| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: rotkit, bluescreen windows vista hängtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.01.2011, 22:15
| #1 |
 |  rotkit, bluescreen windows vista hängt Hallo seit einigen Tagen spinnt mein Lenovo-Laptop. Leider ist die Garantiezeit abgelaufen. Nun zu meinem Problem. Mein Vista hängt sich oft auf und wenn es nach paar Minuten nicht weiterarbeitet, dann kommen blue-screens und windows startet automatisch neu. Sehr passiert diese Probleme, wenn ich bei youtube Videos angucke oder online WoW-Spiele. Wenn ich mit sophos-antivirus scanne, dann meldet dieser, dass meine Festplatte defekt sei und Rotkit abgebrochen wird. Viren werden nicht gefunden. Ich habe eine Fujitsu Festplatte. Ich hab versucht einen tool von Fujitsu auf CD zu brennen und damit zu booten, aber irgendwie hat es bei mir nicht geklappt. Denn nach dem Herstellen sei dieser tool imstande defekte Sektoren zu reparieren. Das ist Fujitsu ATA Diagnostic Tool 6.90. Naja ich weiß nicht mehr weiter und hoffe auf eure Hilfe. Könnte sich ein Experte die Logfile´s von GMER und RSIT angucken bitte? Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-01-17 05:20:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0084
Running: jvwuq2og.exe; Driver: C:\Users\ich\AppData\Local\Temp\uwroykog.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!CopyFileExW 76AC0211 7 Bytes JMP 6FA07760 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Windows\Explorer.EXE[4020] kernel32.dll!MoveFileWithProgressW 76AD10A4 5 Bytes JMP 6FA07620 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Windows\Explorer.EXE[4020] ole32.dll!CoCreateInstance 77BB9F3E 8 Bytes JMP 6FA07A20 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtClose 77DE4314 5 Bytes JMP 6CD29BF1 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtCreateFile 77DE43D4 5 Bytes JMP 6CD288D9 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtCreateKey 77DE4414 5 Bytes JMP 6CD2552A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtDeleteFile 77DE47B4 5 Bytes JMP 6CD286F6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtDeleteKey 77DE47C4 5 Bytes JMP 6CD24D8A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtDeleteValueKey 77DE47F4 5 Bytes JMP 6CD2504D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtDuplicateObject 77DE4824 5 Bytes JMP 6CD29CC7 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtEnumerateKey 77DE4864 5 Bytes JMP 6CD24E2E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtEnumerateValueKey 77DE4894 5 Bytes JMP 6CD24FA7 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtFlushKey 77DE48F4 5 Bytes JMP 6CD24DDC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtNotifyChangeKey 77DE4B64 5 Bytes JMP 6CD250FB C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtNotifyChangeMultipleKeys 77DE4B74 5 Bytes JMP 6CD25189 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtOpenFile 77DE4BB4 5 Bytes JMP 6CD28A64 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtOpenKey 77DE4BE4 5 Bytes JMP 6CD2543B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtQueryAttributesFile 77DE4D54 5 Bytes JMP 6CD28761 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtQueryDirectoryFile 77DE4DB4 5 Bytes JMP 6CD275E6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtQueryFullAttributesFile 77DE4E04 5 Bytes JMP 6CD287D1 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtQueryKey 77DE4EB4 5 Bytes JMP 6CD24E81 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtQueryMultipleValueKey 77DE4EC4 5 Bytes JMP 6CD250A8 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtQueryObject 77DE4EE4 5 Bytes JMP 6CD29D1D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtQuerySecurityObject 77DE4F44 5 Bytes JMP 6CD29C61 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtQueryValueKey 77DE4FD4 5 Bytes JMP 6CD24F54 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtRenameKey 77DE50C4 5 Bytes JMP 6CD2559F C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtSetInformationFile 77DE52E4 5 Bytes JMP 6CD28841 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtSetInformationKey 77DE5304 5 Bytes JMP 6CD24EE7 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtSetSecurityObject 77DE53B4 5 Bytes JMP 6CD29D7A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ntdll.dll!NtSetValueKey 77DE5454 5 Bytes JMP 6CD24FFA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] kernel32.dll!CreateProcessW 76AB1BF3 5 Bytes JMP 6CD02337 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] kernel32.dll!CreateProcessA 76AB1C28 5 Bytes JMP 6CD02475 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] kernel32.dll!LoadLibraryExW 76AD9109 7 Bytes JMP 6CD02E8C C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] kernel32.dll!SetDllDirectoryW 76B42467 5 Bytes JMP 6CD03300 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] kernel32.dll!SetDllDirectoryA 76B424FD 5 Bytes JMP 6CD03633 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] kernel32.dll!WinExec 76B45CF7 5 Bytes JMP 6CD02A2E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] GDI32.dll!AddFontResourceW 76C8CC93 5 Bytes JMP 6CD10AB4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] GDI32.dll!AddFontResourceA 76C8CFBF 5 Bytes JMP 6CD10A98 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!StartServiceA 77CBA24D 7 Bytes JMP 6CD1379E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!CreateProcessAsUserA 77CBCEB9 5 Bytes JMP 6CD027ED C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!CreateProcessAsUserW 77CD1EE9 5 Bytes JMP 6CD026AB C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!OpenSCManagerA 77CD2D93 7 Bytes JMP 