| |
| |||||||
Log-Analyse und Auswertung: Trojaner trojan.fakeAlert blendet Desktop und Dateien ausWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.04.2011, 12:08
| #1 |
| |  Trojaner trojan.fakeAlert blendet Desktop und Dateien aus Hallo liebes Trojaner-Board Team! Ich habe seit gestern Abend Probleme mit meinem Win7 Professional System. Der Desktophintergrund und alle Ordner sind verschwunden (Verknüpfungen nicht), meine Bibliothekten sind leer und die nicht-Windows Partition ebenfalls. Über die Suche sind einige Dateien auffindbar. Ich habe daraufhin einen Full-Scan mit der aktualisierten Version von Anti-Malware gemacht, den Log gespeichert - und die gefundenen Probleme beheben lassen, was allerdings kein Besserung gebracht hat. Hier das Log: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6467 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 29.04.2011 02:35:56 mbam-log-2011-04-29 (02-35-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|) Durchsuchte Objekte: 362694 Laufzeit: 1 Stunde(n), 39 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: c:\programdata\qkkforqyobsql.exe (Trojan.FakeAlert) -> 4144 -> No action taken. Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qkkFOrQYoBSQl (Trojan.FakeAlert) -> Value: qkkFOrQYoBSQl -> No action taken. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\programdata\qkkforqyobsql.exe (Trojan.FakeAlert) -> No action taken. c:\program files\Lenovo\access connections\sms_application.exe (Trojan.MSIL.ND2) -> No action taken. c:\Users\philip christmann\AppData\Local\Temp\0.19747792323172508.exe (Trojan.FakeAlert) -> No action taken. c:\Users\philip christmann\AppData\LocalLow\Sun\Java\deployment\cache\6.0\49\53fa20b1-4663d815 (Trojan.FakeAlert) -> No action taken. Für eure Unterstützung wäre ich sehr dankbar. Gruß, Philip |
|
30.04.2011, 03:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
30.04.2011, 18:44
| #3 |
| | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus Hallo Arne,
__________________danke für deine Antwort. Die früheren Logfiles sind alle ohne Befunde, unten die beiden jüngsten. Hoffe, du kannst mir trotzdem helfen - vielen Dank schon einmal. Gruß, Philip Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 09.08.2010 22:57:21 mbam-log-2010-08-09 (22-57-21).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 1 Laufzeit: 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) --------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4052 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 17.06.2010 11:48:05 mbam-log-2010-06-17 (11-48-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|S:\|) Durchsuchte Objekte: 237311 Laufzeit: 50 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
01.05.2011, 14:06
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.05.2011, 14:51
| #5 |
| | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus Hallo Arne, erledigt, hier ist der Inhalt der OTL.txt. Gruß, PhilipOTL Logfile: Code:
ATTFilter OTL logfile created on: 01.05.2011 15:26:17 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\PHILIP\Desktop An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,31 Gb Total Space | 84,11 Gb Free Space | 43,06% Space Free | Partition Type: NTFS Drive F: | 26,34 Gb Total Space | 9,81 Gb Free Space | 37,23% Space Free | Partition Type: NTFS Drive Q: | 9,77 Gb Total Space | 3,74 Gb Free Space | 38,28% Space Free | Partition Type: NTFS Drive S: | 1,46 Gb Total Space | 0,85 Gb Free Space | 58,04% Space Free | Partition Type: NTFS Computer Name: X200 | User Name: PHILIP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.01 15:23:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\PHILIP\Desktop\OTL.exe PRC - [2011.03.16 22:53:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.01 15:49:28 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.08.02 17:09:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.08.02 17:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.05.12 03:25:00 | 000,132,456 | -H-- | M] (Lenovo.) -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE PRC - [2010.04.26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2010.04.22 16:56:48 | 000,259,432 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe PRC - [2010.04.22 16:56:44 | 000,124,264 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2010.04.22 16:28:10 | 000,352,256 | ---- | M] (Lenovo) -- C:\Programme\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2010.04.20 13:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2010.04.20 13:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe PRC - [2010.04.07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2010.03.05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2010.03.05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2010.02.04 12:14:20 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe PRC - [2010.02.04 12:14:06 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.12.21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe PRC - [2009.11.24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2009.11.24 08:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe PRC - [2009.10.20 21:32:00 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe PRC - [2009.10.20 21:26:50 | 001,701,112 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe PRC - [2009.10.19 17:00:58 | 001,029,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2009.09.24 23:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.08.06 17:37:08 | 000,424,448 | R--- | M] () -- C:\Programme\Mobile Broadband Drivers\WMCore\mini_WMCore.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (SafeList) ========== MOD - [2011.05.01 15:23:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\PHILIP\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.03.31 00:38:57 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai) SRV - [2011.03.16 22:53:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.08.11 13:15:29 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.08.02 17:09:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.07.08 10:18:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.05.12 03:25:00 | 000,132,456 | -H-- | M] (Lenovo.) [Auto | Running] -- C:\Programme\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc) SRV - [2010.05.12 03:25:00 | 000,075,112 | -H-- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2010.04.22 16:56:48 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2010.04.22 16:56:44 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2010.04.20 13:23:32 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV - [2010.04.20 13:23:18 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV - [2010.04.07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2010.04.07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2010.03.05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2010.03.05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.04 12:14:20 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.02.04 12:14:06 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) Intel(R) SRV - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2009.10.20 21:32:00 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc) SRV - [2009.10.20 21:31:52 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor) SRV - [2009.10.20 21:26:50 | 001,701,112 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService) SRV - [2009.10.19 17:00:58 | 001,029,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2009.09.24 23:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009.08.07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.08.06 17:37:08 | 000,424,448 | R--- | M] () [Auto | Running] -- C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.04.29 12:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV - [2011.03.16 22:53:33 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.23 23:59:55 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.12 03:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\DozeHDD.sys -- (DozeHDD) DRV - [2010.05.12 03:25:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2010.03.17 22:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R) DRV - [2010.02.20 22:38:37 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.12.21 13:58:28 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2009.12.07 14:47:24 | 000,035,408 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kx1avs.sys -- (kx1avs) DRV - [2009.12.07 14:47:21 | 000,276,432 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\kx1usb.sys -- (kx1usb) DRV - [2009.11.03 18:19:18 | 000,052,320 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\U46DRV.sys -- (U46_AA) DRV - [2009.11.03 18:19:18 | 000,028,256 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\U46wdm.sys -- (U46WDM1_01) DRV - [2009.10.20 21:44:44 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009.10.09 13:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2009.10.09 13:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2009.10.05 18:56:06 | 000,460,800 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2009.08.21 14:59:22 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R) DRV - [2009.07.29 21:00:42 | 000,213,032 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WwanUsbMp.sys -- (WwanUsbServ) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.10 16:53:22 | 000,082,984 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36wgps.sys -- (e36wgps) DRV - [2009.07.02 11:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2009.06.30 16:38:52 | 000,374,272 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmdm.sys -- (e36gmdm) F3607gw Mobile Broadband Data Modem Driver (Win7) DRV - [2009.06.30 16:38:52 | 000,357,376 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmgmt.sys -- (e36gmgmt) F3607gw Mobile Broadband Device Management Drivers (Win7) DRV - [2009.06.30 16:38:52 | 000,285,056 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gbus.sys -- (e36gbus) F3607gw Mobile Broadband Device driver (Win7) DRV - [2009.06.30 16:38:52 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e36gmdfl.sys -- (e36gmdfl) F3607gw Mobile Broadband Data Modem Filter (Win7) DRV - [2009.06.23 12:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2009.06.22 12:35:04 | 000,054,528 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DlinkUDSMBus.sys -- (DlinkUDSMBus) DRV - [2009.06.22 12:35:00 | 000,061,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DlinkUDSTcpBus.sys -- (DlinkUDSTcpBus) DRV - [2009.04.29 12:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008.12.16 13:32:28 | 000,408,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvomdm2.sys -- (lnvomdm2) DRV - [2008.12.16 13:32:28 | 000,375,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvounic.sys -- (lnvounic) Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM) DRV - [2008.12.16 13:32:28 | 000,025,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvond5.sys -- (lnvond5) Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS) DRV - [2008.12.16 13:32:26 | 000,356,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvocard.sys -- (lnvocard) DRV - [2008.12.16 13:32:26 | 000,282,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvobus.sys -- (lnvobus) Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM) DRV - [2008.12.16 13:32:26 | 000,015,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvomdfl2.sys -- (lnvomdfl2) DRV - [2008.10.23 17:15:04 | 000,077,864 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvogps.sys -- (lnvogps) DRV - [2008.09.03 11:25:00 | 000,072,192 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U875.sys -- (5U875UVC) DRV - [2008.08.22 08:10:32 | 000,225,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Intel(R) DRV - [2008.07.08 18:40:58 | 000,024,232 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lnvoscard.sys -- (Sony_EricssonWWSC) DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2008.04.18 17:40:24 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.5 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: wolfram-google@sidthemonkey.com:1.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 22:45:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.26 01:04:38 | 000,000,000 | ---D | M] [2009.12.17 02:05:55 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Extensions [2011.04.29 13:08:35 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions [2010.09.26 17:25:07 | 000,000,000 | -H-D | M] (Forecastfox Weather) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010.05.05 22:41:09 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.15 00:25:01 | 000,000,000 | -H-D | M] (FoxTab) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} [2011.03.23 22:24:01 | 000,000,000 | -H-D | M] (FastestFox) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions\smarterwiki@wikiatic.com [2010.09.11 17:11:01 | 000,000,000 | -H-D | M] (Wolfram Alpha Google) -- C:\Users\PHILIP\AppData\Roaming\mozilla\Firefox\Profiles\q5ee0yd9.default\extensions\wolfram-google@sidthemonkey.com [2010.06.20 22:22:51 | 000,001,718 | -H-- | M] () -- C:\Users\PHILIP\AppData\Roaming\Mozilla\Firefox\Profiles\q5ee0yd9.default\searchplugins\linguee-de-en.xml [2010.02.18 15:50:12 | 000,002,284 | -H-- | M] () -- C:\Users\PHILIP\AppData\Roaming\Mozilla\Firefox\Profiles\q5ee0yd9.default\searchplugins\wolframalpha.xml [2011.03.11 01:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.16 23:51:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009.12.17 01:53:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.17 01:53:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.12.17 01:53:59 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.16 23:51:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll [2011.03.10 22:46:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.10 22:46:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.10 22:46:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.10 22:46:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.10 22:46:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.09.23 14:44:59 | 000,001,318 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AcWin7Hlpr] C:\Programme\Lenovo\Access Connections\AcTBenabler.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Programme\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe () O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4 - HKLM..