| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU ScreenlockerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
24.04.2013, 21:00
| #1 |
 |  GVU Screenlocker Die Tochter eines Freundes hatte sich einen Screenlocker eingefangen, angeblich wollte die GVU €100 über Ucash haben.. das kennt man ja einstweilen..  Die Infektion war am 2. April, ich war ein paar Tage weg. Zuerst hab ich dem Rechner den Internetzugang abgeklemmt und konnte OTL laufen lassen.OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.04.2013 01:17:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\user1\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,42 Mb Total Physical Memory | 480,32 Mb Available Physical Memory | 47,35% Memory free 1,63 Gb Paging File | 1,20 Gb Available in Paging File | 73,55% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,89 Gb Total Space | 16,40 Gb Free Space | 29,35% Space Free | Partition Type: NTFS Computer Name: USER1-E1DFC2AF4 | User Name: user1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.16 13:24:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe PRC - [2013.02.18 16:42:11 | 001,151,152 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2013.02.18 16:42:11 | 000,968,880 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe PRC - [2012.12.03 09:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012.10.04 17:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe PRC - [2012.08.15 20:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.06.11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE PRC - [2012.02.02 23:31:11 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.11.25 16:02:38 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe PRC - [2010.09.23 15:27:47 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe PRC - [2010.09.23 15:27:42 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgemc.exe PRC - [2010.07.15 21:43:12 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe PRC - [2010.07.15 21:43:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe PRC - [2010.07.15 21:42:59 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe PRC - [2010.07.06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2010.05.14 12:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2008.09.06 00:30:04 | 000,952,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe PRC - [2008.07.04 00:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.04.27 11:09:46 | 000,385,024 | ---- | M] () -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe PRC - [2005.04.27 11:02:10 | 000,036,864 | ---- | M] () -- C:\IBMTOOLS\eGatherer\launcheg.exe PRC - [2005.04.27 09:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe PRC - [2005.04.04 12:43:32 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2005.03.24 16:20:34 | 000,086,016 | ---- | M] (IBM Corporation) -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2005.03.18 03:07:00 | 000,745,472 | ---- | M] (IBM Corp.) -- C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE PRC - [2005.03.18 03:07:00 | 000,086,016 | ---- | M] (IBM Corp.) -- C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE PRC - [2005.03.18 03:07:00 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE PRC - [2004.10.14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe PRC - [2004.09.06 16:03:52 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2003.07.11 18:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.04.02 21:27:52 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0oljm.dat MOD - [2013.02.18 16:42:11 | 001,151,152 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2013.02.18 16:42:11 | 000,968,880 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe MOD - [2013.02.18 16:42:11 | 000,156,848 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll MOD - [2011.02.06 12:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2010.06.28 14:21:42 | 009,905,152 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll MOD - [2010.06.28 14:21:42 | 007,793,152 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll MOD - [2010.06.28 14:21:42 | 002,530,304 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll MOD - [2010.06.28 14:21:42 | 002,094,592 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll MOD - [2010.06.28 14:21:42 | 001,116,160 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll MOD - [2010.06.28 14:21:42 | 000,915,456 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll MOD - [2010.06.28 14:21:42 | 000,232,960 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll MOD - [2010.06.28 14:21:42 | 000,120,320 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll MOD - [2010.06.28 14:21:42 | 000,022,016 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll MOD - [2010.06.17 22:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2005.04.27 11:09:46 | 000,385,024 | ---- | M] () -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe MOD - [2005.04.27 11:02:10 | 000,036,864 | ---- | M] () -- C:\IBMTOOLS\eGatherer\launcheg.exe MOD - [2005.04.27 09:53:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\pwdmon.dll MOD - [2005.04.14 01:01:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL MOD - [2005.04.14 01:01:00 | 000,036,864 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2005.04.05 15:02:26 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\TpShocks\MUI\0407\TpShocks.dll MOD - [2005.04.04 12:43:32 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe MOD - [2005.03.23 02:11:00 | 000,036,864 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL MOD - [2005.01.27 17:51:00 | 000,028,672 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll MOD - [2005.01.27 17:50:54 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\TrayRes.dll MOD - [2004.09.06 16:03:52 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe MOD - [2004.08.17 12:28:12 | 000,225,280 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll MOD - [2004.08.12 20:11:26 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll MOD - [2003.07.11 18:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe MOD - [2003.07.03 23:49:30 | 000,024,576 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013.04.02 21:27:52 | 000,130,048 | ---- | M] () [Auto | Stopped] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0oljm.dat -- (winmgmt) SRV - [2013.03.04 11:54:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.18 16:42:11 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0) SRV - [2012.06.11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.09.23 15:27:42 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010.07.15 21:43:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2005.05.24 22:36:46 | 000,163,840 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005.04.27 11:09:46 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service) SRV - [2005.03.18 03:07:00 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.11 18:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -- (SYMIDSCO) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.02.18 16:42:12 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2011.09.18 18:05:51 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011.05.06 15:46:02 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010.07.15 21:43:01 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2008.08.04 13:56:28 | 000,424,320 