6CD131B4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!OpenServiceA 77CD2EBD 7 Bytes JMP 6CD13323 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!StartServiceW 77CD3E0B 7 Bytes JMP 6CD13708 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!QueryServiceStatusEx 77CD4FFE 7 Bytes JMP 6CD139AC C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!QueryServiceConfigW 77CD50A4 7 Bytes JMP 6CD14448 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!QueryServiceConfigA 77CD51AD 7 Bytes JMP 6CD144E1 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!OpenSCManagerW 77CD7137 7 Bytes JMP 6CD13128 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!CloseServiceHandle 77CD82A5 7 Bytes JMP 6CD13BB6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!OpenServiceW 77CD8354 7 Bytes JMP 6CD13297 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!QueryServiceStatus 77CD842C 7 Bytes JMP 6CD13919 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!CreateServiceW 77CF9EB4 7 Bytes JMP 6CD13421 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!ControlService 77CF9FB8 7 Bytes JMP 6CD1388D C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!DeleteService 77CFA07E 7 Bytes JMP 6CD13C44 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!GetServiceDisplayNameW 77CFB0B3 7 Bytes JMP 6CD14297 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!GetServiceKeyNameW 77CFB164 7 Bytes JMP 6CD140E6 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!EnumServicesStatusExA 77CFB31B 7 Bytes JMP 6CD14A26 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!ControlServiceExA 77D3662E 7 Bytes JMP 6CD12BDA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!ControlServiceExW 77D36741 7 Bytes JMP 6CD12B61 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!EnumServicesStatusExW 77D36909 7 Bytes JMP 6CD14960 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!EnumServicesStatusA 77D36B47 7 Bytes JMP 6CD148A2 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!QueryServiceObjectSecurity 77D36C21 7 Bytes JMP 6CD146B2 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!SetServiceObjectSecurity 77D36CD9 7 Bytes JMP 6CD1474E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!ChangeServiceConfigA 77D36DD9 7 Bytes JMP 6CD13DB7 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!ChangeServiceConfigW 77D36F81 7 Bytes JMP 6CD13CD2 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!ChangeServiceConfig2A 77D37099 7 Bytes JMP 6CD14050 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!ChangeServiceConfig2W 77D371E1 7 Bytes JMP 6CD13FBA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!CreateServiceA 77D372A1 7 Bytes JMP 6CD134F7 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!EnumDependentServicesA 77D37505 7 Bytes JMP 6CD13AFF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!EnumDependentServicesW 77D375D9 7 Bytes JMP 6CD13A48 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!GetServiceDisplayNameA 77D376B1 7 Bytes JMP 6CD1434F C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!GetServiceKeyNameA 77D37759 7 Bytes JMP 6CD1419E C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!QueryServiceConfig2A 77D37891 7 Bytes JMP 6CD14616 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!QueryServiceConfig2W 77D37A19 7 Bytes JMP 6CD1457A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ADVAPI32.dll!EnumServicesStatusW 77D37F61 5 Bytes JMP 6CD147E4 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoRegisterPSClsid 77B62746 5 Bytes JMP 6CD1A1FE C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoResumeClassObjects + 7 77B72C12 7 Bytes JMP 6CD1A7CF C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoRegisterClassObject 77B77DBE 5 Bytes JMP 6CD1B27B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!OleInitialize 77B7EE4B 5 Bytes JMP 6CD1A539 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!OleRun 77B7F3F4 5 Bytes JMP 6CD1A68A C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoGetPSClsid 77B81B2B 5 Bytes JMP 6CD1A376 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoGetClassObject 77B9FAE8 5 Bytes JMP 6CD1B5E2 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoRevokeClassObject 77BAB109 5 Bytes JMP 6CD19DE0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoCreateInstance 77BB9F3E 5 Bytes JMP 6CD1C8B0 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoCreateInstanceEx 77BB9F81 5 Bytes JMP 6CD1AC12 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoInitializeEx 77BBADFB 5 Bytes JMP 6CD1A3E9 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoUninitialize 77BBD309 5 Bytes JMP 6CD1A46B C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoSuspendClassObjects + 7 77BC19A9 7 Bytes JMP 6CD1A6FA C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!OleUninitialize 77BDB90D 6 Bytes JMP 6CD1A5A9 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!CoGetInstanceFromFile 77C0C595 5 Bytes JMP 6CD1BAA2 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[4752] ole32.dll!OleRegEnumFormatEtc 77C55657 5 Bytes JMP 6CD1A614 C:\Windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
Device Sftfslh.sys (Microsoft Application Virtualization File System/Microsoft Corporation)
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1c0b2c7
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1c0b2c7 (not active ControlSet)
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
---- Files - GMER 1.0.15 ----
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\bmgrmode.dat 29 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 110 bytes
File C:\RRbackups\common\rr.log 16051 bytes
File C:\RRbackups\common\rr_bcdenum.dat 3784 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 24576 bytes