\Run: [IaNvSrv] C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe () O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited) O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10o_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\PHILIP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.08.11 12:55:50 | 000,000,000 | -H-D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O32 - AutoRun File - [2008.06.03 00:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\Shell - "" = AutoRun O33 - MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe - (Avanquest Software ) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk - C:\Programme\RotateImage\RCIMGDIR.exe - (Ricoh co.,Ltd.) MsConfig - StartUpFolder: C:^Users^PHILIP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AMSG - hkey= - key= - C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO) MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - File not found MsConfig - StartUpReg: BLOG - hkey= - key= - File not found MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: D-Link Network USB Utility - hkey= - key= - C:\Program Files\D-Link\SharePort\SharePort.exe (D-Link Corporation) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) MsConfig - StartUpReg: IaNvSrv - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation) MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: JamInit - hkey= - key= - File not found MsConfig - StartUpReg: LENOVO.TPKNRRES - hkey= - key= - C:\Programme\Lenovo\Communications Utility\TPKNRRES.exe (Lenovo Group Limited) MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - File not found MsConfig - StartUpReg: LPMailChecker - hkey= - key= - File not found MsConfig - StartUpReg: LPManager - hkey= - key= - File not found MsConfig - StartUpReg: Message Center Plus - hkey= - key= - C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe () MsConfig - StartUpReg: NBKeyScan - hkey= - key= - File not found MsConfig - StartUpReg: Persistence - hkey= - key= - File not found MsConfig - StartUpReg: picon - hkey= - key= - C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: TPFNF7 - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {775C7E41-55E1-D218-D608-BA7D23CB0072} - Microsoft Windows Media Player ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A63A8DDA-9378-5CB0-8671-0FA9A5E05A92} - Themes Setup ActiveX: {BFD9B870-ACAF-FE00-3B70-AF74497807DB} - Microsoft Windows Media Player 12.0 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D7FE875F-72A0-4240-5E8E-A171DDE5D9F5} - Microsoft Windows Media Player ActiveX: {DA99C9C2-73B6-29EF-451A-B38320FBFDCB} - Internet Explorer ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EB92C8FC-EDC9-197A-E515-577CA7E12852} - .NET Framework ActiveX: {FBB7B159-54FF-344B-C30E-AC226DFE8E93} - Microsoft Windows Media Player ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011.05.01 15:23:51 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\PHILIP\Desktop\OTL.exe [2011.04.23 00:05:35 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\dm_fullres [2011.04.22 23:17:08 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\DIGITALmusikanten - All before Love [2011.04.22 18:06:47 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\Umstaendlich.verliebt.German.LD.2010.BDRiP.READNFO.XviD-XC [2011.04.22 18:01:39 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\VA-Deep_And_Soulful_Vol._1_(A_Collection_Of_Sophisticated_House_Sounds)-(TNRCOMP023)-WEB-2011-DGN [2011.04.22 17:59:30 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\VA-Sven_Vath_In_The_Mix_The_Sound_Of_The_Eleventh_Season-(Advance)-2CD-2010 [2011.04.19 00:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.19 00:13:21 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.04.19 00:13:20 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.04.19 00:10:53 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.04.13 20:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2011.04.11 09:25:34 | 000,000,000 | -H-D | C] -- C:\Users\PHILIP\Desktop\DESKTOP [2011.04.11 08:58:21 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll [2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.01 15:23:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\PHILIP\Desktop\OTL.exe [2011.05.01 15:22:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.29 12:44:36 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 12:44:36 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.29 12:43:21 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.29 12:43:21 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.29 12:43:21 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.29 12:43:21 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.29 02:46:06 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011.04.29 02:45:36 | 1528,832,000 | -HS- | M] () -- C:\hiberfil.sys [2011.04.29 00:00:49 | 000,001,024 | -H-- | M] () -- C:\Users\PHILIP\.rnd [2011.04.23 00:04:52 | 122,281,626 | -H-- | M] () -- C:\Users\PHILIP\Desktop\dm_fullres.zip [2011.04.21 10:33:25 | 000,255,383 | -H-- | M] () -- C:\Users\PHILIP\Desktop\last two studio 01.jpg [2011.04.21 10:33:25 | 000,171,654 | -H-- | M] () -- C:\Users\PHILIP\Desktop\last two studio 02.jpg [2011.04.19 00:13:53 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.18 23:12:06 | 000,401,254 | -H-- | M] () -- C:\Users\PHILIP\Desktop\Fav Variante 02.jpg [2011.04.18 23:12:06 | 000,370,611 | -H-- | M] () -- C:\Users\PHILIP\Desktop\Fav Variante 01.jpg [2011.04.18 23:12:06 | 000,249,878 | -H-- | M] () -- C:\Users\PHILIP\Desktop\Killer 01.jpg [2011.04.18 23:11:46 | 000,298,857 | -H-- | M] () -- C:\Users\PHILIP\Desktop\CoolWarmGold 02.jpg [2011.04.18 23:11:43 | 000,278,766 | -H-- | M] () -- C:\Users\PHILIP\Desktop\CoolWarmGold 01.jpg [2011.04.18 23:11:38 | 000,286,750 | -H-- | M] () -- C:\Users\PHILIP\Desktop\DigitalKuehl 02.jpg [2011.04.18 23:11:36 | 000,302,426 | -H-- | M] () -- C:\Users\PHILIP\Desktop\DigitalKuehl 01.jpg [2011.04.15 19:27:31 | 003,856,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.10 09:48:28 | 000,864,483 | -H-- | M] () -- C:\Users\PHILIP\Documents\Photo Apr 10, 9 42 18.jpg [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.23 00:03:29 | 122,281,626 | -H-- | C] () -- C:\Users\PHILIP\Desktop\dm_fullres.zip [2011.04.21 10:33:25 | 000,255,383 | -H-- | C] () -- C:\Users\PHILIP\Desktop\last two studio 01.jpg [2011.04.21 10:33:25 | 000,171,654 | -H-- | C] () -- C:\Users\PHILIP\Desktop\last two studio 02.jpg [2011.04.19 00:13:53 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.18 23:12:06 | 000,401,254 | -H-- | C] () -- C:\Users\PHILIP\Desktop\Fav Variante 02.jpg [2011.04.18 23:12:06 | 000,370,611 | -H-- | C] () -- C:\Users\PHILIP\Desktop\Fav Variante 01.jpg [2011.04.18 23:12:06 | 000,249,878 | -H-- | C] () -- C:\Users\PHILIP\Desktop\Killer 01.jpg [2011.04.18 23:11:46 | 000,298,857 | -H-- | C] () -- C:\Users\PHILIP\Desktop\CoolWarmGold 02.jpg [2011.04.18 23:11:43 | 000,278,766 | -H-- | C] () -- C:\Users\PHILIP\Desktop\CoolWarmGold 01.jpg [2011.04.18 23:11:38 | 000,286,750 | -H-- | C] () -- C:\Users\PHILIP\Desktop\DigitalKuehl 02.jpg [2011.04.18 23:11:36 | 000,302,426 | -H-- | C] () -- C:\Users\PHILIP\Desktop\DigitalKuehl 01.jpg [2011.04.11 08:59:19 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2011.04.11 08:58:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.04.11 08:58:00 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml [2011.04.11 08:57:51 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml [2011.04.10 10:05:44 | 000,864,483 | -H-- | C] () -- C:\Users\PHILIP\Documents\Photo Apr 10, 9 42 18.jpg [2011.01.14 00:57:57 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.10.03 00:34:23 | 000,001,456 | -H-- | C] () -- C:\Users\PHILIP\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2010.08.16 09:04:51 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI [2010.07.27 13:11:55 | 000,010,752 | -H-- | C] () -- C:\Users\PHILIP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.21 18:08:14 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.04.21 18:08:14 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2010.04.21 18:08:14 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.04.18 12:17:07 | 000,016,059 | ---- | C] () -- C:\Windows\LxFrame.ini [2010.04.18 12:15:10 | 000,000,198 | ---- | C] () -- C:\Windows\ODBCINST.ini [2010.04.12 21:10:12 | 000,113,248 | ---- | C] () -- C:\Windows\System32\U46asio.dll [2010.04.12 21:10:12 | 000,055,904 | ---- | C] () -- C:\Windows\System32\U46Block.exe [2010.04.12 21:10:12 | 000,052,320 | ---- | C] () -- C:\Windows\System32\drivers\U46DRV.sys [2010.04.12 21:10:12 | 000,028,256 | ---- | C] () -- C:\Windows\System32\drivers\U46wdm.sys [2010.01.19 14:45:14 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7820n.dat [2010.01.19 14:45:05 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat [2009.12.26 03:50:46 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2009.12.18 11:51:22 | 000,508,464 | -H-- | C] () -- C:\Users\PHILIP\AppData\Local\wanancsp.dat [2009.12.17 22:54:38 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.12.17 02:13:16 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2009.12.15 02:45:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2009.11.25 16:39:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll [2009.11.17 17:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll [2009.11.17 17:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll [2009.11.17 17:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll [2009.10.20 21:32:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\DTS.exe [2009.10.20 21:31:52 | 000,106,496 | ---- | C] () -- C:\Windows\System32\ADMonitor.exe [2009.10.20 00:16:31 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.10.01 18:04:31 | 000,018,932 | ---- | C] () -- C:\Windows\MSUMLT_B.INI [2009.08.13 22:45:40 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009.07.26 16:08:45 | 001,348,200 | -H-- | C] () -- C:\Users\PHILIP\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2 [2009.07.19 14:57:09 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.07.17 14:28:01 | 000,000,432 | -H-- | C] () -- C:\Windows\BRWMARK.INI [2009.07.17 14:27:06 | 000,000,340 | -H-- | C] () -- C:\Windows\Brpfx04a.ini [2009.07.17 14:27:06 | 000,000,093 | -H-- | C] () -- C:\Windows\brpcfx.ini [2009.07.17 14:25:21 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll [2009.07.14 10:47:43 | 000,657,676 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,131,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 003,856,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,618,912 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.03.23 00:16:56 | 000,016,896 | ---- | C] () -- C:\Windows\Eventclr.exe [2009.03.22 15:51:01 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1556.dll [2009.03.22 15:51:01 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin [2009.03.22 15:39:48 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2001.12.12 13:41:36 | 000,041,472 | ---- | C] () -- C:\Windows\System32\W32btstp.dll [2001.12.12 13:41:36 | 000,025,088 | ---- | C] () -- C:\Windows\System32\W32btxlt.dll ========== LOP Check ========== [2009.12.26 04:08:05 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Ashampoo [2010.09.19 15:23:17 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Audacity [2010.08.11 22:35:53 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Autodesk [2010.08.23 13:09:45 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Avery [2010.02.26 19:10:15 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1 [2009.12.17 23:11:07 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\CachedFiles [2010.10.02 17:12:30 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.06.25 13:17:48 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\CocoonSoftware [2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\DAEMON Tools Lite [2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Downloaded Installations [2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Dr. DivX 2.0 OSS [2011.04.27 23:36:51 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Dropbox [2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Ericsson [2011.04.22 23:30:12 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\FileZilla [2011.04.28 01:07:10 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\ICQ [2009.12.17 02:05:25 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Leadertech [2009.12.17 02:05:25 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Lenovo [2010.04.18 12:27:49 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Lexware [2010.01.19 15:20:16 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\PC-FAX TX [2009.12.17 02:05:59 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\PMS [2010.10.13 22:40:08 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\ProtectDisc [2009.12.17 02:05:59 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\QcWizard [2009.12.17 02:06:15 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\TeamViewer [2010.07.08 11:10:53 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Update [2011.04.29 00:45:06 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.09.29 23:14:52 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Adobe [2010.12.24 01:38:38 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Apple Computer [2009.12.26 04:08:05 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Ashampoo [2010.09.19 15:23:17 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Audacity [2010.08.11 22:35:53 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Autodesk [2010.08.23 13:09:45 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Avery [2010.12.13 02:37:06 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Avira [2010.02.26 19:10:15 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1 [2009.12.17 02:05:23 | 000,000,000 | RH-D | M] -- C:\Users\PHILIP\AppData\Roaming\Brother [2009.12.17 23:11:07 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\CachedFiles [2010.10.02 17:12:30 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.06.25 13:17:48 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\CocoonSoftware [2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\DAEMON Tools Lite [2010.04.05 23:58:05 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\DivX [2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Downloaded Installations [2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Dr. DivX 2.0 OSS [2011.04.27 23:36:51 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Dropbox [2011.02.22 22:27:18 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\dvdcss [2009.12.17 02:05:23 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Ericsson [2011.04.22 23:30:12 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\FileZilla [2011.04.28 01:07:10 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\ICQ [2009.12.17 21:53:26 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Identities [2010.01.19 14:43:58 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\InstallShield [2010.08.03 16:10:45 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Intel [2009.12.17 02:05:25 