:30 - 01412359 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-19 13:12 - 2013-09-19 13:12 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Desktop\Download 2013-09-19 13:11 - 2013-09-19 13:11 - 00000000 _____ C:\Dokumente und Einstellungen\ThinkPad User\defogger_reenable 2013-09-19 13:09 - 2007-01-29 12:36 - 00025261 _____ C:\WINDOWS\system32\PROCDB.INI 2013-09-19 13:08 - 2012-03-17 19:29 - 01520193 _____ C:\WINDOWS\setupapi.log 2013-09-19 13:08 - 2011-09-09 21:50 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-09-19 13:08 - 2011-09-09 21:50 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-09-19 13:08 - 2011-03-17 12:16 - 00000316 _____ C:\WINDOWS\Tasks\PMTask.job 2013-09-19 13:08 - 2011-03-16 18:07 - 00000434 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{D91243B7-470D-444B-9864-CE9AB029339D}.job 2013-09-19 13:07 - 2007-06-19 15:13 - 00000380 _____ C:\WINDOWS\system32\IPSCtrl.INI 2013-09-19 13:03 - 2013-07-17 14:14 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eSafe 2013-09-19 13:03 - 2011-03-16 12:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-09-19 13:03 - 2011-03-16 06:57 - 00000000 ____D C:\WINDOWS\Connection Wizard 2013-09-19 13:02 - 2013-09-13 09:01 - 02354880 _____ C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat 2013-09-19 13:02 - 2011-03-16 12:44 - 00000190 ___SH C:\Dokumente und Einstellungen\ThinkPad User\ntuser.ini 2013-09-19 13:02 - 2011-03-16 12:38 - 00032574 _____ C:\WINDOWS\SchedLgU.Txt 2013-09-19 13:00 - 2012-04-01 23:07 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\Google Talk 2013-09-19 12:54 - 2012-04-01 20:57 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-09-19 11:41 - 2013-09-19 11:41 - 00001704 _____ C:\Dokumente und Einstellungen\All Users\Desktop\PerfectDisk 12.5.lnk 2013-09-19 11:41 - 2013-09-19 11:41 - 00001684 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PerfectDisk 12.5.lnk 2013-09-19 11:41 - 2013-09-19 11:41 - 00000000 ____D C:\Programme\Gemeinsame Dateien\Raxco 2013-09-19 11:41 - 2013-09-19 11:41 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Raxco 2013-09-19 11:41 - 2011-03-16 06:04 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme 2013-09-19 11:39 - 2013-09-19 11:39 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\Malwarebytes 2013-09-19 11:38 - 2013-09-19 11:38 - 00000756 _____ C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-19 11:38 - 2013-09-19 11:38 - 00000000 ____D C:\Programme\Malwarebytes' Anti-Malware 2013-09-19 11:38 - 2013-09-19 11:38 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware 2013-09-19 11:38 - 2013-09-19 11:38 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2013-09-19 11:38 - 2011-03-16 06:05 - 00000000 ____D C:\Programme 2013-09-19 11:11 - 2013-09-19 08:52 - 00000190 ___SH C:\Dokumente und Einstellungen\Administrator\ntuser.ini 2013-09-19 10:27 - 2006-02-28 14:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl 2013-09-19 08:59 - 2013-09-19 08:52 - 00000000 ____D C:\Dokumente und Einstellungen\Administrator 2013-09-19 08:55 - 2011-09-11 20:21 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2013-09-19 08:53 - 2013-09-19 08:53 - 00000000 __SHD C:\Dokumente und Einstellungen\Administrator\IETldCache 2013-09-17 22:32 - 2011-08-22 22:18 - 00002243 _____ C:\WINDOWS\epplauncher.mif 2013-09-16 23:52 - 2012-01-18 00:08 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Eigene Dateien\Eigene Dokumente 2013-09-16 21:54 - 2012-04-01 20:57 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-09-16 21:54 - 2011-09-03 13:56 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-09-11 21:38 - 2011-03-16 12:44 - 00000000 ___RD C:\Dokumente und Einstellungen\ThinkPad User\Eigene Dateien\Eigene Bilder 2013-09-11 21:30 - 