File C:\RRbackups\common\settings.dat 32768 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 34320 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3384489848-266114249-364278530-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3384489848-266114249-364278530-500\a077ead69703e3bf1fd373a3c9376faa_0c4e0812-a48c-4759-8476-87bb7c7bbf28 77 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3384489848-266114249-364278530-500\a18ca4003deb042bbee7a40f15e1970b_0c4e0812-a48c-4759-8476-87bb7c7bbf28 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-500\8cc549fb-eaac-45a9-ab29-ea0c2bc5d890 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\***0 bytes
File C:\RRbackups\Documents and Settings\***\AppData 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\****\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\****\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\****AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\****\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3384489848-266114249-364278530-1003 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3384489848-266114249-364278530-1003\8f71098770f72c7a67cd8f1151619865_0c4e0812-a48c-4759-8476-87bb7c7bbf28 54 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-1003 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-1003\6dcd97bb-e27e-4304-b8a3-4fb7b3b47b86 388 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-1003\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\ich 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-1002 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-1002\87ac80a3-72f9-4909-b6c7-7f7ff316d7b5 388 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-1002\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\ich\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\***
0 bytes
File C:\RRbackups\Documents and Settings\***\AppData 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-1004 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-1004\ba30fc0f-b8e4-41a6-b32a-d103d4a24c37 388 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-3384489848-266114249-364278530-1004\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\1e617109-803e-4be7-9818-0d7338a89cf9 388 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\Protect\S-1-5-21-946592493-3211520402-3949043191-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\***\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\ProgramData 0 bytes
File C:\RRbackups\ProgramData\Microsoft 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_0c4e0812-a48c-4759-8476-87bb7c7bbf28 77 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\6dea747ed38eabf371282d88992c2768_0c4e0812-a48c-4759-8476-87bb7c7bbf28 1295 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_0c4e0812-a48c-4759-8476-87bb7c7bbf28 54 bytes
File C:\RRbackups\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_0c4e0812-a48c-4759-8476-87bb7c7bbf28 915 bytes
---- EOF - GMER 1.0.15 ----
[CODE]info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2011-01-17 03:49:06
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0007 -removeonly
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0007 -removeonly
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader X - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-AA0000000001}
Anzeige am Bildschirm-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.LH 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Application Verifier-->MsiExec.exe /I{39556553-8C77-4C5E-8F30-4083274948A2}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ITPUNVENz.INF
Debugging Tools for Windows (x86)-->MsiExec.exe /I{D09605BE-5587-4B0C-86C8-69B5092CB80F}
Dienstprogramm "ThinkPad UltraNav"-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x7 UNINSTALL
Diskeeper Home-->MsiExec.exe /X{796E076A-82F7-4D49-98C8-DEC0C3BC733A}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Ergänzung zu Productivity Center für ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x7 -AddRemove
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA\UIU32m.exe -U -ILVVENzm.inf
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Integrated Camera-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0007 -removeonly -u
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
K-Lite Codec Pack 6.4.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lenovo System Interface Driver-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTx86 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile DEU Language Pack-->MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office Home and Business 2010 - Deutsch-->C:\Program Files\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0062-0407-0000-0000000FF1CE}
Microsoft Office Klick-und-Los 2010-->"C:\PROGRA~1\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Microsoft Office Klick-und-Los 2010-->MsiExec.exe /I{90140000-006D-0407-0000-0000000FF1CE}
Microsoft SQL Server 2005 Express Edition (SOPHOS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Windows Performance Toolkit-->MsiExec.exe /I{E7F9E526-2324-437B-A609-E8C5309465CB}
Microsoft Windows SDK for Windows 7 (7.1)-->"C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\Setup.exe" -x "-source:hxxp://download.microsoft.com/download/A/6/A/A6AC035D-DA3F-4F0C-ADA4-37C8E5D34E3D/setup;C:\Program Files\Microsoft SDKs\Windows\v7.1\;C:\Program Files\Microsoft SDKs\Windows\v7.1\Setup\1033\;C:\Users\ich\AppData\Local\Temp\SDKSetup\WinSDK\WinSDK\"
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Multimedia Center For Think Offerings-->MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