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008.08.04 13:56:27 | 000,470,208 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2008.04.03 10:11:22 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2005.10.09 22:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM) DRV - [2005.05.24 22:59:46 | 000,017,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2005.05.24 22:58:20 | 001,241,818 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2005.05.24 22:57:36 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2005.05.24 22:57:20 | 000,055,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005.05.24 22:23:40 | 000,148,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2005.05.17 02:34:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2005.05.10 22:07:44 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.04.27 10:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter) DRV - [2005.04.21 16:44:54 | 000,014,336 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nsctpm11.sys -- (TPM11) DRV - [2005.04.14 01:01:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2005.03.18 03:07:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF) DRV - [2005.03.18 03:07:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2005.03.18 03:07:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK) DRV - [2005.03.17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005.02.14 08:00:10 | 003,255,168 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2005.02.01 17:00:42 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio) DRV - [2005.01.25 16:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.01.25 16:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2005.01.25 16:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.01.21 01:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2005.01.21 01:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2004.12.02 16:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM) DRV - [2004.12.02 15:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput) DRV - [2004.11.10 16:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004.10.15 10:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={57E89308-68AA-11E2-BE2B-000E9BDFEA47} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5B107BE7-0F32-464E-8B26-ED8044AAA671}&mid=0a587171fc449f004d455b1c69e8d00e-f5a28b6c490081e812b1e67eb31896b80a16b2ed&lang=de&ds=AVG&pr=fr&d=2011-12-07 08:48:52&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5B107BE7-0F32-464E-8B26-ED8044AAA671}&mid=0a587171fc449f004d455b1c69e8d00e-f5a28b6c490081e812b1e67eb31896b80a16b2ed&lang=de&ds=AVG&pr=fr&d=2011-12-07 08:48:52&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5B107BE7-0F32-464E-8B26-ED8044AAA671}&mid=0a587171fc449f004d455b1c69e8d00e-f5a28b6c490081e812b1e67eb31896b80a16b2ed&lang=de&ds=AVG&pr=fr&d=2011-12-07 08:48:52&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6PQDz6xGDs&i=26 IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={57E89308-68AA-11E2-BE2B-000E9BDFEA47} IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={57E89308-68AA-11E2-BE2B-000E9BDFEA47}" FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.2.0.1 FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.18.0.7 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.7.20130322105505 FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: avg@toolbar:14.1.0.10 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?pid=avg&sg=&cid=%7B97192599-6448-4ca1-988b-d205fb49d5af%7D&mid=0a587171fc449f004d455b1c69e8d00e-f5a28b6c490081e812b1e67eb31896b80a16b2ed&ds=AVG&v=14.2.0.1&lang=de&pr=fr&d=2011-12-07%2008%3A48%3A52&sap=ku&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb155?a=6PQDz6xGDs&i=26" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 16:42:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.04 11:54:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.04 11:54:27 | 000,000,000 | ---D | M] [2010.05.30 13:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Extensions [2013.03.29 15:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions [2010.10.10 12:03:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.03.29 15:06:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.03.11 14:00:35 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e} [2013.01.27 19:53:14 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2013.03.11 13:59:57 | 000,021,485 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions\plugin@yontoo.com.xpi [2010.06.29 18:22:34 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\searchplugins\conduit.xml [2012.07.15 20:57:35 | 000,002,203 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\searchplugins\MyStart Search.xml [2013.01.27 19:53:54 | 000,003,998 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\searchplugins\sweetim.xml [2013.03.04 11:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.10 23:50:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.02.18 16:42:58 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1 [2011.03.10 21:45:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2013.03.04 11:54:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.03.10 21:45:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2013.03.04 11:53:28 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.18 16:43:03 | 000,003,714 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml [2013.03.04 11:53:28 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.03.04 11:53:28 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.03.04 11:53:28 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.04 11:53:28 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.04 11:53:28 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={57E89308-68AA-11E2-BE2B-000E9BDFEA47} CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\ CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\ CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\ CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\ CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.) O4 - HKLM..\Run: [QCTRAY] C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.) O4 - HKLM..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.) O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005..\Run: [VeohPlugin] C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - Startup: C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229524380906 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DB59AD0-8E28-4421-8BF7-8D4F6021D073}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (IBM Corp.) O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.03 10:35:04 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{e7251998-db89-11df-bbe8-000e9bdfea47}\Shell\AutoRun\command - "" = E:\pstart.exe O33 - MountPoints2\{e7251998-db89-11df-bbe8-000e9bdfea47}\Shell\open\command - "" = E:\pstart.