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Leadertech [2009.12.17 02:05:25 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Lenovo [2010.04.18 12:27:49 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Lexware [2009.12.17 02:05:25 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Macromedia [2009.12.17 02:05:36 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Malwarebytes [2009.07.14 10:56:56 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Media Center Programs [2009.12.17 02:05:36 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Media Player Classic [2010.08.08 16:07:04 | 000,000,000 | --SD | M] -- C:\Users\PHILIP\AppData\Roaming\Microsoft [2009.12.17 02:05:55 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Mozilla [2009.12.17 02:05:58 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Nero [2010.01.19 15:20:16 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\PC-FAX TX [2009.12.17 02:05:59 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\PMS [2010.10.13 22:40:08 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\ProtectDisc [2009.12.17 02:05:59 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\QcWizard [2011.04.19 00:55:49 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Skype [2009.12.17 02:06:15 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\skypePM [2009.12.17 02:06:15 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\TeamViewer [2010.07.08 11:10:53 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\Update [2011.02.22 22:31:26 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\vlc [2009.07.24 23:42:53 | 000,000,000 | -H-D | M] -- C:\Users\PHILIP\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.08.05 12:49:22 | 000,563,056 | -H-- | M] (Avery Dennison Corporation. Envel Informationssysteme GmbH.) -- C:\Users\PHILIP\AppData\Roaming\Avery\Avery Wizard 3.1\AZWizard.exe [2009.11.06 07:04:40 | 010,377,728 | -H-- | M] () -- C:\Users\PHILIP\AppData\Roaming\CocoonSoftware\QMC\ffmpeg.exe [2008.04.02 12:35:18 | 007,945,216 | -H-- | M] () -- C:\Users\PHILIP\AppData\Roaming\CocoonSoftware\QMC\ffmpegHD.exe [2011.03.31 04:42:50 | 023,360,040 | -H-- | M] (Dropbox, Inc.) -- C:\Users\PHILIP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011.03.31 04:43:18 | 000,155,424 | -H-- | M] (Dropbox, Inc.) -- C:\Users\PHILIP\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.03.29 19:24:20 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\PHILIP\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.08.23 13:09:48 | 000,010,134 | RH-- | M] () -- C:\Users\PHILIP\AppData\Roaming\Microsoft\Installer\{77077FFF-8831-470F-9627-E86F06A50CCD}\ARPPRODUCTICON.exe [2010.07.08 11:11:12 | 001,465,512 | -H-- | M] (PC-Doctor, Inc.) -- C:\Users\PHILIP\AppData\Roaming\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.08.07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.08.07 06:17:26 | 000,330,264 | -H-- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Programme\Lenovo\System Update\session\7zin85ww\DRV\Winall\Driver\IaStor.sys [2009.08.07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\drivers\iaStor.sys [2009.08.07 06:17:26 | 000,330,264 | ---- | M] (Intel Corporation) MD5=01446278D4563B3013C92830AE6CBB26 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1e7c6170b79c26b\iaStor.sys [2008.11.03 10:56:40 | 000,327,192 | -H-- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\DRIVERS\other\IaStor.sys [2008.11.03 10:56:40 | 000,327,192 | -H-- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys [2008.11.03 10:56:40 | 000,327,192 | -H-- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\SWTOOLS\DRIVERS\turbomem\DRV\Winall\Driver\IaStor.sys [2008.11.03 10:56:40 | 000,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3ffc2247bd763e9e\iaStor.sys [2008.11.03 11:10:08 | 000,406,040 | -H-- | M] (Intel Corporation) MD5=5979854E6FDA990107E3170327022117 -- C:\SWTOOLS\DRIVERS\turbomem\DRV\Winall\Driver64\IaStor.sys [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b6b45ab4c5bf7bfe\iaStor.sys [2009.08.07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.08.07 06:24:14 | 000,408,600 | -H-- | M] (Intel Corporation) MD5=BBB3B6DF1ABB0FE35802EDE85CC1C011 -- C:\Programme\Lenovo\System Update\session\7zin85ww\DRV\Winall\Driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.02.20 22:38:37 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > < End of report > |
|
01.05.2011, 15:23
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner trojan.fakeAlert blendet Desktop und Dateien ausZitat:
__________________ --> Trojaner trojan.fakeAlert blendet Desktop und Dateien aus |
|
01.05.2011, 15:53
| #7 |
| | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus ...ist eine offizielle Trial-Version, die abgelaufen, aber noch installiert ist. Gruß, Philip |
|
01.05.2011, 16:00
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.11 12:55:50 | 000,000,000 | -H-D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.06.10 18:32:46 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008.06.03 00:46:54 | 000,000,049 | -HS- | M] () - S:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\Shell - "" = AutoRun
O33 - MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2011, 16:41
| #9 |
| | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus So, OTL-Fix und Neustart sind durchgelaufen. Bibliotheken und die Festplatten F: (hieß vor dem Befall D und S: werden weiterhin als leer angezeigt. Anbei das Log.Gruß Philip All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! File not found. C:\autoexec.bat moved successfully. Q:\AUTORUN.INF moved successfully. S:\AUTORUN.INF moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08996435-f5c6-11df-8f37-028037ec0200}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08996435-f5c6-11df-8f37-028037ec0200}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08996435-f5c6-11df-8f37-028037ec0200}\ not found. File D:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3cd3b5e-4d8f-11e0-bcbc-028037ec0200}\ not found. File D:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8cf4949-ba96-11de-be06-001f1607094c}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8cf4949-ba96-11de-be06-001f1607094c}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8cf4949-ba96-11de-be06-001f1607094c}\ not found. File D:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found. File D:\LaunchU3.exe -a not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found. File F:\LaunchU3.exe -a not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: PHILIP ->Temp folder emptied: 174308796 bytes ->Temporary Internet Files folder emptied: 150709425 bytes ->Java cache emptied: 44942441 bytes ->FireFox cache emptied: 118399870 bytes ->Flash cache emptied: 217215 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 619520 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 70567196 bytes RecycleBin emptied: 2481066827 bytes Total Files Cleaned = 2.900,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05012011_171341 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
01.05.2011, 18:44
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.05.2011, 21:29
| #11 |
| | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus Hallo Arne, unhide hat funktioniert - lediglich die Bibliotheken sind nicht sichtbar. Desktop und HDDs sind wieder da... DANKE! Hier der Kaspersky-Bericht: 2011/05/01 22:18:15.0654 0884 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/05/01 22:18:15.0789 0884 ================================================================================ 2011/05/01 22:18:15.0789 0884 SystemInfo: 2011/05/01 22:18:15.0789 0884 2011/05/01 22:18:15.0789 0884 OS Version: 6.1.7601 ServicePack: 1.0 2011/05/01 22:18:15.0789 0884 Product type: Workstation 2011/05/01 22:18:15.0789 0884 ComputerName: X200 2011/05/01 22:18:15.0789 0884 UserName: PHILIP 2011/05/01 22:18:15.0789 0884 Windows directory: C:\Windows 2011/05/01 22:18:15.0789 0884 System windows directory: C:\Windows 2011/05/01 22:18:15.0789 0884 Processor architecture: Intel x86 2011/05/01 22:18:15.0789 0884 Number of processors: 2 2011/05/01 22:18:15.0789 0884 Page size: 0x1000 2011/05/01 22:18:15.0789 0884 Boot type: Normal boot 2011/05/01 22:18:15.0789 0884 ================================================================================ 2011/05/01 22:18:18.0651 0884 Initialize success 2011/05/01 22:18:27.0160 4908 ================================================================================ 2011/05/01 22:18:27.0160 4908 Scan started 2011/05/01 22:18:27.0160 4908 Mode: Manual; 2011/05/01 22:18:27.0160 4908 ================================================================================ 2011/05/01 22:18:27.0511 4908 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 2011/05/01 22:18:27.0561 4908 5U875UVC (5532aa5d3d35b8ec4ccdb05988f4dbc5) C:\Windows\system32\DRIVERS\5U875.sys 2011/05/01 22:18:27.0612 4908 acedrv11 (a6fe70357a68ad1e279cd1012419cce6) C:\Windows\system32\drivers\acedrv11.sys 2011/05/01 22:18:27.0686 4908 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 2011/05/01 22:18:27.0834 4908 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 2011/05/01 22:18:27.0977 4908 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2011/05/01 22:18:28.0074 4908 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2011/05/01 22:18:28.0147 4908 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2011/05/01 22:18:28.0308 4908 AFD (1151fd4fb0216cfed887bfde29ebd516) C:\Windows\system32\drivers\afd.sys 2011/05/01 22:18:28.0423 4908 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 2011/05/01 22:18:28.0483 4908 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2011/05/01 22:18:28.0557 4908 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 2011/05/01 22:18:28.0606 4908 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 2011/05/01 22:18:28.0666 4908 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 2011/05/01 22:18:28.0728 4908 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2011/05/01 22:18:28.0774 4908 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2011/05/01 22:18:28.0819 4908 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys 2011/05/01 22:18:28.0873 4908 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2011/05/01 22:18:28.0915 4908 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys 2011/05/01 22:18:29.0007 4908 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 2011/05/01 22:18:29.0082 4908 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2011/05/01 22:18:29.0137 4908 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2011/05/01 22:18:29.0186 4908 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/05/01 22:18:29.0224 4908 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 2011/05/01 22:18:29.0282 4908 ATSwpWDF (f77a156735688536145f200f803e752a) C:\Windows\system32\Drivers\ATSwpWDF.sys 2011/05/01 22:18:29.0328 4908 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/05/01 22:18:29.0368 4908 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/05/01 22:18:29.0417 4908 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/05/01 22:18:29.0484 4908 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2011/05/01 22:18:29.0557 4908 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/05/01 22:18:29.0620 4908 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2011/05/01 22:18:29.0669 4908 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2011/05/01 22:18:29.0714 4908 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 2011/05/01 22:18:29.0762 4908 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2011/05/01 22:18:29.0813 4908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2011/05/01 22:18:29.0870 4908 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2011/05/01 22:18:29.0996 4908 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2011/05/01 22:18:30.0062 4908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2011/05/01 22:18:30.0105 4908 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2011/05/01 22:18:30.0150 4908 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys 2011/05/01 22:18:30.0198 4908 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/05/01 22:18:30.0270 4908 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2011/05/01 22:18:30.0360 4908 BTHPORT (195c41cc67e9e1cedd960ccb74925920) C:\Windows\system32\Drivers\BTHport.sys 2011/05/01 22:18:30.0448 4908 BTHUSB (43b3206dd654e783aa7e4ead340a43b8) C:\Windows\system32\Drivers\BTHUSB.sys 2011/05/01 22:18:30.0503 4908 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2011/05/01 22:18:30.0547 4908 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 2011/05/01 22:18:30.0610 4908 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2011/05/01 22:18:30.0655 4908 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2011/05/01 22:18:30.0711 4908 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/05/01 22:18:30.0767 4908 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 2011/05/01 22:18:30.0832 4908 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2011/05/01 22:18:30.0899 4908 CnxtHdAudService (726803d911045d283509d3cdd91d8e52) C:\Windows\system32\drivers\CHDRT32.sys 2011/05/01 22:18:30.0967 4908 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2011/05/01 22:18:31.0007 4908 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 2011/05/01 22:18:31.0053 4908 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2011/05/01 22:18:31.0115 4908 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 2011/05/01 22:18:31.0189 4908 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 2011/05/01 22:18:31.0241 4908 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2011/05/01 22:18:31.0302 4908 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2011/05/01 22:18:31.0349 4908 DlinkUDSMBus (0f1644f041c829963869e7fcc84bc381) C:\Windows\system32\Drivers\DlinkUDSMBus.sys 2011/05/01 22:18:31.0425 4908 DlinkUDSTcpBus (cb1dd507f416b0dc77e3eed7234b7c06) C:\Windows\system32\Drivers\DlinkUDSTcpBus.sys 2011/05/01 22:18:31.0482 4908 DozeHDD (e00b3ce273b17aee1259c105df5524ca) C:\Windows\system32\DRIVERS\DozeHDD.sys 2011/05/01 22:18:31.0558 4908 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2011/05/01 22:18:31.0621 4908 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 2011/05/01 22:18:31.0823 4908 e1yexpress (c90ce29df8b9836cc6514ce9f53d0eb5) C:\Windows\system32\DRIVERS\e1y6032.sys 2011/05/01 22:18:31.0904 4908 e36gbus (2cc474ab0a4f40223a669682df2d06d5) C:\Windows\system32\DRIVERS\e36gbus.sys 2011/05/01 22:18:31.0990 4908 e36gmdfl (9bd69da7fa7d317847e32019b3fb8ce0) C:\Windows\system32\DRIVERS\e36gmdfl.sys 2011/05/01 22:18:32.0049 4908 e36gmdm (7c713bd735339cfc8df890724f5ff061) C:\Windows\system32\DRIVERS\e36gmdm.sys 2011/05/01 22:18:32.0124 