PC-Doctor 5 für Windows-->C:\Program Files\PCDR5\uninst.exe
Registry patch for Windows Vista USB S3 PM Enablement-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\USBPMon\USBPMon.inf
Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista -->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\FPIRPOn\FPIRPOn.inf
Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 130 C:\Program Files\Lenovo\Dipmon\Dipmon.inf
Registry patch to improve USB device detection on resume from sleep for Windows Vista-->MsiExec.exe /X{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}
Rescue and Recovery-->MsiExec.exe /X{7E4C16B8-8F76-4940-8505-98E93C00BF19}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x7 anything
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Skype Toolbars-->MsiExec.exe /I{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sony Ericsson PC Suite 6.011.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Sophos Anti-Virus-->MsiExec.exe /X{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}
Sophos AutoUpdate-->MsiExec.exe /X{15C418EB-7675-42be-B2B3-281952DA014D}
Sophos Control Center-->MsiExec.exe /I{FE2C8DFE-8886-4181-B3BA-36978ABD5E36}
Sophos Remote Management System-->MsiExec.exe /X{FED1005D-CBC8-45D5-A288-FFC7BB304121}
Sophos Update Manager-->MsiExec.exe /X{2C7A82DB-69BC-4198-AC26-BB862F1BE4D0}
System Migration Assistant-->MsiExec.exe /X{F705E3E1-A471-426B-9A09-73429F3418EE}
ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
ThinkPad Energie-Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}\SETUP.EXE" -l0x7 -AddRemove
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad UltraNav Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\Setup.exe" -l0x7 anything
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x7 -AddRemove
ThinkVantage System für aktiven Festplattenschutz-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x7 UNINSTALL
Windows Driver Package - Broadcom (b57nd60x) Net (05/09/2007 10.39.0.0)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\b57nd60x.inf_3672fe23\b57nd60x.inf
Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaahci.inf
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich8id2.inf_a8dc8098\ich8id2.inf
Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich8ide.inf_945a5faf\ich8ide.inf
Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich8ahci.inf_b3b521ec\ich8ahci.inf
Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\dmi_pci.inf_0e65d7c6\dmi_pci.inf
Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich8smb.inf_eae3c27f\ich8smb.inf
Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich8core.inf_a96a333f\ich8core.inf
Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\965m.inf_d9541021\965m.inf
Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ich8usb.inf_aacfb529\ich8usb.inf
Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_750ed1c2\ibmpmdrv.inf
Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\rimmptsk.inf_6c54aaab\rimmptsk.inf
Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\rimsptsk.inf_8826e972\rimsptsk.inf
Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\rixdptsk.inf_41a97d5f\rixdptsk.inf
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: ich-laptop
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948610-184_neutral_GDR aus Paket KB948610(Update) in den Status Wird bereitgestellt(Staging) setzen zu können.
Record Number: 19482
Source Name: Microsoft-Windows-Servicing
Time Written: 20101114204245.000000-000
Event Type: Informationen
User: ich-laptop\ich
Computer Name: ich-laptop
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948610-183_neutral_LDR aus Paket KB948610(Update) in den Status Wird bereitgestellt(Staging) setzen zu können.
Record Number: 19481
Source Name: Microsoft-Windows-Servicing
Time Written: 20101114204245.000000-000
Event Type: Informationen
User: ich-laptop\ich
Computer Name: ich-laptop
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948610-182_neutral_GDR aus Paket KB948610(Update) in den Status Wird bereitgestellt(Staging) setzen zu können.
Record Number: 19480
Source Name: Microsoft-Windows-Servicing
Time Written: 20101114204245.000000-000
Event Type: Informationen
User: ich-laptop\ich
Computer Name: ich-laptop
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948610-181_neutral_LDR aus Paket KB948610(Update) in den Status Wird bereitgestellt(Staging) setzen zu können.
Record Number: 19479
Source Name: Microsoft-Windows-Servicing
Time Written: 20101114204245.000000-000
Event Type: Informationen
User: ich-laptop\ich
Computer Name: ich-laptop
Event Code: 4386
Message: Windows-Wartung erforderte einen Neustart, um das Update 948610-180_neutral_GDR aus Paket KB948610(Update) in den Status Wird bereitgestellt(Staging) setzen zu können.
Record Number: 19478
Source Name: Microsoft-Windows-Servicing
Time Written: 20101114204245.000000-000
Event Type: Informationen
User: ich-laptop\ich
=====Application event log=====
Computer Name: WIN-CTVEW1H569F
Event Code: 103
Message: WinMail (2136) WindowsMail0: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 391
Source Name: ESENT
Time Written: 20101113234627.000000-000
Event Type: Informationen
User:
Computer Name: WIN-CTVEW1H569F
Event Code: 215
Message: WinMail (2136) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Record Number: 390
Source Name: ESENT
Time Written: 20101113234626.000000-000
Event Type: Fehler
User:
Computer Name: WIN-CTVEW1H569F
Event Code: 222
Message: WinMail (2136) WindowsMail0: Sicherung der Datei C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore wird beendet. Daten wurden unvollständig gelesen (gelesen 2097152 Bytes von 2121728 Bytes).