2011-08-23 20:12 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\vlc 2013-09-11 21:02 - 2011-08-23 19:53 - 00000706 _____ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IpAndPort.fig 2013-09-11 21:02 - 2011-08-23 19:53 - 00000225 _____ C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RmUserCfg.ini 2013-09-11 20:55 - 2011-08-22 22:14 - 00002347 _____ C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk 2013-09-11 13:17 - 2012-02-08 15:32 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\TempSWSicherungsverzeichnis 2013-09-11 13:13 - 2011-07-26 11:42 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Anwendungsdaten\SolidWorks 2013-09-11 12:36 - 2013-09-11 12:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2013-09-11 12:36 - 2011-07-24 22:04 - 00008379 _____ C:\WINDOWS\setupact.log 2013-09-10 22:48 - 2012-06-14 08:32 - 00000000 ____D C:\Programme\VideoViewer 2013-09-10 22:34 - 2013-09-02 22:13 - 00000000 _____ C:\DebugTraceNormal.log 2013-09-06 22:32 - 2013-09-02 23:43 - 00000000 ____D C:\Huerth 2013-09-04 12:49 - 2012-10-05 22:36 - 00000026 _____ C:\WINDOWS\VideoPlayer.INI 2013-09-04 12:17 - 2013-09-02 22:18 - 00000000 ____D C:\Lechernich 2013-09-03 12:04 - 2013-09-03 12:01 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Eigene Dateien\ToolBar 2013-09-02 23:23 - 2013-09-02 23:23 - 00000000 ____D C:\tempvideo 2013-09-02 23:16 - 2013-09-02 22:52 - 00000000 ____D C:\temppicture 2013-09-02 15:20 - 2013-06-27 21:36 - 00002435 _____ C:\Dokumente und Einstellungen\ThinkPad User\Desktop\inSSIDer.lnk 2013-09-02 15:19 - 2013-09-02 15:18 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Desktop\Solidworks 2013-09-02 15:10 - 2013-06-30 02:56 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Desktop\Neuer Ordner 2013-09-02 14:57 - 2013-09-02 14:57 - 00000000 ____D C:\Programme\Unlocker 2013-09-02 14:57 - 2013-09-02 14:57 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Startmenü\Programme\Unlocker 2013-09-02 14:57 - 2011-03-16 12:44 - 00000000 ___RD C:\Dokumente und Einstellungen\ThinkPad User\Startmenü\Programme 2013-09-01 13:23 - 2013-02-21 21:57 - 00000000 ____D C:\Programme\CMS 2013-08-31 00:40 - 2013-07-17 22:38 - 00000600 _____ C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND 2013-08-31 00:08 - 2006-02-28 14:00 - 00000828 _____ C:\WINDOWS\win.ini 2013-08-28 23:32 - 2012-05-22 10:38 - 00000000 ____D C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Anwendungsdaten\FreePDF_XP 2013-08-20 21:27 - 2012-04-28 14:49 - 00000000 ____D C:\Programme\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Temp\AcDeltree.exe C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Temp\DataCard_Setup.exe C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Temp\jre-7u13-windows-i586-iftw.exe C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Temp\jre-7u15-windows-i586-iftw.exe C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Temp\jre-7u17-windows-i586-iftw.exe C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Temp\jre-7u21-windows-i586-iftw.exe C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Temp\jre-7u25-windows-i586-iftw.exe C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Temp\ResetDevice.exe C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Temp\vlc-2.0.7-win32.exe C:\Dokumente und Einstellungen\ThinkPad User\Lokale Einstellungen\Temp\winping.