4908 e36gmgmt (b71609675b421073319c62177b649eca) C:\Windows\system32\DRIVERS\e36gmgmt.sys 2011/05/01 22:18:32.0198 4908 e36wgps (5c27b8348904743de7b028b9eaa4430d) C:\Windows\system32\DRIVERS\e36wgps.sys 2011/05/01 22:18:32.0334 4908 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2011/05/01 22:18:32.0547 4908 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2011/05/01 22:18:32.0630 4908 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 2011/05/01 22:18:32.0708 4908 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2011/05/01 22:18:32.0767 4908 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2011/05/01 22:18:32.0825 4908 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2011/05/01 22:18:32.0881 4908 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2011/05/01 22:18:32.0933 4908 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2011/05/01 22:18:32.0989 4908 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/05/01 22:18:33.0042 4908 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2011/05/01 22:18:33.0107 4908 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2011/05/01 22:18:33.0155 4908 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2011/05/01 22:18:33.0207 4908 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 2011/05/01 22:18:33.0289 4908 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2011/05/01 22:18:33.0350 4908 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2011/05/01 22:18:33.0399 4908 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2011/05/01 22:18:33.0442 4908 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 2011/05/01 22:18:33.0487 4908 HECI (30d57ee84e1e169d41a6e873b549a096) C:\Windows\system32\DRIVERS\HECI.sys 2011/05/01 22:18:33.0537 4908 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2011/05/01 22:18:33.0581 4908 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2011/05/01 22:18:33.0635 4908 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2011/05/01 22:18:33.0710 4908 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 2011/05/01 22:18:33.0789 4908 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 2011/05/01 22:18:33.0864 4908 HSF_DPV (c761b4a8391f5e47f7c51a691ce773f4) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/05/01 22:18:33.0945 4908 HSXHWAZL (50b42ef358a2e5363be6b77138a22391) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/05/01 22:18:34.0008 4908 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 2011/05/01 22:18:34.0069 4908 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 2011/05/01 22:18:34.0110 4908 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 2011/05/01 22:18:34.0201 4908 iaNvStor (d0310c79c5a9d42b96e37c5c510c6a5c) C:\Windows\system32\DRIVERS\iaNvStor.sys 2011/05/01 22:18:34.0334 4908 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys 2011/05/01 22:18:34.0473 4908 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys 2011/05/01 22:18:34.0533 4908 IBMPMDRV (400d7095d5ae08970f839bcac1843106) C:\Windows\system32\DRIVERS\ibmpmdrv.sys 2011/05/01 22:18:34.0908 4908 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/05/01 22:18:35.0253 4908 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2011/05/01 22:18:35.0314 4908 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 2011/05/01 22:18:35.0354 4908 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2011/05/01 22:18:35.0411 4908 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/05/01 22:18:35.0463 4908 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 2011/05/01 22:18:35.0507 4908 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2011/05/01 22:18:35.0566 4908 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2011/05/01 22:18:35.0617 4908 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 2011/05/01 22:18:35.0677 4908 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 2011/05/01 22:18:35.0734 4908 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 2011/05/01 22:18:35.0791 4908 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 2011/05/01 22:18:35.0846 4908 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 2011/05/01 22:18:35.0902 4908 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2011/05/01 22:18:35.0981 4908 kx1avs (afe0c01b2fabfc4d30567b03e2f33571) C:\Windows\system32\Drivers\kx1avs.sys 2011/05/01 22:18:36.0040 4908 kx1usb (aa7368baa66a58809f72feed85e97e85) C:\Windows\system32\Drivers\kx1usb.sys 2011/05/01 22:18:36.0108 4908 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys 2011/05/01 22:18:36.0153 4908 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/05/01 22:18:36.0250 4908 lnvobus (5043485c31721056e37f7dec48b7ce08) C:\Windows\system32\DRIVERS\lnvobus.sys 2011/05/01 22:18:36.0333 4908 lnvocard (4d01bc3a925788dc00f8f0f1ac9ab562) C:\Windows\system32\DRIVERS\lnvocard.sys 2011/05/01 22:18:36.0402 4908 lnvogps (dcac8dafb7a81905390c33360b16dbfd) C:\Windows\system32\DRIVERS\lnvogps.sys 2011/05/01 22:18:36.0453 4908 lnvomdfl2 (31ad4d7819ccc2f238ef39d23cbc7ee3) C:\Windows\system32\DRIVERS\lnvomdfl2.sys 2011/05/01 22:18:36.0516 4908 lnvomdm2 (5f61f6ed3662d5610d63c97fab3429cb) C:\Windows\system32\DRIVERS\lnvomdm2.sys 2011/05/01 22:18:36.0577 4908 lnvond5 (6b90d120f9b966d1c1bb33ba1c0f1b7d) C:\Windows\system32\DRIVERS\lnvond5.sys 2011/05/01 22:18:36.0632 4908 lnvounic (af031752c5cd5ef3a7d282c436a5655b) C:\Windows\system32\DRIVERS\lnvounic.sys 2011/05/01 22:18:36.0728 4908 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2011/05/01 22:18:36.0772 4908 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2011/05/01 22:18:36.0826 4908 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2011/05/01 22:18:36.0875 4908 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2011/05/01 22:18:36.0918 4908 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2011/05/01 22:18:36.0967 4908 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/05/01 22:18:37.0013 4908 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2011/05/01 22:18:37.0079 4908 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2011/05/01 22:18:37.0210 4908 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2011/05/01 22:18:37.0258 4908 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2011/05/01 22:18:37.0297 4908 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 2011/05/01 22:18:37.0387 4908 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2011/05/01 22:18:37.0454 4908 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 2011/05/01 22:18:37.0510 4908 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 2011/05/01 22:18:37.0561 4908 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2011/05/01 22:18:37.0648 4908 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 2011/05/01 22:18:37.0711 4908 mrxsmb (ed3d3419b064f28d812995ed8cadc541) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/05/01 22:18:37.0766 4908 mrxsmb10 (dc914446049169a964e27fd8888ffaee) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/05/01 22:18:37.0818 4908 mrxsmb20 (e7d90388d14fae057c166c1801e0bf94) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/05/01 22:18:37.0889 4908 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 2011/05/01 22:18:37.0957 4908 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 2011/05/01 22:18:38.0023 4908 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2011/05/01 22:18:38.0076 4908 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2011/05/01 22:18:38.0128 4908 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 2011/05/01 22:18:38.0192 4908 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2011/05/01 22:18:38.0231 4908 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/05/01 22:18:38.0270 4908 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2011/05/01 22:18:38.0322 4908 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2011/05/01 22:18:38.0372 4908 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 2011/05/01 22:18:38.0420 4908 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2011/05/01 22:18:38.0471 4908 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2011/05/01 22:18:38.0511 4908 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2011/05/01 22:18:38.0567 4908 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2011/05/01 22:18:38.0639 4908 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 2011/05/01 22:18:38.0723 4908 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2011/05/01 22:18:38.0763 4908 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/05/01 22:18:38.0804 4908 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/05/01 22:18:38.0849 4908 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/05/01 22:18:38.0893 4908 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 2011/05/01 22:18:38.0939 4908 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2011/05/01 22:18:38.0985 4908 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 2011/05/01 22:18:39.0282 4908 NETw5s32 (3577b851e59da59e6d65419a057c9914) C:\Windows\system32\DRIVERS\NETw5s32.sys 2011/05/01 22:18:39.0638 4908 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 2011/05/01 22:18:39.0835 4908 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2011/05/01 22:18:39.0890 4908 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2011/05/01 22:18:39.0934 4908 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2011/05/01 22:18:40.0089 4908 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys 2011/05/01 22:18:40.0265 4908 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2011/05/01 22:18:40.0339 4908 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys 2011/05/01 22:18:40.0476 4908 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys 2011/05/01 22:18:40.0530 4908 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 2011/05/01 22:18:40.0589 4908 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 2011/05/01 22:18:40.0649 4908 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2011/05/01 22:18:40.0692 4908 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 2011/05/01 22:18:40.0773 4908 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2011/05/01 22:18:40.0831 4908 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 2011/05/01 22:18:40.0886 4908 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 2011/05/01 22:18:40.0946 4908 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2011/05/01 22:18:40.0992 4908 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2011/05/01 22:18:41.0050 4908 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2011/05/01 22:18:41.0176 4908 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2011/05/01 22:18:41.0230 4908 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2011/05/01 22:18:41.0280 4908 psadd (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys 2011/05/01 22:18:41.0324 4908 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2011/05/01 22:18:41.0419 4908 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2011/05/01 22:18:41.0576 4908 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2011/05/01 22:18:41.0637 4908 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2011/05/01 22:18:41.0694 4908 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2011/05/01 22:18:41.0733 4908 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2011/05/01 22:18:41.0780 4908 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/05/01 22:18:41.0829 4908 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/05/01 22:18:41.0873 4908 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2011/05/01 22:18:41.0922 4908 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 2011/05/01 22:18:41.0976 4908 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2011/05/01 22:18:42.0014 4908 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/05/01 22:18:42.0116 4908 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 2011/05/01 22:18:42.0186 4908 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2011/05/01 22:18:42.0244 4908 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2011/05/01 22:18:42.0302 4908 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 2011/05/01 22:18:42.0365 4908 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 2011/05/01 22:18:42.0445 4908 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/05/01 22:18:42.0549 4908 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 2011/05/01 22:18:42.0615 4908 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys 2011/05/01 22:18:42.0677 4908 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2011/05/01 22:18:42.0751 4908 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 2011/05/01 22:18:42.0809 4908 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 2011/05/01 22:18:42.0885 4908 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 2011/05/01 22:18:42.0975 4908 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/05/01 22:18:43.0032 4908 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2011/05/01 22:18:43.0073 4908 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2011/05/01 22:18:43.0139 4908 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2011/05/01 22:18:43.0273 4908 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 2011/05/01 22:18:43.0320 4908 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 2011/05/01 22:18:43.0364 4908 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 2011/05/01 22:18:43.0431 4908 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2011/05/01 22:18:43.0494 4908 Shockprf (486a1bd22dd66d0a8542ebb0cd792bdb) C:\Windows\system32\DRIVERS\Apsx86.sys 2011/05/01 22:18:43.0555 4908 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 2011/05/01 22:18:43.0611 4908 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2011/05/01 22:18:43.0669 4908 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2011/05/01 22:18:43.0716 4908 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2011/05/01 22:18:43.0786 4908 Sony_EricssonWWSC (deaf30a1a325168bf823ecda2fb89f6e) C:\Windows\system32\DRIVERS\lnvoscard.sys 2011/05/01 22:18:43.0825 4908 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2011/05/01 22:18:43.0909 4908 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys 2011/05/01 22:18:43.0909 4908 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/05/01 22:18:43.0915 4908 sptd - detected Locked file (1) 2011/05/01 22:18:43.0963 4908 srv (4e636465a8653ba3bf29f929aa578e6f) C:\Windows\system32\DRIVERS\srv.sys 2011/05/01 22:18:44.0034 4908 srv2 (4e4e17a3865f650ee8c67726872d9431) C:\Windows\system32\DRIVERS\srv2.sys 2011/05/01 22:18:44.0089 4908 srvnet (1346dff5be932939997d373d61a35626) C:\Windows\system32\DRIVERS\srvnet.sys 2011/05/01 22:18:44.0138 4908 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/05/01 22:18:44.0244 4908 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2011/05/01 