Record Number: 389
Source Name: ESENT
Time Written: 20101113234626.000000-000
Event Type: Informationen
User:
Computer Name: WIN-CTVEW1H569F
Event Code: 220
Message: WinMail (2136) WindowsMail0: Sicherung der Datei C:\Users\Administrator\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore (Größe 2 Mb) beginnt.
Record Number: 388
Source Name: ESENT
Time Written: 20101113234625.000000-000
Event Type: Informationen
User:
Computer Name: WIN-CTVEW1H569F
Event Code: 210
Message: WinMail (2136) WindowsMail0: Eine vollständige Sicherung wird gestartet.
Record Number: 387
Source Name: ESENT
Time Written: 20101113234625.000000-000
Event Type: Informationen
User:
=====Security event log=====
Computer Name: WIN-CTVEW1H569F
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-CTVEW1H569F$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Zielserver:
Zielservername: localhost
Weitere Informationen: localhost
Prozessinformationen:
Prozess-ID: 0x2e0
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Netzwerkadresse: -
Port: -
Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 1077
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101113234638.548194-000
Event Type: Überwachung erfolgreich
User:
Computer Name: WIN-CTVEW1H569F
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Berechtigungen: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1076
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101113234636.769794-000
Event Type: Überwachung erfolgreich
User:
Computer Name: WIN-CTVEW1H569F
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-CTVEW1H569F$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmeldetyp: 5
Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Prozessinformationen:
Prozess-ID: 0x2e0
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Arbeitsstationsname:
Quellnetzwerkadresse: -
Quellport: -
Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: Advapi
Authentifizierungspaket: Negotiate
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0
Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.
Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".
Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).
Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.
Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.
Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 1075
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101113234636.769794-000
Event Type: Überwachung erfolgreich
User:
Computer Name: WIN-CTVEW1H569F
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.
Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: WIN-CTVEW1H569F$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Konto, dessen Anmeldeinformationen verwendet wurden:
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}
Zielserver:
Zielservername: localhost
Weitere Informationen: localhost
Prozessinformationen:
Prozess-ID: 0x2e0
Prozessname: C:\Windows\System32\services.exe
Netzwerkinformationen:
Netzwerkadresse: -
Port: -
Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden. Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 1074
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101113234636.769794-000
Event Type: Überwachung erfolgreich
User:
Computer Name: WIN-CTVEW1H569F
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
Sicherheits- ID: S-1-5-21-3384489848-266114249-364278530-500
Kontoname: Administrator
Domänenname: WIN-CTVEW1H569F
Logon-ID: 0x3b95d
Record Number: 1073
Source Name: Microsoft-Windows-Eventlog
Time Written: 20101113234625.025994-000
Event Type: Überwachung erfolgreich
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Lenovo;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft Windows Performance Toolkit\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"TPCCommon"=C:\PROGRA~1\THINKV~2\PrdCtr
"SMA"=C:\Program Files\ThinkVantage\SMA\
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"TVT"=C:\Program Files\Lenovo
"RR"=C:\Program Files\Lenovo\Rescue and Recovery
"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"SWSHARE"=C:\SWSHARE
-----------------EOF-----------------
RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by ich at 2011-01-17 03:47:38 Microsoft® Windows Vista™ Business Service Pack 2 System drive C: has 93 GB (63%) free of 146 GB Total RAM: 2038 MB (44% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 03:48:34, on 17.01.2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18999) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\TpShocks.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\ich\Desktop\RSIT.exe C:\Program Files\trend micro\ich.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start O4 - HKLM\..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - hxxp://download.speakyweb.com/speakyldr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Sophos Anti-Virus Statusreporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sophos Agent - Sophos Plc - C:\Program Files\Sophos\SCC\Remote Management System\ManagementAgentNT.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: Sophos Certification Manager - Sophos Plc - C:\Program Files\Sophos\SCC\CertificationManagerServiceNT.exe O23 - Service: Sophos Management Service - Sophos Plc - C:\Program Files\Sophos\SCC\MgntSvc.exe O23 - Service: Sophos Message Router - Sophos Plc - C:\Program Files\Sophos\SCC\Remote Management System\RouterNT.