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2006-02-28 14:00] - [2008-04-14 08:52] - 1036800 ____A (Microsoft Corporation) 418045a93cd87a352098ab7dabe1b53e C:\Windows\System32\winlogon.exe [2006-02-28 14:00] - [2008-04-14 08:53] - 0513024 ____A (Microsoft Corporation) f09a527b422e25c478e38caa0e44417a C:\Windows\System32\svchost.exe [2006-02-28 14:00] - [2008-04-14 08:53] - 0014336 ____A (Microsoft Corporation) 4fbc75b74479c7a6f829e0ca19df3366 C:\Windows\System32\services.exe [2006-02-28 14:00] - [2009-02-09 13:21] - 0111104 ____A (Microsoft Corporation) a3edbe9053889fb24ab22492472b39dc C:\Windows\System32\User32.dll [2006-02-28 14:00] - [2008-04-14 08:52] - 0580096 ____A (Microsoft Corporation) b0050cc5340e3a0760dd8b417ff7aebd C:\Windows\System32\userinit.exe [2006-02-28 14:00] - [2008-04-14 08:53] - 0026624 ____A (Microsoft Corporation) 788f95312e26389d596c0fa55834e106 C:\Windows\System32\Drivers\volsnap.sys [2006-02-28 14:00] - [2008-04-14 08:22] - 0053760 ____A (Microsoft Corporation) a5a712f4e880874a477af790b5186e1d ==================== End Of Log ============================ und hier die Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-09-2013 Ran by ThinkPad User at 2013-09-19 13:16:52 Running from C:\Dokumente und Einstellungen\ThinkPad User\Desktop\Download Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 Acronis*True*Image*Home 2011 (Version: 14.0.6868) Active@ Partition Recovery 9.0 (Version: 9.0) Adobe AIR (Version: 2.5.1.17730) Adobe Flash Player 11 ActiveX (Version: 11.8.800.174) Adobe Flash Player 11 Plugin (Version: 11.8.800.168) Adobe Photoshop CS (Version: CS) Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8) Adobe Shockwave Player 11.5 (Version: 11.5.9.620) AiO_Scan (Version: 47.0.1.000) Amazon MP3-Downloader 1.0.9 Anzeige am Bildschirm (Version: 6.20.00) Aquamarin Haushaltsbuch 2.9.2 b CC2530ZNP Mini Kit (Version: 1.00.1000) CMS Compatibility Pack für 2007 Office System (Version: 12.0.6514.5001) ConvertHelper 2.2 Dienstprogramm 'ThinkPad-Tastaturanpassung' (Version: 1.3.53.0) DJI driver version 1.0 (Version: 1.0) DJI NAZAM Assistant version 2.12 (Version: 2.12) DriverX for MSP-FET430IF (Version: 1.0) Ergänzung zu Productivity Center für ThinkPad (Version: 3.00b) FreePDF (Remove only) Funktion "TrackPoint-Eingabehilfen" (Version: 1.11.0.0) GeoVision ADPCM GeoVision H264 GeoVision JPEG GeoVision MPEG2 GeoVision MPEG4 ASP GeoVision MPEG4 AVC GPL Ghostscript (Version: 9.04) Help Center (Version: 2.00n) Hotfix für Windows XP (KB2570791) (Version: 1) Hotfix für Windows XP (KB942288-v3) (Version: 3) Hotfix für Windows XP (KB961118) (Version: 1) HP Image Zone 4.7 (Version: 4.7) HP PSC & OfficeJet 4.7 IAR Embedded Workbench Evaluation for MSP430 4.20.1 (Version: 4.20.1) inSSIDer (Version: 2.1.6) Intel(R) Graphics Media Accelerator Driver Intel(R) PRO Network Connections Drivers Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) JavaFX 2.1.1 (Version: 2.1.1) Lenovo Auto Scroll Utility (Version: 1.00) Lenovo System Interface Driver (Version: 1.05) Maintenance Manager (Version: 3.0.5.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 1.0 Hotfix (KB2572066) Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU (Version: 2.1.21022) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729) Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU (Version: 3.1.21022) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729) Microsoft .NET Framework 3.5 Language Pack - DEU Microsoft .NET Framework 3.5 Language Pack - deu (Version: 3.5.21022) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft Antimalware (Version: 3.0.8402.2) Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Choice Guard (Version: 2.0.48.0) Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2003 Web Components (Version: 12.0.6213.1000) Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0) Microsoft Security Client (Version: 2.1.1116.0) Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 2.1.1116.0) Microsoft User-Mode Driver Framework Feature Pack 1.9 Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual Studio 2005 Tools for Applications - ENU