22:18:44.0305 4908 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys 2011/05/01 22:18:44.0356 4908 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 2011/05/01 22:18:44.0440 4908 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 2011/05/01 22:18:44.0496 4908 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 2011/05/01 22:18:44.0633 4908 Tcpip (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\drivers\tcpip.sys 2011/05/01 22:18:44.0779 4908 TCPIP6 (37e8fa3779668837ca9e2c36d2415949) C:\Windows\system32\DRIVERS\tcpip.sys 2011/05/01 22:18:44.0832 4908 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 2011/05/01 22:18:44.0916 4908 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 2011/05/01 22:18:44.0965 4908 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 2011/05/01 22:18:45.0007 4908 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 2011/05/01 22:18:45.0051 4908 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 2011/05/01 22:18:45.0113 4908 Tp4Track (1c950ae9c09904c229525f22eefc15db) C:\Windows\system32\DRIVERS\tp4track.sys 2011/05/01 22:18:45.0177 4908 TPDIGIMN (20a439d6475d6fe1909159c0143d0466) C:\Windows\system32\DRIVERS\ApsHM86.sys 2011/05/01 22:18:45.0226 4908 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys 2011/05/01 22:18:45.0265 4908 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys 2011/05/01 22:18:45.0344 4908 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/05/01 22:18:45.0414 4908 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 2011/05/01 22:18:45.0458 4908 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 2011/05/01 22:18:45.0500 4908 TVTI2C (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys 2011/05/01 22:18:45.0577 4908 U46WDM1_01 (dd60662944aaabbf9d8c9e3bf8428cdf) C:\Windows\system32\DRIVERS\U46wdm.sys 2011/05/01 22:18:45.0641 4908 U46_AA (2e8dbf227a4d19ef14153f1435338508) C:\Windows\system32\DRIVERS\U46DRV.sys 2011/05/01 22:18:45.0706 4908 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2011/05/01 22:18:45.0769 4908 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 2011/05/01 22:18:45.0858 4908 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 2011/05/01 22:18:45.0900 4908 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 2011/05/01 22:18:45.0961 4908 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2011/05/01 22:18:46.0053 4908 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys 2011/05/01 22:18:46.0182 4908 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 2011/05/01 22:18:46.0229 4908 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\drivers\usbccgp.sys 2011/05/01 22:18:46.0303 4908 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 2011/05/01 22:18:46.0358 4908 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys 2011/05/01 22:18:46.0408 4908 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys 2011/05/01 22:18:46.0468 4908 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2011/05/01 22:18:46.0520 4908 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2011/05/01 22:18:46.0576 4908 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\drivers\USBSTOR.SYS 2011/05/01 22:18:46.0619 4908 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys 2011/05/01 22:18:46.0683 4908 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 2011/05/01 22:18:46.0742 4908 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/05/01 22:18:46.0782 4908 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2011/05/01 22:18:46.0841 4908 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 2011/05/01 22:18:46.0913 4908 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 2011/05/01 22:18:46.0971 4908 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2011/05/01 22:18:47.0022 4908 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 2011/05/01 22:18:47.0078 4908 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 2011/05/01 22:18:47.0147 4908 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 2011/05/01 22:18:47.0187 4908 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 2011/05/01 22:18:47.0259 4908 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2011/05/01 22:18:47.0317 4908 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 2011/05/01 22:18:47.0386 4908 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2011/05/01 22:18:47.0433 4908 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 2011/05/01 22:18:47.0475 4908 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 2011/05/01 22:18:47.0517 4908 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 2011/05/01 22:18:47.0579 4908 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2011/05/01 22:18:47.0621 4908 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/01 22:18:47.0639 4908 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 2011/05/01 22:18:47.0704 4908 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2011/05/01 22:18:47.0759 4908 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2011/05/01 22:18:47.0841 4908 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2011/05/01 22:18:47.0911 4908 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys 2011/05/01 22:18:47.0962 4908 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2011/05/01 22:18:48.0021 4908 winachsf (253a9c2df9a2a7b3b23146014959f2cd) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/05/01 22:18:48.0132 4908 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 2011/05/01 22:18:48.0182 4908 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 2011/05/01 22:18:48.0253 4908 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/05/01 22:18:48.0312 4908 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 2011/05/01 22:18:48.0385 4908 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/05/01 22:18:48.0482 4908 WwanUsbServ (8515d00b3c8bda631a1ee801f4f74e4f) C:\Windows\system32\DRIVERS\WwanUsbMp.sys 2011/05/01 22:18:48.0530 4908 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys 2011/05/01 22:18:48.0602 4908 ================================================================================ 2011/05/01 22:18:48.0602 4908 Scan finished 2011/05/01 22:18:48.0602 4908 ================================================================================ 2011/05/01 22:18:48.0617 5284 Detected object count: 1 2011/05/01 22:19:40.0496 5284 Locked file(sptd) - User select action: Skip |
|
02.05.2011, 11:32
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2011, 23:14
| #13 |
| | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus Hallo Arne, anbei das neue Log. Nach dem Durchlauf von ComboFix und dem Neustart ließen sich zunächst keine Programme mehr starten. Die Fehlermeldung habe ich leider nicht abgeschrieben, sie lautete etwa, dass die jeweiligen .exe-Dateien zum löschen markiert seien. Nach einem weiteren Neustart funktioniert nun alles wieder. Gruß Philip Combofix Logfile: Code:
ATTFilter ComboFix 11-05-02.02 - PHILIP 02.05.2011 21:46:39.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1944.1047 [GMT 2:00]
ausgeführt von:: c:\users\PHILIP\Desktop\cofi.exe.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-02 bis 2011-05-02 ))))))))))))))))))))))))))))))
.
.
2011-05-02 19:54 . 2011-05-02 19:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-01 15:13 . 2011-05-01 15:13 -------- d-----w- C:\_OTL
2011-05-01 13:48 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B4C8B335-0AE1-4A30-8B8D-0C6C6D3891A8}\mpengine.dll
2011-04-18 22:13 . 2011-04-18 22:13 -------- d-----w- c:\program files\iPod
2011-04-18 22:13 . 2011-04-18 22:13 -------- d-----w- c:\program files\iTunes
2011-04-18 22:10 . 2011-04-18 22:10 -------- d-----w- c:\program files\Bonjour
2011-04-15 20:35 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-04-15 20:35 . 2011-01-07 07:46 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-15 20:35 . 2011-02-24 05:38 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 20:35 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-04-15 20:35 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-04-15 20:35 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-04-14 20:33 . 2011-03-03 03:42 2333184 ----a-w- c:\windows\system32\win32k.sys
2011-04-14 20:33 . 2011-02-12 05:35 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-04-14 20:32 . 2011-03-08 05:28 741376 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 19:14 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 19:14 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-04-13 19:14 . 2011-02-23 04:47 223232 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 19:14 . 2011-02-23 04:47 96768 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 19:14 . 2011-02-23 04:47 123904 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 19:14 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-13 18:46 . 2011-04-13 18:46 -------- d-----w- c:\windows\system32\SPReview
2011-04-11 06:58 . 2010-11-20 12:30 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-11 06:57 . 2010-11-20 12:21 36352 ----a-w- c:\windows\system32\wshbth.dll
2011-04-11 06:56 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-04-11 06:56 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 18:57 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-03-16 20:53 . 2009-09-22 09:15 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-11 17:26 . 2011-02-11 17:26 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2011-02-11 17:26 . 2011-02-11 17:26 137752 ----a-w- c:\windows\system32\igfxtray.exe
2011-02-11 17:26 . 2011-02-11 17:26 267800 ----a-w- c:\windows\system32\igfxsrvc.exe
2011-02-11 17:26 . 2011-02-11 17:26 172568 ----a-w- c:\windows\system32\igfxpers.exe
2011-02-11 17:26 . 2011-02-11 17:26 179224 ----a-w- c:\windows\system32\igfxext.exe
2011-02-11 17:26 . 2011-02-11 17:26 171032 ----a-w- c:\windows\system32\hkcmd.exe
2011-02-11 17:26 . 2011-02-11 17:26 3157528 ----a-w- c:\windows\system32\GfxUI.exe
2011-02-11 17:20 . 2011-02-11 17:20 81920 ----a-w- c:\windows\system32\igfxCoIn_v2302.dll
2011-02-11 17:12 . 2011-02-11 17:12 9036800 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2011-02-11 17:12 . 2010-04-21 16:10 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2011-02-11 17:09 . 2010-04-21 16:06 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2011-02-11 17:04 . 2009-07-13 22:09 4411392 ----a-w- c:\windows\system32\igd10umd32.dll
2011-02-11 16:51 . 2011-02-11 16:51 11039744 ----a-w- c:\windows\system32\ig4icd32.dll
2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrsky.lrc
2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc
2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrslv.lrc
2011-02-11 16:44 . 2011-02-11 16:44 84992 ----a-w- c:\windows\system32\igfxrtha.lrc
2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrptg.lrc
2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrsve.lrc
2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrplk.lrc
2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrptb.lrc
2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrnor.lrc
2011-02-11 16:44 . 2011-02-11 16:44 82944 ----a-w- c:\windows\system32\igfxrkor.lrc
2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxrell.lrc
2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrita.lrc
2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrhun.lrc
2011-02-11 16:44 . 2011-02-11 16:44 84480 ----a-w- c:\windows\system32\igfxrheb.lrc
2011-02-11 16:44 . 2011-02-11 16:44 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc
2011-02-11 16:44 . 2011-02-11 16:44 86528 ----a-w- c:\windows\system32\igfxrfra.lrc
2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrnld.lrc
2011-02-11 16:44 . 2011-02-11 16:44 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc
2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrfin.lrc
2011-02-11 16:44 . 2011-02-11 16:44 84992 ----a-w- c:\windows\system32\igfxrdan.lrc
2011-02-11 16:44 . 2011-02-11 16:44 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc
2011-02-11 16:44 . 2011-02-11 16:44 84480 ----a-w- c:\windows\system32\igfxrara.lrc
2011-02-11 16:44 . 2011-02-11 16:44 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2011-02-11 16:44 . 2011-02-11 16:44 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2011-02-11 16:41 . 2011-02-11 16:41 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2011-02-11 16:41 . 2011-02-11 16:41 195584 ----a-w- c:\windows\system32\igfxpph.dll
2011-02-11 16:41 . 2011-02-11 16:41 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2011-02-11 16:41 . 2009-12-15 00:48 23552 ----a-w- c:\windows\system32\igfxexps.dll
2011-02-11 16:41 . 2009-08-13 20:15 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2011-02-11 16:40 . 2011-02-11 16:40 130048 ----a-w- c:\windows\system32\igfxdo.dll
2011-02-11 16:40 . 2011-02-11 16:40 95232 ----a-w- c:\windows\system32\hccutils.dll
2011-02-11 16:40 . 2011-02-11 16:40 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2011-02-11 16:40 . 2011-02-11 16:40 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2011-02-11 16:40 . 2011-02-11 16:40 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2011-02-11 16:40 . 2011-02-11 16:40 828928 ----a-w- c:\windows\system32\igfxress.dll
2011-02-11 16:40 . 2009-08-13 20:15 228864 ----a-w- c:\windows\system32\igfxdev.dll
2011-02-11 16:35 . 2011-02-11 16:35 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2011-02-11 16:35 . 2011-02-11 16:35 147456 ----a-w- c:\windows\system32\iglhcp32.dll
2011-02-03 05:54 . 2011-02-20 08:52 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 16:11 . 2009-10-05 20:36 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\PHILIP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\PHILIP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\PHILIP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2009-11-24 93032]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2008-08-12 16384]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-10-06 33304]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-02-26 992816]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2010-05-12 894312]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-13 36864]
"TpShocks"="TpShocks.exe" [2009-12-11 337256]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-10-19 3093816]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PIconStartup.exe" [2010-02-04 111640]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-02-01 220552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\PHILIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\PHILIP\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-3-31 23360040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-2-25 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RCIMGDIR.exe.lnk]
backup=c:\windows\pss\RCIMGDIR.exe.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk
.