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Sophos Update Manager (SUM) - Sophos Group - C:\Program Files\Sophos\SCC\SUM\SUMService.exe O23 - Service: Sophos Web Intelligence Service (swi_service) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8374 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39EA7695-B3F2-4C44-A4BC-297ADA8FD235}] Sophos Web Content Scanner - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll [2011-01-16 246000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22 1242504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [] "TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-03-05 172032] ""= [] "TpShocks"=C:\Windows\system32\TpShocks.exe [2007-11-22 181536] "DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-11-15 217176] "RoxioDragToDisc"=C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe [2007-03-13 1116920] "TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-01-08 536576] "ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007-07-05 419112] "ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007-07-05 124200] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-10-07 150040] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-10-07 178712] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-10-07 154136] "DivX Download Manager"=C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe start [] "Sophos AutoUpdate Monitor"=C:\Program Files\Sophos\AutoUpdate\almon.exe [2010-09-30 439536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe start [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2007-04-26 120368] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe [2011-01-03 15028104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-11-20 434176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2007-03-29 719664] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-10-07 221184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus] C:\Windows\system32\psqlpwd.dll [2007-03-14 89600] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli psqlpwd ACGina [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "DisableCAD"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2011-01-17 03:47:38 ----D---- C:\rsit 2011-01-17 03:47:38 ----D---- C:\Program Files\trend micro 2011-01-16 23:33:58 ----D---- C:\symbols 2011-01-16 23:26:58 ----D---- C:\Program Files\Microsoft Windows Performance Toolkit 2011-01-16 23:26:30 ----D---- C:\Program Files\Debugging Tools for Windows (x86) 2011-01-16 23:26:07 ----D---- C:\Program Files\Application Verifier 2011-01-16 23:19:00 ----D---- C:\Program Files\Microsoft SDKs 2011-01-16 22:18:41 ----A---- C:\Windows\system32\sdccoinstaller.dll 2011-01-16 22:18:23 ----D---- C:\ProgramData\Sophos Web Intelligence 2011-01-16 22:17:31 ----D---- C:\Program Files\Common Files\Cisco Systems 2011-01-16 22:17:27 ----A---- C:\Windows\system32\SophosBootTasks.exe 2011-01-16 22:16:01 ----A---- C:\Windows\system32\drivers\savonaccess.sys 2011-01-16 22:15:29 ----A---- C:\Windows\system32\drivers\sdcfilter.sys 2011-01-16 22:15:09 ----A---- C:\Windows\system32\drivers\SophosBootDriver.sys 2011-01-16 21:25:02 ----D---- C:\Program Files\Common Files\Sophos 2011-01-16 21:24:43 ----D---- C:\Program Files\Common Files\Business Objects 2011-01-16 21:24:42 ----D---- C:\ProgramData\Sophos 2011-01-16 21:24:42 ----D---- C:\Program Files\Sophos 2011-01-16 21:24:42 ----D---- C:\Program Files\Business Objects 2011-01-16 21:19:17 ----D---- C:\Program Files\Microsoft SQL Server 2011-01-16 21:16:33 ----D---- C:\scc_40 2011-01-16 14:24:47 ----SHD---- C:\found.000 2011-01-15 22:26:24 ----D---- C:\Users\ich\AppData\Roaming\skypePM 2011-01-14 22:22:42 ----D---- C:\Program Files\Common Files\Skype 2011-01-14 22:22:41 ----RD---- C:\Program Files\Skype 2011-01-14 22:22:40 ----D---- C:\Users\ich\AppData\Roaming\Skype 2011-01-14 22:22:33 ----D---- C:\ProgramData\Skype 2011-01-12 17:02:16 ----A---- C:\Windows\system32\odbc32.dll 2011-01-12 17:02:14 ----A---- C:\Windows\system32\sdclt.exe 2010-12-28 05:35:03 ----D---- C:\ProgramData\Roxio 2010-12-28 05:35:02 ----D---- C:\Users\ich\AppData\Roaming\Roxio 2010-12-23 16:04:26 ----D---- C:\ProgramData\WindowsSearch 2010-12-23 03:14:05 ----D---- C:\Program Files\Dr. Hardware 2011 2010-12-23 03:02:54 ----D---- C:\Windows\Minidump 2010-12-21 19:55:38 ----D---- C:\ProgramData\BVRP Software 2010-12-21 19:52:03 ----A---- C:\ProgramData\hpe79D5.dll 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016whnt.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016wh.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016unic.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016obex.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016nd5.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016mgmt.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016mdm.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016mdfl.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016cr.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016cmnt.