Microsoft Visual Studio 2005 Tools for Applications - ENU (Version: 8.0.50727.146) Microsoft WinUsb 2.0 Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1) Mozilla Maintenance Service (Version: 23.0.1) Mozilla Thunderbird 17.0.8 (x86 de) (Version: 17.0.8) MSVCRT (Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 6.0 Parser (Version: 6.10.1129.0) MultiTouch Driver (Version: 3.0.0.3) Native Instruments Audio 4 DJ Native Instruments Audio 4 DJ (Version: 3.0.0.625) Native Instruments Controller Editor Native Instruments Controller Editor (Version: 1.4.5.910) Native Instruments Service Center Native Instruments Service Center (Version: 2.3.2.926) Native Instruments Traktor 2 Native Instruments Traktor 2 (Version: 2.5.0.13594) NetViewer 2.1.723.0 (Version: 2.1.723.0) PerfectDisk 12.5 Professional (Version: 12.05.312) PHOENIX Showcontroller (Version: 4.00.0000) Pioneer DDJ Driver (Version: 1.001.000.002) Pioneer DJM-2000 Driver (Version: 1.100.000.000) PlayBack 1.0.1.14 (Version: 1.0.1.14) Portable Paragon Partition Manager 8.0 Professional by MiKiCuN.. Präsentationsdirektor (Version: 4.08) QFolder (Version: 1.00.0000) QuickTime (Version: 7.74.80.86) RedMon - Redirection Port Monitor Rescue and Recovery (Version: 4.23.0017.00) RocketDock 1.3.5 Scan (Version: 4.5.0.0) Segoe UI (Version: 14.0.4327.805) Sentinel System Driver Installer 7.4.2 (Version: 7.4.2) Sicherheitsupdate für Microsoft Windows (KB2564958) Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB981332) (Version: 1) Sicherheitsupdate für Windows Internet Explorer 8 (KB982381) (Version: 1) Sicherheitsupdate für Windows XP (KB2412687) (Version: 1) Sicherheitsupdate für Windows XP (KB2476490) (Version: 1) Sicherheitsupdate für Windows XP (KB2485663) (Version: 1) Sicherheitsupdate für Windows XP (KB2503665) (Version: 1) Sicherheitsupdate für Windows XP (KB2506212) (Version: 1) Sicherheitsupdate für Windows XP (KB2507618) (Version: 1) Sicherheitsupdate für Windows XP (KB2507938) (Version: 1) Sicherheitsupdate für Windows XP (KB2508272) (Version: 1) Sicherheitsupdate für Windows XP (KB2508429) (Version: 1) Sicherheitsupdate für Windows XP (KB2509553) (Version: 1) Sicherheitsupdate für Windows XP (KB2524375) (Version: 1) Sicherheitsupdate für Windows XP (KB2535512) (Version: 1) Sicherheitsupdate für Windows XP (KB2536276) (Version: 1) Sicherheitsupdate für Windows XP (KB2536276-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2544893) (Version: 1) Sicherheitsupdate für Windows XP (KB2544893-v2) (Version: 2) Sicherheitsupdate für Windows XP (KB2555917) (Version: 1) Sicherheitsupdate für Windows XP (KB2562937) (Version: 1) Sicherheitsupdate für Windows XP (KB2566454) (Version: 1) Sicherheitsupdate für Windows XP (KB2567053) (Version: 1) Sicherheitsupdate für Windows XP (KB2567680) (Version: 1) Sicherheitsupdate für Windows XP (KB2570222) (Version: 1) Sicherheitsupdate für Windows XP (KB2570947) (Version: 1) Sicherheitsupdate für Windows XP (KB2592799) (Version: 1) Sicherheitsupdate für Windows XP (KB923789) SolidWorks 2012 German Resources (Version: 20.110.80) SolidWorks 2012 SP01 (Version: 20.110.80) SoundMAX (Version: 5.10.01.4326) Sunlite Suite 2 Sunlite Suite Beta System Update (Version: 3.14.0024) Tamara ThinkPad - Menü für Tablettverknüpfungen (Version: 6.03) ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 5.5.0.9700) ThinkPad Energie-Manager (Version: 1.95) ThinkPad FullScreen Magnifier (Version: 2.20) ThinkPad Modem (Version: 7.80.7.0) ThinkPad Power Management Driver (Version: 1.61.00.11) ThinkPad-Dienstprogramm 'EasyEject' (Version: 2.39) ThinkPad-Konfiguration (Version: 1.55) ThinkVantage Access Connections (Version: 5.72) ThinkVantage Fingerprint Software (Version: 5.8.5.6014) ThinkVantage