[HKLM\~\startupfolder\C:^Users^PHILIP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
path=c:\users\PHILIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2009-04-29 15:56 424512 ----a-w- c:\progra~1\THINKV~1\AMSG\Amsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2010-05-12 01:25 214576 ------w- c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2009-05-26 15:46 1159168 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 09:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Network USB Utility]
2009-06-25 12:59 2585856 ----a-w- c:\program files\D-Link\SharePort\SharePort.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-02-11 17:26 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-08-07 04:29 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IaNvSrv]
2009-10-06 10:41 33304 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-02-11 17:26 137752 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JamInit]
2009-11-03 16:19 797280 ----a-w- c:\windows\System32\U46Pan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPKNRRES]
2010-04-20 11:23 62312 ----a-w- c:\program files\Lenovo\Communications Utility\TPKNRRES.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
2009-05-27 20:09 49976 ----a-w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-02-11 17:26 172568 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2010-02-04 10:14 358424 ----a-w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R1 U46_AA;Service for ESI U46 Controller driver;c:\windows\system32\DRIVERS\U46DRV.sys [2009-11-03 52320]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2010-04-07 45496]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-10-20 106496]
R3 DlinkUDSTcpBus;DlinkUDSTcpBus;c:\windows\system32\Drivers\DlinkUDSTcpBus.sys [2009-06-22 61312]
R3 e36gbus;F3607gw Mobile Broadband Device driver (Win7);c:\windows\system32\DRIVERS\e36gbus.sys [2009-06-30 285056]
R3 e36gmdfl;F3607gw Mobile Broadband Data Modem Filter (Win7);c:\windows\system32\DRIVERS\e36gmdfl.sys [2009-06-30 14848]
R3 e36gmdm;F3607gw Mobile Broadband Data Modem Driver (Win7);c:\windows\system32\DRIVERS\e36gmdm.sys [2009-06-30 374272]
R3 e36gmgmt;F3607gw Mobile Broadband Device Management Drivers (Win7);c:\windows\system32\DRIVERS\e36gmgmt.sys [2009-06-30 357376]
R3 e36wgps;Mobile Broadband GPS Port;c:\windows\system32\DRIVERS\e36wgps.sys [2009-07-10 82984]
R3 kx1avs;kx1avs;c:\windows\system32\Drivers\kx1avs.sys [2009-12-07 35408]
R3 kx1usb;kx1usb;c:\windows\system32\Drivers\kx1usb.sys [2009-12-07 276432]
R3 lnvobus;Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM);c:\windows\system32\DRIVERS\lnvobus.sys [2008-12-16 282880]
R3 lnvocard;Ericsson F3507g Mobile Broadband Minicard Device Management;c:\windows\system32\DRIVERS\lnvocard.sys [2008-12-16 356480]
R3 lnvogps;Ericsson F3507g Mobile Broadband Minicard GPS Port;c:\windows\system32\DRIVERS\lnvogps.sys [2008-10-23 77864]
R3 lnvomdfl2;Ericsson F3507g Mobile Broadband Minicard Data Modem Filter;c:\windows\system32\DRIVERS\lnvomdfl2.sys [2008-12-16 15104]
R3 lnvomdm2;Ericsson F3507g Mobile Broadband Minicard Data Modem;c:\windows\system32\DRIVERS\lnvomdm2.sys [2008-12-16 408960]
R3 lnvond5;Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS);c:\windows\system32\DRIVERS\lnvond5.sys [2008-12-16 25984]
R3 lnvounic;Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM);c:\windows\system32\DRIVERS\lnvounic.sys [2008-12-16 375424]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2010-05-12 75112]
R3 Sony_EricssonWWSC;Ericsson F3507g Mobile Broadband Minicard PC SC Port;c:\windows\system32\DRIVERS\lnvoscard.sys [2008-07-08 24232]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 U46WDM1_01;Service for ESI- U46 Audio driver;c:\windows\system32\DRIVERS\U46wdm.sys [2009-11-03 28256]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-08 1343400]
R3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2009-07-29 213032]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2010-05-12 24304]
S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-08-21 232472]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-20 691696]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-10-09 20520]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 277544]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-10-20 1701112]
S2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010-05-12 132456]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-10-20 98304]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [2010-04-20 50536]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [2010-04-20 74088]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2010-04-07 63928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2010-02-04 2058776]
S2 WMCoreService;Mobile Broadband Core Service;c:\program files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe servicemode [x]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2008-09-03 72192]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-10-20 485376]
S3 DlinkUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\DlinkUDSMBus.sys [2009-06-22 54528]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-08-22 225408]
S3 NETw5s32;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-03-17 6758912]
S3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [2009-11-24 23152]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: {104DA42A-AF92-4EAD-A5CA-A69FA72CAA1C} = 193.189.244.225 193.189.244.206
TCP: {21F96A6C-37DB-4DC8-B357-6F03E2511D69} = 192.168.0.1
TCP: {CAD288DE-9D16-4C4C-9336-4032F8BB446A} = 192.168.0.1
FF - ProfilePath - c:\users\PHILIP\AppData\Roaming\Mozilla\Firefox\Profiles\q5ee0yd9.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: FastestFox: smarterwiki@wikiatic.com - %profile%\extensions\smarterwiki@wikiatic.com
FF - Ext: Wolfram Alpha Google: wolfram-google@sidthemonkey.com - %profile%\extensions\wolfram-google@sidthemonkey.com
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-LexwareInfoService - c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
MSConfigStartUp-LPMailChecker - c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe
MSConfigStartUp-LPManager - c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-TPFNF7 - c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe
AddRemove-ESI- U46 Audio Driver Setup - c:\program files\ESI\U46\uninst.exe Software\ESI\U46\Setup
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Nero\Nero8\\nero\uninstall\UNNERO.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4480)
c:\users\PHILIP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Lenovo\Access Connections\ACDeskBand.dll
c:\program files\Lenovo\Access Connections\AcLocSettings.dll
c:\program files\Lenovo\Access Connections\AcCryptHlpr.dll
c:\program files\Lenovo\Access Connections\ACHelper.dll
c:\program files\Lenovo\Access Connections\AcSvcStub.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-02 22:06:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-05-02 20:06
.
Vor Suchlauf: 21 Verzeichnis(se), 92.232.761.344 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 92.790.579.200 Bytes frei
.
- - End Of File - - 3A55DD275A3C4BDC1981FD5A15FD0150
|
|
03.05.2011, 08:23
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2011, 20:01
| #15 |
| | Trojaner trojan.fakeAlert blendet Desktop und Dateien aus ...alles erledigt, hier die Logs. Gruß, Philip GMER Logfile: Code:
ATTFilter GMER 1.0.15.15572 - hxxp://www.gmer.net
Rootkit scan 2011-05-03 20:51:56
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 rev.
Running: xxxx47he.exe; Driver: C:\Users\PHILIP~1\AppData\Local\Temp\ugtdipoc.sys
---- System - GMER 1.0.15 ----
INT 0x52 ? 92684CD8
INT 0x60 ? 933B6058
INT 0x61 ? 933B6558
INT 0x70 ? 92684558
INT 0x71 ? 933B67D8
INT 0x82 ? 926847D8
INT 0xA2 ? 933B6A58
INT 0xB3 ? 92684A58
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13C1 82E3E339 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E77D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spmy.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 91042D81 5 Bytes JMP 8843C1D8
.text agu6bfqf.SYS 978F9000 12 Bytes [44, 78, 21, 83, EE, 76, 21, ...] {INC ESP; JS 0x24; SUB ESI, 0x76; AND [EBX-0x7cdea860], EAX}
.text agu6bfqf.SYS 978F900D 9 Bytes [57, 21, 83, 48, 7B, 21, 83, ...] {PUSH EDI; AND [EBX-0x7cde84b8], EAX; ADD [EAX], AL}
.text agu6bfqf.SYS 978F9017 170 Bytes [00, DE, 67, B8, 88, E6, 65, ...]
.text agu6bfqf.SYS 978F90C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text agu6bfqf.SYS 978F90CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xAC7D8300, 0x25D4C, 0xE0000060]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Lenovo\System Update\SUService.exe[1708] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3816] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7501FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84DCB1F8
Device \FileSystem\fastfat \FatCdrom 8208A500
Device \Driver\iaNvStor \Device\IAACache0 84DC91F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{104DA42A-AF92-4EAD-A5CA-A69FA72CAA1C} 8824D1F8
Device \Driver\usbuhci \Device\USBPDO-0 8838E500
Device \Driver\usbuhci \Device\USBPDO-1 8838E500
Device \Driver\iaNvStor \Device\RobsonImd-0 84DC91F8
Device \Driver\usbuhci \Device\USBPDO-2 8838E500
Device \Driver\usbehci \Device\USBPDO-3 8843B500
Device \Driver\usbuhci \Device\USBPDO-4 8838E500
Device \Driver\NetBT \Device\NetBT_Tcpip_{3F37A3E8-2D40-4795-BC39-1A4852BFD95F} 8824D1F8
Device \Driver\usbuhci \Device\USBPDO-5 8838E500
Device \Driver\usbuhci \Device\USBPDO-6 8838E500
Device \Driver\PCI_PNP1222 \Device\00000063 spmy.sys
Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 8843B500
Device \Driver\volmgr \Device\HarddiskVolume1 84DC61F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\volmgr \Device\HarddiskVolume2 84DC61F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 93351500
Device \Driver\volmgr \Device\HarddiskVolume3 84DC61F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\iaStor \Device\Ide\iaStor0 [88D05390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [88D05390] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume4 84DC61F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{CAD288DE-9D16-4C4C-9336-4032F8BB446A} 8824D1F8
Device \Driver\volmgr \Device\HarddiskVolume5 84DC61F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{21F96A6C-37DB-4DC8-B357-6F03E2511D69} 8824D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8824D1F8
Device \Driver\sptd \Device\2902389226 spmy.sys
Device \Driver\usbuhci \Device\USBFDO-0 8838E500
Device \Driver\usbuhci \Device\USBFDO-1 8838E500
Device \Driver\usbuhci \Device\USBFDO-2 8838E500
Device \Driver\usbehci \Device\USBFDO-3 8843B500
Device \Driver\usbuhci \Device\USBFDO-4 8838E500
Device \Driver\usbuhci \Device\USBFDO-5 8838E500
Device \Driver\usbuhci \Device\USBFDO-6 8838E500
Device \Driver\usbehci \Device\USBFDO-7 8843B500
Device \Driver\agu6bfqf \Device\Scsi\agu6bfqf1 8848C1F8
Device \Driver\agu6bfqf \Device\Scsi\agu6bfqf1Port1Path0Target0Lun0 8848C1F8
Device \FileSystem\fastfat \Fat 8208A500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e74b55
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0x84 0x94 0x1B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0xBE 0x00 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x1A 0xFE 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e74b55 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF7 0x84 0x94 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0xBE 0x00 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0x1A 0xFE 0x27 ...