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016cm.sys 2010-12-21 19:52:00 ----A---- C:\Windows\system32\drivers\s0016bus.sys 2010-12-21 19:51:49 ----D---- C:\ProgramData\Sony Ericsson 2010-12-21 19:51:49 ----D---- C:\Program Files\Sony Ericsson 2010-12-19 03:40:06 ----D---- C:\Program Files\Common Files\DivX Shared 2010-12-18 17:38:36 ----D---- C:\Users\ich\AppData\Roaming\WinRAR 2010-12-18 15:13:08 ----D---- C:\ProgramData\Kaspersky Lab Setup Files 2010-12-18 02:34:35 ----D---- C:\Users\ich\AppData\Roaming\Local ======List of files/folders modified in the last 1 months====== 2011-01-17 03:48:20 ----D---- C:\Windows\Temp 2011-01-17 03:47:38 ----RD---- C:\Program Files 2011-01-17 03:47:37 ----D---- C:\Windows\Prefetch 2011-01-17 03:46:54 ----SHD---- C:\System Volume Information 2011-01-17 01:18:27 ----D---- C:\Program Files\World of Warcraft 2011-01-16 23:27:13 ----SHD---- C:\Windows\Installer 2011-01-16 23:26:59 ----SD---- C:\Users\ich\AppData\Roaming\Microsoft 2011-01-16 23:26:08 ----D---- C:\Windows\System32 2011-01-16 23:19:00 ----D---- C:\Program Files\MSBuild 2011-01-16 23:04:45 ----D---- C:\Windows 2011-01-16 22:18:47 ----D---- C:\Windows\winsxs 2011-01-16 22:18:23 ----HD---- C:\ProgramData 2011-01-16 22:17:31 ----D---- C:\Program Files\Common Files 2011-01-16 22:17:30 ----D---- C:\Windows\system32\drivers 2011-01-16 22:14:56 ----D---- C:\Windows\Tasks 2011-01-16 22:14:21 ----D---- C:\Windows\system32\Tasks 2011-01-16 21:28:38 ----D---- C:\Windows\Debug 2011-01-16 21:23:18 ----RSD---- C:\Windows\assembly 2011-01-16 21:22:51 ----D---- C:\Users\ich\AppData\Roaming\SoftGrid Client 2011-01-16 21:22:50 ----D---- C:\ProgramData\VirtualizedApplications 2011-01-16 21:22:47 ----D---- C:\Windows\inf 2011-01-16 21:22:47 ----A---- C:\Windows\system32\PerfStringBackup.INI 2011-01-16 21:21:25 ----D---- C:\Program Files\Common Files\microsoft shared 2011-01-16 21:21:15 ----D---- C:\Program Files\Microsoft.NET 2011-01-16 21:20:40 ----D---- C:\Windows\registration 2011-01-16 21:10:59 ----D---- C:\ProgramData\G DATA 2011-01-16 21:04:17 ----D---- C:\Program Files\G Data 2011-01-16 21:04:17 ----D---- C:\Program Files\Common Files\G Data 2011-01-16 03:28:35 ----D---- C:\Windows\system32\appmgmt 2011-01-15 22:20:40 ----SD---- C:\ProgramData\Microsoft 2011-01-15 21:47:49 ----D---- C:\SWSHARE 2011-01-15 20:29:55 ----A---- C:\Windows\ntbtlog.txt 2011-01-15 20:08:26 ----SD---- C:\Windows\Downloaded Program Files 2011-01-13 14:03:43 ----D---- C:\Windows\system32\catroot2 2011-01-13 03:02:12 ----A---- C:\Windows\system32\mrt.exe 2011-01-12 17:02:08 ----D---- C:\Windows\system32\catroot 2010-12-28 22:22:52 ----D---- C:\Program Files\DivX 2010-12-28 05:26:26 ----D---- C:\DRIVERS 2010-12-28 04:45:58 ----D---- C:\Program Files\PCDR5 2010-12-28 02:38:33 ----D---- C:\ProgramData\DivX 2010-12-23 03:18:16 ----D---- C:\Users\ich\AppData\Roaming\DivX 2010-12-23 03:18:08 ----D---- C:\Windows\system32\FxsTmp 2010-12-21 19:51:49 ----HD---- C:\Program Files\InstallShield Installation Information 2010-12-19 03:40:40 ----D---- C:\Program Files\Common Files\PX Storage Engine 2010-12-19 01:01:46 ----D---- C:\Users\ich\AppData\Roaming\Adobe 2010-12-18 15:08:39 ----D---- C:\Windows\pss 2010-12-18 14:58:27 ----D---- C:\ProgramData\Norton 2010-12-18 04:13:45 ----D---- C:\Windows\system32\Msdtc 2010-12-18 04:13:42 ----D---- C:\Windows\system32\wbem 2010-12-18 04:07:09 ----D---- C:\Windows\system32\config 2010-12-18 04:06:53 ----D---- C:\Windows\system32\spool ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 DRVMCDB;DRVMCDB; C:\Windows\System32\Drivers\DRVMCDB.SYS [2007-03-12 99848] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2007-02-12 277784] R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528] R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx86.sys [2007-10-16 103472] R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM86.sys [2007-10-16 19504] R1 DLACDBHM;DLACDBHM; C:\Windows\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856] R1 DLARTL_M;DLARTL_M; C:\Windows\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120] R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744] R1 SAVOnAccess;SAVOnAccess; C:\Windows\system32\DRIVERS\savonaccess.sys [2011-01-16 122360] R1 TPPWRIF;TPPWRIF; C:\Windows\System32\drivers\Tppwr32v.sys [2007-12-06 12080] R2 DLABMFSM;DLABMFSM; C:\Windows\System32\DLA\DLABMFSM.SYS [2007-03-13 35064] R2 DLABOIOM;DLABOIOM; C:\Windows\System32\DLA\DLABOIOM.SYS [2007-03-13 32472] R2 DLADResM;DLADResM; C:\Windows\System32\DLA\DLADResM.SYS [2007-03-13 9400] R2 DLAIFS_M;DLAIFS_M; C:\Windows\System32\DLA\DLAIFS_M.SYS [2007-03-13 104824] R2 DLAOPIOM;DLAOPIOM; C:\Windows\System32\DLA\DLAOPIOM.SYS [2007-03-13 26744] R2 DLAPoolM;DLAPoolM; C:\Windows\System32\DLA\DLAPoolM.SYS [2007-03-13 14520] R2 DLAUDF_M;DLAUDF_M; C:\Windows\System32\DLA\DLAUDF_M.SYS [2007-03-13 98104] R2 DLAUDFAM;DLAUDFAM; C:\Windows\System32\DLA\DLAUDFAM.SYS [2007-03-13 94648] R2 DRVNDDM;DRVNDDM; C:\Windows\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400] R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-14 11152] R2 tvtfilter;tvtfilter; C:\Windows\system32\DRIVERS\tvtfilter.sys [2010-11-14 33536] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-04-10 8704] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-10-25 153136] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-05-02 179712] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRTN32.sys [2009-06-22 486400] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-03-25 984064] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-03-25 208384] R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-10-07 2473472] R3 NETw4v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-04-29 