Productivity Center (Version: 3.11) ThinkVantage System für aktiven Festplattenschutz (Version: 1.72) Total Commander (Remove or Repair) (Version: 8.0 beta 1) Treiber für ThinkPad-Tabletttasten (Version: 3.05) Turbo Lister 2 (Version: 2.00.0000) UltraSearch V1.7.1 (Version: 1.7.1) UltraVnc (Version: 1.1.9.0) Unity Web Player (HKCU Version: ) Unlocker 1.9.2 (Version: 1.9.2) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update für Windows Internet Explorer 8 (KB2447568) (Version: 1) Update für Windows Internet Explorer 8 (KB976662) (Version: 1) Update für Windows XP (KB2541763) (Version: 1) Update für Windows XP (KB2607712) (Version: 1) Update für Windows XP (KB2616676) (Version: 1) USB Display Device (Trigger 1+) 9.10.0526.0159 (Version: 9.10.0526.0159) Video Viewer (Version: 0.1.8.4) VirtualCloneDrive VLC media player 2.0.7 (Version: 2.0.7) VSO Image Resizer 4.0.3.6 (Version: 4.0.3.6) War Thunder Launcher 1.0.1.199 WebFldrs XP (Version: 9.50.7523) Windows Driver Package - dji-innovations inc. (usbser) Ports (01/19/2011 5.1.2600.5512) (Version: 01/19/2011 5.1.2600.5512) Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (Version: 12/10/2012 6.6.1.0) Windows Genuine Advantage Validation Tool (KB892130) Windows Live Anmelde-Assistent (Version: 5.000.818.5) Windows Live Call (Version: 14.0.8117.0416) Windows Live Communications Platform (Version: 14.0.8117.416) Windows Live Essentials (Version: 14.0.8117.0416) Windows Live Essentials (Version: 14.0.8117.416) Windows Live Messenger (Version: 14.0.8117.0416) Windows Live-Uploadtool (Version: 14.0.8014.1029) Windows Media Format 11 runtime Windows Media Player 11 Windows Messenger 5.1 (Version: 5.1.0715) Windows-Treiberpaket - Das (Siudi) USB (09/20/2010 1.6.0) (Version: 09/20/2010 1.6.0) Windows-Treiberpaket - Das (WinUSB) USB (12/14/2011 1.4) (Version: 12/14/2011 1.4) Windows-Treiberpaket - Das (WinUSB) USB (23/11/2011 1.3) (Version: 23/11/2011 1.3) XML Paper Specification Shared Components Pack 1.0 ==================== Restore Points ========================= 02-09-2013 22:08:10 Systemprüfpunkt 03-09-2013 17:06:10 Software Distribution Service 3.0 04-09-2013 17:22:59 Software Distribution Service 3.0 05-09-2013 18:15:35 Software Distribution Service 3.0 06-09-2013 20:40:12 Software Distribution Service 3.0 08-09-2013 03:54:50 Software Distribution Service 3.0 09-09-2013 09:43:26 Software Distribution Service 3.0 10-09-2013 20:36:07 Software Distribution Service 3.0 11-09-2013 23:01:14 Systemprüfpunkt 16-09-2013 19:08:11 Software Distribution Service 3.0 17-09-2013 20:45:44 Software Distribution Service 3.0 19-09-2013 07:22:49 Removed Apple Mobile Device Support 19-09-2013 07:23:25 Bonjour wird entfernt 19-09-2013 07:25:09 Removed Flowcode V5 for AVR 19-09-2013 09:41:30 Installed PerfectDisk 12.5 Professional. ==================== Hosts content: ========================== 2006-02-28 14:00 - 2006-02-28 14:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\PMTask.job => C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{D91243B7-470D-444B-9864-CE9AB029339D}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2006-02-28 14:00 - 2008-04-14 08:51 - 00177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfime.ime 2013-09-17 22:45 - 2013-09-05 07:02 - 07328304 _____ (Microsoft Corporation) c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{36B149D2-E867-47BF-BA57-4F9B98915B4F}\mpengine.dll 2010-10-19 14:49 - 2010-10-19 14:49 - 01466368 _____ (Devicescape Software, Inc.) C:\Programme\Intel\WiFi\bin\supplicant.dll 2011-03-16 14:17 - 2011-03-16 14:17 - 00110592 _____ ( ) C:\WINDOWS\assembly\GAC\SKLibrary\1.7.2600.5512__31bf3856ad364e35\SKLibrary.dll 2011-03-16 12:21 - 2008-04-14 08:52 - 00045056 _____ ( ) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\KbcResources.dll 2011-03-16 12:21 - 2008-04-14 08:52 - 00006144 _____ ( ) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Ink\de\KbcResources.resources.dll 2010-09-22 15:18 - 2010-09-22 15:18 - 00111904 _____ (Broadcom Corporation.) C:\WINDOWS\system32\bthcrp.dll 2010-09-22 15:18 - 2010-09-22 15:18 - 00582944 _____ (Broadcom Corporation.) C:\WINDOWS\system32\WidcommSdk.dll 2010-09-22 15:18 - 2010-09-22 15:18 - 00521568 _____ (Broadcom Corporation.) C:\WINDOWS\system32\wbtapi.dll 2011-09-11 15:08 - 2004-12-15 23:59 - 00180315 _____ (HP) C:\WINDOWS\system32\hpzsnt12.dll 2012-05-22 10:21 - 2010-06-17 21:56 - 00116224 _____ () C:\WINDOWS\system32\redmonnt.dll 2011-03-16 12:22 - 2002-08-29 04:43 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\jnwppr.dll 2011-10-31 15:46 - 2007-04-09 14:23 - 00028552 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll 2011-03-16 14:56 - 2008-07-06 14:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll 2010-09-22 15:18 - 2010-09-22 15:18 - 00054560 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btncopy.dll 2012-10-01 12:33 - 2007-09-02 13:57 - 00069632 _____ () C:\Programme\RocketDock\RocketDock.dll 2011-03-17 12:16 - 2011-02-04 02:35 - 00051200 ____N () C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL 2010-06-16 14:44 - 2010-06-16 14:44 - 00020328 _____ (Lenovo.) C:\WINDOWS\system32\Sensor.dll 2010-09-22 15:18 - 2010-09-22 15:18 - 00099688 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btmmhook.dll 2013-09-03 15:54 - 2013-09-03 15:54 - 00301056 _____ () C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU 2007-06-19 16:08 - 2007-06-19 16:08 - 00108080 _____ (Lenovo Group Limited) C:\WINDOWS\system32\PROCHLP.DLL 2011-10-13 23:07 - 2011-10-13 23:07 - 03301376 _____ () c:\windows\assembly\nativeimages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_2483b090\mscorlib.dll 2011-03-16 06:07 - 2001-08-18 05:52 - 00043520 _____ (IBM Corporation) C:\WINDOWS\system32\tp4res.dll 2006-02-28 14:00 - 2006-02-28 14:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mui\0007\HHCTRLui.dll 2010-12-10 01:19 - 2010-12-10 01:19 - 00139264 _____ () C:\Programme\Gemeinsame Dateien\Lenovo\CDRecord.dll 2011-03-16 15:29 - 2010-09-17 19:22 - 00048128 _____ () C:\Programme\ThinkPad\ConnectUtilities\Res\GR\GUIHlprRes.dll 2011-03-17 12:16 - 2011-02-04 02:35 - 00063488 ____N () C:\Programme\ThinkPad\Utilities\GR\PWRMGRRO.DLL 2011-03-17 12:16 - 2011-02-04 02:35 - 00081920 ____N () C:\Programme\ThinkPad\Utilities\DE-DE\PWMUIAux.resources.dll 2011-06-28 01:45 - 2011-06-28 01:45 - 11204400 _____ () C:\Programme\Acronis\TrueImageHome\Common\ti_managers.dll 2008-06-26 19:02 - 2012-11-05 22:01 - 00503296 _____ (Matías Moreno) C:\Programme\RocketDock\Docklets\StackDocklet\StackDocklet.dll 2010-09-22 15:18 - 2010-09-22 15:18 - 00218448 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btosif.dll 2010-09-22 15:18 - 2010-09-22 15:18 - 00238880 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btwhidcs.DLL 2010-09-22 15:18 - 2010-09-22 14:51 - 01085440 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btrez.dll 2010-09-22 15:18 - 2010-09-22 15:18 - 02860384 _____ () C:\WINDOWS\system32\btwicons.dll 2010-09-22 15:18 - 2010-09-22 15:18 - 00075112 _____ () C:\Programme\ThinkPad\Bluetooth Software\btkeyind.dll 2012-10-04 17:28 - 2012-10-04 17:28 - 00032632 _____ (Raxco Software, Inc.) C:\Programme\Gemeinsame Dateien\Raxco\Shared\PDEnginePS.dll 2012-10-04 17:28 - 2012-10-04 17:28 - 00214904 _____ (Raxco Software, Inc) C:\Programme\Gemeinsame Dateien\Raxco\Shared\PDutils.dll 2011-03-16 15:29 - 2010-09-17 19:22 - 00081920 _____ () C:\Programme\ThinkPad\ConnectUtilities\Res\GR\SvcHlprRes.dll 2009-06-12 11:52 - 2009-06-12 11:52 - 00062776 _____ ( ) C:\Programme\Lenovo\System Update\TvsuServiceCommon.dll 2010-12-10 01:19 - 2010-12-10 01:19 - 00139264 _____ () C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll 2011-11-10 09:20 - 2011-11-10 09:20 - 00114000 _____ (Joosoft.com GmbH) c:\windows\system32\updsvc.dll 2012-06-14 23:20 - 2009-04-14 15:59 - 00204800 _____ (MCT) C:\WINDOWS\system32\MCTHOOKKEY.dll 2012-06-14 23:20 - 2009-02-09 14:51 - 00217088 _____ (TODO: <Company name>) C:\WINDOWS\system32\mctsetup.DLL 2012-10-04 17:29 - 2012-10-04 17:29 - 00016760 _____ (Raxco Software, Inc.) D:\Programme\Raxco\PerfectDisk\PDVmGuestPS.dll ==================== Alternate Data Streams (whitelisted) ========== AlternateDataStreams: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5E43975A ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/19/2013 01:14:12 PM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (09/19/2013 01:07:37 PM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.9901.0, P5 fixed, P6 2 _ 2048, P7 5 _ boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (09/19/2013 00:48:50 PM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (09/19/2013 00:42:03 PM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.9901.0, P5 fixed, P6 2 _ 2048, P7 5 _ boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (09/19/2013 11:23:07 AM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (09/19/2013 11:16:41 AM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.9901.0, P5 fixed, P6 2 _ 2048, P7 5 _ boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (09/19/2013 10:36:34 AM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (09/19/2013 10:30:08 AM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.9901.0, P5 fixed, P6 2 _ 2048, P7 5 _ boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (09/19/2013 10:09:15 AM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 3.0.8402.0, P3 timeout, P4 1.1.9901.0, P5 fixed, P6 2 _ 2048, P7 5 _ boot, P8 NIL, P9 mptelemetry0, P10 mptelemetry1. Error: (09/19/2013 09:42:32 AM) (Source: MPSampleSubmission) (User: ) Description: EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 mptelemetry0, P10 mptelemetry1. System errors: ============= Error: (09/19/2013 01:14:12 PM) (Source: Microsoft Antimalware) (User: ) Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen. Neue Signaturversion: Vorherige Signaturversion: 1.159.97.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsstufe: 3.0.8402.00 Quellpfad: 3.0.8402.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (09/19/2013 01:09:39 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" ist von folgendem, nicht vorhandenem Dienst abhängig: LanmanWorkstation Error: (09/19/2013 01:09:16 PM) (Source: Service Control Manager) (User: ) Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: hotcore2 Error: (09/19/2013 01:07:50 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" ist von folgendem, nicht vorhandenem Dienst abhängig: LanmanWorkstation Error: (09/19/2013 01:07:49 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "altio" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (09/19/2013 01:03:34 PM) (Source: 0) (User: ) Description: 0xC0000001HarddiskVolume1 Error: (09/19/2013 00:48:49 PM) (Source: Microsoft Antimalware) (User: ) Description: Fehler in %NT-AUTORITÄT60 beim Aktualisieren von Signaturen. Neue Signaturversion: Vorherige Signaturversion: 1.159.97.0 Aktualisierungsquelle: %NT-AUTORITÄT59 Aktualisierungsstufe: 3.0.8402.00 Quellpfad: 3.0.8402.01 Signaturtyp: %NT-AUTORITÄT602 Aktualisierungstyp: %NT-AUTORITÄT604 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: %NT-AUTORITÄT605 Vorherige Modulversion: %NT-AUTORITÄT606 Fehlercode: %NT-AUTORITÄT607 Fehlerbeschreibung: %NT-AUTORITÄT608 Error: (09/19/2013 00:44:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" ist von folgendem, nicht vorhandenem Dienst abhängig: LanmanWorkstation Error: (09/19/2013 00:42:20 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Computerbrowser" ist von folgendem, nicht vorhandenem Dienst abhängig: LanmanWorkstation Error: (09/19/2013 00:42:20 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "altio" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Microsoft Office Sessions: ========================= Error: (09/19/2013 01:14:12 PM) (Source: MPSampleSubmission)(User: ) Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL Error: (09/19/2013 01:07:37 PM) (Source: MPSampleSubmission)(User: ) Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.9901.0fixed2 _ 20485 _ bootNILNILNIL Error: (09/19/2013 00:48:50 PM) (Source: MPSampleSubmission)(User: ) Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL Error: (09/19/2013 00:42:03 PM) (Source: MPSampleSubmission)(User: ) Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.9901.0fixed2 _ 20485 _ bootNILNILNIL Error: (09/19/2013 11:23:07 AM) (Source: MPSampleSubmission)(User: ) Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL Error: (09/19/2013 11:16:41 AM) (Source: MPSampleSubmission)(User: ) Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.9901.0fixed2 _ 20485 _ bootNILNILNIL Error: (09/19/2013 10:36:34 AM) (Source: MPSampleSubmission)(User: ) Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL Error: (09/19/2013 10:30:08 AM) (Source: MPSampleSubmission)(User: ) Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.9901.0fixed2 _ 20485 _ bootNILNILNIL Error: (09/19/2013 10:09:15 AM) (Source: MPSampleSubmission)(User: ) Description: mptelemetrymicrosoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)3.0.8402.0timeout1.1.9901.0fixed2 _ 20485 _ bootNILNILNIL Error: (09/19/2013 09:42:32 AM) (Source: MPSampleSubmission)(User: ) Description: mptelemetry8024402cendsearchsearch3.0.8402.0mpsigdwn.dll3.0.8402.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)NILNILNIL ==================== Memory info =========================== Percentage of memory in use: 42% Total physical RAM: 2038.36 MB Available physical RAM: 1175.9 MB Total Pagefile: 3407.73 MB Available Pagefile: 2657.92 MB Total Virtual: 2047.88 MB Available Virtual: 1952.73 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.53 GB) (Free:19.74 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (Volume) (Fixed) (Total:74.52 GB) (Free:33.91 GB) NTFS Drive e: (PKBACK# 001) (Removable) (Total:0.95 GB) (Free:0.13 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149 GB) (Disk ID: F48C1007) Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 977 MB) (Disk ID: 8F33424A) Partition 1: (Not Active) - (Size=976 MB) - (Type=06) ==================== End Of Log ============================ Vielen Dank für die Hilfe. So ich habe jetzt noch GMER durchlaufen lassen aber was soll mir das jetzt sagen? Alles sauber? Code:
ATTFilter GMER Logfile: |
21.09.2013, 15:42 | #2 |
/// the machine /// TB-Ausbilder | Lanmanworkstation / Mediyes.F beseitigen hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation /S HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache /S HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com %SystemRoot%\system32\*.tsp C:\Windows\system32\*.dll /600
__________________ |
Themen zu Lanmanworkstation / Mediyes.F beseitigen |
adobe, bildschirm, bonjour, browser, einstellungen, explorer, farbar, farbar recovery scan tool, fehlermeldung, festplatte, flash player, format, lanmanworkstation, mediyes.f, mozilla, officejet, photoshop, plug-in, rundll, security, software, system, tablet, virus, windows, windows xp |