---- EOF - GMER 1.0.15 ----
_________________________________________________________ OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:24:39 on 03.05.2011 OS: Windows 7 Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.16 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Control Panel Objects] -----( %SystemRoot%\system32 )----- "plotman.cpl" - "Autodesk, Inc." - C:\Windows\system32\plotman.cpl "PWMCP32V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP32V.cpl "styleman.cpl" - "Autodesk, Inc." - C:\Windows\system32\styleman.cpl "TpShCPL.cpl" - "Lenovo." - C:\Windows\system32\TpShCPL.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLCFG32.CPL "Nero BurnRights" - ? - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl (File not found) "PROSet Tools" - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\iproset.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "adfs" (adfs) - ? - C:\Windows\system32\drivers\adfs.sys (File not found) "agu6bfqf" (agu6bfqf) - "Microsoft Corporation" - C:\Windows\system32\drivers\agu6bfqf.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\Windows\System32\DRIVERS\ApsHM86.sys "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "BlackBerry-Smartphone" (RimUsb) - ? - C:\Windows\System32\Drivers\RimUsb.sys (File not found) "catchme" (catchme) - ? - C:\Users\PHILIP~1\AppData\Local\Temp\catchme.sys (File not found) "DlinkUDSTcpBus" (DlinkUDSTcpBus) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\Drivers\DlinkUDSTcpBus.sys "DozeHDD" (DozeHDD) - "Lenovo." - C:\Windows\System32\DRIVERS\DozeHDD.sys "Ericsson F3507g Mobile Broadband Minicard Composite Device driver (WDM)" (lnvobus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvobus.sys "Ericsson F3507g Mobile Broadband Minicard Data Modem" (lnvomdm2) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvomdm2.sys "Ericsson F3507g Mobile Broadband Minicard Data Modem Filter" (lnvomdfl2) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvomdfl2.sys "Ericsson F3507g Mobile Broadband Minicard Device Management" (lnvocard) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvocard.sys "Ericsson F3507g Mobile Broadband Minicard GPS Port" (lnvogps) - "Ericsson AB" - C:\Windows\System32\DRIVERS\lnvogps.sys "Ericsson F3507g Mobile Broadband Minicard Network Adapter (NDIS)" (lnvond5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvond5.sys "Ericsson F3507g Mobile Broadband Minicard Network Adapter (WDM)" (lnvounic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\lnvounic.sys "Ericsson F3507g Mobile Broadband Minicard PC SC Port" (Sony_EricssonWWSC) - "Sony Ericsson" - C:\Windows\System32\DRIVERS\lnvoscard.sys "Shockprf" (Shockprf) - "Lenovo." - C:\Windows\System32\DRIVERS\Apsx86.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "UDS Master Bus of Kernel USB Software Bus by TCP" (DlinkUDSMBus) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\Drivers\DlinkUDSMBus.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? - (File not found | COM-object registry key not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {8A0BC933-7552-42E2-A228-3BE055777227} "AcColumnHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {4B392032-A759-43ED-9469-377C80A4472D} "AcDgnImageExtractor" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcDgnCOM18.dll {5800AD5B-72C1-477B-9A08-CA112DF06D97} "AcInfoTipHandler" - "Autodesk" - C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll {36A21736-36C2-4C11-8ACB-D4136F2B57BD} "AcSignIcon" - "Autodesk, Inc." - C:\Windows\system32\AcSignIcon.dll {AC1DB655-4F9A-4c39-8AD2-A65324A4C446} "ACTHUMBNAIL" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {27887764-0D0A-4C3C-B0C6-91A332FFF6A7} "DWFVShellExt Class" - "Autodesk, Inc." - C:\Program Files\Common Files\Autodesk Shared\DWF Common\DWF_VShell.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\OLKFSTUB.DLL {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} "ClsidExtension" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll "ICQ7.4" - "ICQ, LLC." - C:\Program Files\ICQ7.4\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} "IePasswordManagerHelper Class" - "Lenovo Group Limited" - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\PHILIP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\PHILIP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Digital Line Detect.lnk" - "Avanquest Software " - C:\Program Files\Digital Line Detect\DLG.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "SmartAudio" - ? - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AcWin7Hlpr" - ? - C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe (File found, but it contains no detailed information) "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "CameraApplicationLauncher" - ? - C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe "cssauth" - "Lenovo Group Limited" - "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent "FingerPrintSoftware" - "AuthenTec" - "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s "FingerPrintSoftwareSplashScreen" - "AuthenTec, Inc." - "C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe" \s "IaNvSrv" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" " Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "PDFPrint" - "Geek Software GmbH" - C:\Program Files\PDF24\pdf24.exe "picon" - ? - "C:\Program Files\Common Files\Intel\Privacy Icon\PIconStartup.exe" "PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SmartAudio" - ? - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t "SwitchBoard" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "TPHOTKEY" - "Lenovo Group Limited" - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe "TPKMAPHELPER" - "Lenovo" - C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper "TpShocks" - "Lenovo." - TpShocks.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "HP Universal Print Monitor" - "Hewlett-Packard" - C:\Windows\system32\HPMPW081.DLL "HPPMOPJL" - "Hewlett-Packard Company" - C:\Windows\system32\hppmopjl.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AcPrfMgrSvc" (AcPrfMgrSvc) - "Lenovo" - C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe "AcSvc" (AcSvc) - "Lenovo" - C:\Program Files\Lenovo\Access Connections\AcSvc.exe "AD Monitor" (ADMonitor) - ? - C:\Windows\system32\ADMonitor.exe "Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_a35e6b9.dll (File found, but it contains no detailed information) "Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "AuthenTec Fingerprint Service" (ATService) - "AuthenTec, Inc." - C:\Windows\system32\AtService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Data Transfer Service" (dtsvc) - ? - C:\Windows\system32\DTS.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files\Intel\AMT\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Lenovo Camera Mute" (LENOVO.CAMMUTE) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe "Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE "Lenovo Keyboard Noise Reduction" (LENOVO.TPKNRSVC) - "Lenovo Group Limited" - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe "Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Mobile Broadband Core Service" (WMCoreService) - ? - C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe (File found, but it contains no detailed information) "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "SQL Server VSS Writer" (SQLWriter) - "Microsoft Corporation" - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe "SwitchBoard" (SwitchBoard) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "System Update" (SUService) - "Lenovo Group Limited" - C:\Program Files\Lenovo\System Update\SUService.exe "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\Windows\System32\TPHDEXLG.exe "ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe "TSS Core Service" (TSSCoreService) - "Lenovo" - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== _______________________________________________________________ MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: Service Pack 1 (build 7601), 32-bit Base Board Manufacturer: LENOVO BIOS Manufacturer: LENOVO System Manufacturer: LENOVO System Product Name: 74585SG Logical Drives Mask: 0x00050034 Kernel Drivers (total 223): 0x82E00000 \SystemRoot\system32\ntkrnlpa.exe 0x83212000 \SystemRoot\system32\halmacpi.dll 0x80B97000 \SystemRoot\system32\kdcom.dll 0x88809000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8888E000 \SystemRoot\system32\PSHED.dll 0x8889F000 \SystemRoot\system32\BOOTVID.dll 0x888A7000 \SystemRoot\system32\CLFS.SYS 0x888E9000 \SystemRoot\system32\CI.dll 0x88A09000 \SystemRoot\system32\drivers\Wdf01000.sys 0x88A7A000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x88A88000 \SystemRoot\System32\Drivers\spmy.sys 0x88B7B000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x88B84000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x88BAA000 \SystemRoot\system32\drivers\ACPI.sys 0x88BF2000 \SystemRoot\system32\drivers\vdrvroot.sys 0x88994000 \SystemRoot\system32\drivers\pci.sys 0x88A00000 \SystemRoot\system32\drivers\msisadrv.sys 0x889BE000 \SystemRoot\System32\drivers\partmgr.sys 0x889CF000 \SystemRoot\system32\drivers\volmgr.sys 0x88C0B000 \SystemRoot\System32\drivers\volmgrx.sys 0x88C56000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x88C5E000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x88C69000 \SystemRoot\System32\drivers\mountmgr.sys 0x88C7F000 \SystemRoot\system32\drivers\vmbus.sys 0x88CA9000 \SystemRoot\system32\drivers\winhv.sys 0x88CBB000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x88D95000 \SystemRoot\system32\DRIVERS\iaNvStor.sys 0x88DE0000 \SystemRoot\system32\drivers\amdxata.sys 0x88E1B000 \SystemRoot\system32\drivers\fltmgr.sys 0x88E4F000 \SystemRoot\system32\drivers\fileinfo.sys 0x88E60000 \SystemRoot\System32\Drivers\Ntfs.sys 0x88F8F000 \SystemRoot\System32\Drivers\msrpc.sys 0x88FBA000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8903A000 \SystemRoot\System32\Drivers\cng.sys 0x89097000 \SystemRoot\System32\drivers\pcw.sys 0x890A5000 \SystemRoot\System32\DRIVERS\DozeHDD.sys 0x890AA000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x890B3000 \SystemRoot\system32\drivers\ndis.sys 0x8916A000 \SystemRoot\system32\drivers\NETIO.SYS 0x891A8000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x8922E000 \SystemRoot\System32\drivers\tcpip.sys 0x89378000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x893A9000 \SystemRoot\system32\drivers\vmstorfl.sys 0x893B2000 \SystemRoot\system32\drivers\volsnap.sys 0x893F1000 \SystemRoot\System32\DRIVERS\ApsHM86.sys 0x89200000 \SystemRoot\System32\Drivers\spldr.sys 0x891CD000 \SystemRoot\System32\drivers\rdyboost.sys 0x89208000 \SystemRoot\System32\DRIVERS\Apsx86.sys 0x89000000 \SystemRoot\System32\Drivers\mup.sys 0x89010000 \SystemRoot\System32\drivers\hwpolicy.sys 0x88FCD000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x89018000 \SystemRoot\system32\DRIVERS\disk.sys 0x8941F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x8955B000 \SystemRoot\System32\Drivers\Null.SYS 0x89562000 \SystemRoot\System32\Drivers\Beep.SYS 0x89569000 \SystemRoot\System32\drivers\vga.sys 0x89575000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x89596000 \SystemRoot\System32\drivers\watchdog.sys 0x895A3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x895AB000 \SystemRoot\system32\drivers\rdpencdd.sys 0x895B3000 \SystemRoot\system32\drivers\rdprefmp.sys 0x895BB000 \SystemRoot\System32\Drivers\Msfs.SYS 0x895C6000 \SystemRoot\System32\Drivers\Npfs.SYS 0x895D4000 \SystemRoot\system32\DRIVERS\tdx.sys 0x895EB000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x8E631000 \SystemRoot\system32\drivers\afd.sys 0x8E68B000 \SystemRoot\System32\DRIVERS\netbt.sys 0x8E6BD000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x8E6C4000 \SystemRoot\system32\DRIVERS\pacer.sys 0x8E6E3000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x8E6F4000 \SystemRoot\system32\DRIVERS\netbios.sys 0x8E702000 \SystemRoot\system32\DRIVERS\serial.sys 0x8E71C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x8E742000 \SystemRoot\System32\drivers\Tppwr32v.sys 0x8E749000 \SystemRoot\system32\drivers\termdd.sys 