2219520] R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2010-11-14 21376] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088] R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760] R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944] R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864] R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304] R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-03-14 40848] R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624] R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-03-25 660480] S3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528] S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160] S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904] S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696] S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2007-03-29 79664] S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-02-27 81200] S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-02-27 16432] S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDARTN.sys [2007-04-27 215040] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG-Adaptertreiber für Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664] S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752] S3 sdcfilter;sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [2011-01-16 23928] S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2007-01-09 128104] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 SophosBootDriver;SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [2011-01-16 22536] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-07-05 91432] R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-07-05 206120] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664] R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-11-15 634988] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 MSSQL$SOPHOS;SQL Server (SOPHOS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224] R2 SAVAdminService;Sophos Anti-Virus Statusreporter; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2011-01-16 163056] R2 SAVService;Sophos Anti-Virus; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [2011-01-16 97520] R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688] R2 Sophos Agent;Sophos Agent; C:\Program Files\Sophos\SCC\Remote Management System\ManagementAgentNT.exe [2011-01-16 282624] R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [2010-09-30 230640] R2 Sophos Certification Manager;Sophos Certification Manager; C:\Program Files\Sophos\SCC\CertificationManagerServiceNT.exe [2009-09-03 77824] R2 Sophos Management Service;Sophos Management Service; C:\Program Files\Sophos\SCC\MgntSvc.exe [2009-09-22 5406720] R2 Sophos Message Router;Sophos Message Router; C:\Program Files\Sophos\SCC\Remote Management System\RouterNT.exe [2011-01-16 806912] R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544] R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968] R2 SUM;Sophos Update Manager; C:\Program Files\Sophos\SCC\SUM\SUMService.exe [2009-11-30 19456] R2 swi_service;Sophos Web Intelligence Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2011-01-16 1541360] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-08-09 644408] R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2007-10-16 37424] R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-08 569344] R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-01-08 950272] R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-01-08 1118208] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-04-10 386560] R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-30 73728] S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S4 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-03-29 441136] S4 IBMPMSVC;ThinkPad PM Service; C:\Windows\system32\ibmpmsvc.exe [2007-05-31 36400] S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272] S4 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] S4 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-01-12 57344] S4 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-01-12 294912] S4 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-22 880640] S4 TPHKSVC;Anzeige am Bildschirm; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936] -----------------EOF----------------- Über eine Antwort würde ich mich sehr freuen. Schade dass keiner Zeit hat. Ich bin mit meinen Nerven am Ende. Wenn ich nur wüsst was ich machen soll, Vista neu aufsetzen bringt ja auch nichts. Immer noch keiner da? Meldet euch ihr Experten, ihr bekommt auch einen Kaffee  hilfe hilfe |
|
21.01.2011, 16:34
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | rotkit, bluescreen windows vista hängt Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
| Themen zu rotkit, bluescreen windows vista hängt |
| 32 bit, bho, bluescreen, bluescreen windows vista, booten, browser, buffer overrun, crypto, desktop, device driver, error, festplatte, festplatte defekt, firefox, flash player, hijack, hijackthis, hängt, iastor.sys, install.exe, kaspersky, m.exe, msiexec.exe, neu aufsetzen, notepad.exe, notification, ntdll.dll, plug-in, programdata, programm, registry, scan, security update, server, skype.exe, software, start menu, svchost.exe, system, thinkvantage registry monitor service, updates, viren, vista, vista 32, vista 32 bit, windows, wscript.exe |
Linear-Darstellung