0x8E75A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x8E760000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x8E7A1000 \SystemRoot\system32\drivers\nsiproxy.sys 0x8E7AB000 \SystemRoot\system32\drivers\mssmbios.sys 0x8E7B5000 \SystemRoot\system32\DRIVERS\smiif32.sys 0x8E7B7000 \SystemRoot\System32\drivers\discache.sys 0x8EE1F000 \SystemRoot\system32\drivers\csc.sys 0x8EE83000 \SystemRoot\System32\Drivers\dfsc.sys 0x8EE9B000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x8EEA9000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x8EECF000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x8EED1000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8EEF2000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8F63A000 \SystemRoot\system32\DRIVERS\igdkmd32.sys 0x8EF04000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x8FF5A000 \SystemRoot\System32\drivers\dxgmms1.sys 0x8FF93000 \SystemRoot\system32\DRIVERS\HECI.sys 0x8FF9D000 \SystemRoot\system32\DRIVERS\serenum.sys 0x8FFA7000 \SystemRoot\system32\DRIVERS\e1y6032.sys 0x8FFE1000 \SystemRoot\system32\drivers\usbuhci.sys 0x9101E000 \SystemRoot\system32\drivers\USBPORT.SYS 0x91069000 \SystemRoot\system32\drivers\usbehci.sys 0x91078000 \SystemRoot\system32\drivers\HDAudBus.sys 0x97221000 \SystemRoot\system32\DRIVERS\NETw5s32.sys 0x9789D000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x978A7000 \SystemRoot\system32\drivers\i8042prt.sys 0x978BF000 \SystemRoot\system32\drivers\kbdclass.sys 0x978CC000 \SystemRoot\system32\DRIVERS\tp4track.sys 0x978D6000 \SystemRoot\system32\drivers\mouclass.sys 0x978E3000 \SystemRoot\system32\drivers\tpm.sys 0x978EF000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x978F3000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys 0x978F8000 \SystemRoot\System32\Drivers\agu6bfqf.SYS 0x97931000 \SystemRoot\system32\drivers\wmiacpi.sys 0x9793A000 \SystemRoot\system32\drivers\CompositeBus.sys 0x97947000 \SystemRoot\system32\DRIVERS\serscan.sys 0x9794F000 \SystemRoot\System32\Drivers\DlinkUDSMBus.sys 0x9795D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x9796F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x97987000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x97992000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x979B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x979CC000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x979E3000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x97200000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x9720A000 \SystemRoot\system32\DRIVERS\psadd.sys 0x97211000 \SystemRoot\system32\DRIVERS\Tvti2c.sys 0x97219000 \SystemRoot\system32\drivers\swenum.sys 0x91097000 \SystemRoot\system32\drivers\ks.sys 0x910CB000 \SystemRoot\system32\drivers\umbus.sys 0x910D9000 \SystemRoot\system32\drivers\usbhub.sys 0x9111D000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x9112E000 \SystemRoot\system32\drivers\CHDRT32.sys 0x911A3000 \SystemRoot\system32\drivers\portcls.sys 0x911D2000 \SystemRoot\system32\drivers\drmk.sys 0x8EFBB000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys 0x9A004000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys 0x9A106000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys 0x9A1BB000 \SystemRoot\system32\drivers\modem.sys 0x9A1C8000 \SystemRoot\system32\drivers\cdrom.sys 0x9A1E7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x824B0000 \SystemRoot\System32\win32k.sys 0x9A1ED000 \SystemRoot\System32\drivers\Dxapi.sys 0x911EB000 \SystemRoot\System32\Drivers\crashdmp.sys 0x89444000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x91000000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x8A215000 \SystemRoot\System32\Drivers\ATSwpWDF.sys 0x8A28A000 \SystemRoot\system32\drivers\usbccgp.sys 0x8A2A1000 \SystemRoot\system32\drivers\USBD.SYS 0x8A2A3000 \SystemRoot\system32\DRIVERS\5U875.sys 0x8A2B5000 \SystemRoot\system32\DRIVERS\STREAM.SYS 0x8A307000 \SystemRoot\system32\DRIVERS\e36gwh.sys 0x8A363000 \SystemRoot\system32\DRIVERS\e36gcm.sys 0x82710000 \SystemRoot\System32\TSDDD.dll 0x82740000 \SystemRoot\System32\cdd.dll 0x82760000 \SystemRoot\System32\ATMFD.DLL 0x8F600000 \SystemRoot\system32\drivers\luafv.sys 0x8A200000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8F61B000 \SystemRoot\system32\drivers\WudfPf.sys 0x8FFEC000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xAC612000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xAC658000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xAC668000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xAC67B000 \SystemRoot\system32\drivers\HTTP.sys 0xAC700000 \SystemRoot\system32\DRIVERS\bowser.sys 0xAC719000 \SystemRoot\System32\drivers\mpsdrv.sys 0xAC72B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAC74E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xAC789000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xAC7BC000 \??\C:\Windows\system32\drivers\acedrv11.sys 0xAC600000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xAE817000 \SystemRoot\system32\drivers\peauth.sys 0xAE8B2000 \SystemRoot\System32\Drivers\secdrv.SYS 0xAE8BC000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xAE8DD000 \SystemRoot\System32\drivers\tcpipreg.sys 0xAE8EA000 \SystemRoot\system32\DRIVERS\XAudio32.sys 0xAE8F2000 \SystemRoot\System32\DRIVERS\srv2.sys 0xAE942000 \SystemRoot\System32\DRIVERS\srv.sys 0xAE994000 \SystemRoot\System32\drivers\ipnat.sys 0xAE9C3000 \SystemRoot\System32\Drivers\fastfat.SYS 0xC2477000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xC2588000 \SystemRoot\system32\DRIVERS\monitor.sys 0xC2593000 \SystemRoot\system32\DRIVERS\e36gbus.sys 0xC2400000 \SystemRoot\system32\DRIVERS\e36gmdm.sys 0xC245A000 \SystemRoot\system32\DRIVERS\e36gmdfl.sys 0xC2480000 \SystemRoot\system32\DRIVERS\e36gmgmt.sys 0xC24D6000 \SystemRoot\system32\DRIVERS\WwanUsbMp.sys 0xC2544000 \??\C:\Users\PHILIP~1\AppData\Local\Temp\ugtdipoc.sys 0x76F90000 \Windows\System32\ntdll.dll 0x47E50000 \Windows\System32\smss.exe 0x771D0000 \Windows\System32\apisetschema.dll 0x00C30000 \Windows\System32\autochk.exe 0x771A0000 \Windows\System32\imm32.dll 0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll 0x77190000 \Windows\System32\lpk.dll 0x77110000 \Windows\System32\comdlg32.dll 0x77100000 \Windows\System32\nsi.dll 0x76DF0000 \Windows\System32\setupapi.dll 0x76D90000 \Windows\System32\difxapi.dll 0x76D30000 \Windows\System32\shlwapi.dll 0x770F0000 \Windows\System32\normaliz.dll 0x76C30000 \Windows\System32\wininet.dll 0x770E0000 \Windows\System32\psapi.dll 0x76B90000 \Windows\System32\advapi32.dll 0x76A30000 \Windows\System32\ole32.dll 0x76960000 \Windows\System32\msctf.dll 0x76820000 \Windows\System32\urlmon.dll 0x76800000 \Windows\System32\sechost.dll 0x767C0000 \Windows\System32\ws2_32.dll 0x76710000 \Windows\System32\rpcrt4.dll 0x76670000 \Windows\System32\usp10.dll 0x76620000 \Windows\System32\Wldap32.dll 0x76590000 \Windows\System32\oleaut32.dll 0x76560000 \Windows\System32\imagehlp.dll 0x764B0000 \Windows\System32\msvcrt.dll 0x76460000 \Windows\System32\gdi32.dll 0x763D0000 \Windows\System32\clbcatq.dll 0x75780000 \Windows\System32\shell32.dll 0x756B0000 \Windows\System32\user32.dll 0x754B0000 \Windows\System32\iertutil.dll 0x753D0000 \Windows\System32\kernel32.dll 0x75380000 \Windows\System32\KernelBase.dll 0x75260000 \Windows\System32\crypt32.dll 0x75240000 \Windows\System32\devobj.dll 0x75210000 \Windows\System32\cfgmgr32.dll 0x751E0000 \Windows\System32\wintrust.dll 0x75150000 \Windows\System32\comctl32.dll 0x770D0000 \Windows\System32\msasn1.dll Processes (total 92): 0 System Idle Process 4 System 372 C:\Windows\System32\smss.exe 492 csrss.exe 548 C:\Windows\System32\wininit.exe 556 csrss.exe 596 C:\Windows\System32\services.exe 620 C:\Windows\System32\lsass.exe 628 C:\Windows\System32\lsm.exe 688 C:\Windows\System32\winlogon.exe 792 C:\Windows\System32\svchost.exe 876 C:\Windows\System32\DTS.exe 900 C:\Windows\System32\ibmpmsvc.exe 940 C:\Windows\System32\AtService.exe 968 C:\Windows\System32\svchost.exe 1052 C:\Windows\System32\svchost.exe 1148 C:\Windows\System32\svchost.exe 1192 C:\Windows\System32\svchost.exe 1328 C:\Windows\System32\svchost.exe 1512 C:\Windows\System32\svchost.exe 1632 C:\Windows\System32\wlanext.exe 1640 C:\Windows\System32\svchost.exe 1648 C:\Windows\System32\conhost.exe 1784 C:\Windows\System32\spoolsv.exe 1840 C:\Windows\System32\svchost.exe 1868 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1968 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe 2000 C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe 108 C:\Windows\System32\svchost.exe 412 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 452 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 748 C:\Program Files\Bonjour\mDNSResponder.exe 1068 C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE 1392 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1360 C:\Windows\System32\conhost.exe 1000 C:\Windows\System32\svchost.exe 2072 C:\Program Files\ICQ6Toolbar\ICQ Service.exe 2104 C:\Program Files\Lenovo\Communications Utility\CamMute.exe 2172 C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe 2232 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe 2308 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 2408 C:\Windows\System32\svchost.exe 2444 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe 2492 C:\Program Files\Mobile Broadband Drivers\WMCore\mini_WMCore.exe 2560 C:\Program Files\Lenovo\Access Connections\AcSvc.exe 2596 C:\Program Files\Intel\WiFi\bin\EvtEng.exe 2616 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2664 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 3344 unsecapp.exe 3392 WmiPrvSE.exe 3636 C:\Windows\System32\alg.exe 3912 C:\Windows\System32\svchost.exe 4028 C:\Windows\System32\taskhost.exe 2396 C:\Windows\System32\dwm.exe 3044 C:\Windows\explorer.exe 3772 C:\Program Files\Lenovo\TrackPoint\tp4serv.exe 1384 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1108 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe 3816 C:\Windows\System32\rundll32.exe 3828 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe 4048 C:\Program Files\Lenovo\ZOOM\TpScrex.exe 2904 C:\Windows\System32\TpShocks.exe 2928 C:\Program Files\Lenovo\Client Security Solution\cssauth.exe 1120 C:\Program Files\PDF24\pdf24.exe 420 C:\Windows\System32\hkcmd.exe 2908 C:\Windows\System32\igfxpers.exe 4152 C:\Program Files\iTunes\iTunesHelper.exe 4172 C:\Windows\System32\igfxsrvc.exe 4240 C:\Program Files\Digital Line Detect\DLG.exe 4424 C:\Windows\System32\igfxext.exe 4540 C:\Windows\System32\SearchIndexer.exe 4692 C:\Program Files\Lenovo\Client Security Solution\password_manager.exe 4704 C:\Program Files\iPod\bin\iPodService.exe 5140 C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe 2188 C:\Windows\System32\svchost.exe 5228 C:\Program Files\Windows Media Player\wmpnetwk.exe 5712 C:\Program Files\Intel\AMT\LMS.exe 1708 C:\Program Files\Lenovo\System Update\SUService.exe 456 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe 600 C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe 1368 C:\Windows\System32\svchost.exe 3736 C:\Users\PHILIP\Desktop\xxxx47he.exe 2572 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE 996 C:\Windows\System32\audiodg.exe 2288 C:\Windows\System32\notepad.exe 5920 C:\Windows\System32\SearchProtocolHost.exe 3668 C:\Windows\System32\SearchFilterHost.exe 1876 dllhost.exe 4004 dllhost.exe 6004 C:\Users\PHILIP\Desktop\MBRCheck.exe 3920 C:\Windows\System32\conhost.exe 5656 C:\Windows\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000031`31f00000 (NTFS) \\.\Q: --> \\.\PhysicalDrive0 at offset 0x00000037`c7a00000 (NTFS) \\.\S: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS) PhysicalDrive0 Model Number: WDCWD2500BEVS-08VAT2, Rev: 14.01A14 Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done! |
|
| Themen zu Trojaner trojan.fakeAlert blendet Desktop und Dateien aus |
| anti-malware, appdata, cache, dateien, desktop, explorer, files, gen, java, leer, lenovo, log, microsoft, ordner, probleme, service, sms, software, suche, temp, trojan.fakealert, trojan.msil.nd2, trojaner, trojaner-board, verschwunden, version, win, win7 |
Textbox.
.
Linear-Darstellung