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.23 01:58:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.23 01:51:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe [2013.04.02 21:27:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe [2013.03.25 23:18:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user1\Eigene Dateien\Personalien [2013.03.25 21:56:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.23 01:18:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.23 01:17:37 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2013.04.23 01:17:08 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.04.23 01:16:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.23 01:16:45 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys [2013.04.02 22:41:14 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlo0.pad [2013.04.02 22:37:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.04.02 21:42:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.04.02 21:31:02 | 000,000,803 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\msconfig.lnk [2013.04.02 21:29:06 | 000,003,037 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlo0.js [2013.04.02 21:27:52 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0oljm.dat [2013.04.02 21:27:50 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe [2013.04.02 21:26:50 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\7254830.dll [2013.04.01 22:40:07 | 000,001,788 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.04.01 20:31:45 | 000,343,153 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Eigene Dateien\20ter Geb. Einladung.odt [2013.04.01 00:52:22 | 000,459,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.04.01 00:52:22 | 000,441,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.04.01 00:52:22 | 000,071,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.04.01 00:52:21 | 000,085,224 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.03.29 15:46:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.03.25 23:25:26 | 000,330,838 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Eigene Dateien\20. Geburtstag.JPG [2013.03.25 21:56:54 | 000,001,898 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2013.03.25 18:03:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.02 21:31:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.04.02 21:30:59 | 000,000,803 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\msconfig.lnk [2013.04.02 21:29:06 | 000,003,037 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlo0.js [2013.04.02 21:28:58 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlo0.pad [2013.04.02 21:27:52 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0oljm.dat [2013.04.02 21:26:50 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\7254830.dll [2013.04.01 20:31:44 | 000,343,153 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Eigene Dateien\20ter Geb. Einladung.odt [2013.03.25 23:25:25 | 000,330,838 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Eigene Dateien\20. Geburtstag.JPG [2013.03.25 21:56:54 | 000,001,898 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2012.03.18 09:13:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.04 18:38:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011.12.04 18:38:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2011.04.28 19:49:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI [2010.06.01 17:00:41 | 000,073,728 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.03 10:34:57 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.04.03 09:46:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 03:00:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > und Extra: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.04.2013 01:17:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\user1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,42 Mb Total Physical Memory | 480,32 Mb Available Physical Memory | 47,35% Memory free
1,63 Gb Paging File | 1,20 Gb Available in Paging File | 73,55% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 16,40 Gb Free Space | 29,35% Space Free | Partition Type: NTFS
Computer Name: USER1-E1DFC2AF4 | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3927585152-1965609010-1154414099-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Dokumente und Einstellungen\user1\Eigene Dateien\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Pixum Fotobuch] -- "C:\Dokumente und Einstellungen\user1\Eigene Dateien\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\AVG\AVG9\avgemc.exe" = C:\Programme\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Temp\nsu1F.tmp\setup.exe" = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Temp\nsu1F.tmp\setup.exe:*:Enabled:IncrediBar Installer
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = IBM SATA Power Management Driver
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = Dienstprogramm 'IBM ThinkPad EasyEject'
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'IBM ThinkPad-Tastaturanpassung'
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM System für aktiven Festplattenschutz
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad-UltraNav-Assistent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = ThinkPad Integrated Bluetooth IV Software
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{96E2E493-C484-43E3-9B95-D62EE7D40D3A}" = Toolbar 4.7 by SweetPacks
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = IBM ThinkPad Energie-Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "IBM TrackPoint-Eingabehilfen"
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = IBM ThinkPad-Konfiguration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"1ClickDownload" = Movie2KDownloader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AVG Secure Search" = AVG Security Toolbar
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.04" = GPL Ghostscript
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pixum Fotobuch" = Pixum Fotobuch
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad 'Präsentationsdirektor'
"ProInst" = Intel(R) PROSet/Wireless Software
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SweetIM Bundle by SweetPacks" = SweetIM Bundle by SweetPacks
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Software Installer
"Totalcmd" = Total Commander (Remove or Repair)
"Video Downloader" = Video Downloader
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.03.2013 13:27:20 | Computer Name = USER1-E1DFC2AF4 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 7.0.6000.17117, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x036d7760.
Error - 17.03.2013 14:55:34 | Computer Name = USER1-E1DFC2AF4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 7.0.6000.17123, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 19.03.2013 12:01:48 | Computer Name = USER1-E1DFC2AF4 | Source = ESENT | ID = 490
Description = svchost (1332) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 19.03.2013 12:01:49 | Computer Name = USER1-E1DFC2AF4 | Source = ESENT | ID = 470
Description = Catalog Database (1332) Datenbank C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
wurde teilweise angehängt. Anhängungsstufe: 3. Fehler: -1032.
Error - 19.03.2013 12:01:58 | Computer Name = USER1-E1DFC2AF4 | Source = ESENT | ID = 494
Description = Catalog Database (1332) Bei Datenbankwiederherstellung trat ein Fehler
auf (Fehler -1216), da Verweise auf Datenbank 'C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb'
festgestellt wurden, die nicht mehr vorhanden ist. Die Konsistenz der Datenbank
wurde nicht wiederhergestellt, bevor sie entfernt (oder möglicherweise verschoben
oder umbenannt) wurde. Das Datenbankmodul lässt den Abschluss der Wiederherstellung
für diese Instanz erst dann zu, wenn die fehlende Datenbank wieder verfügbar gemacht
wird. Wenn die Datenbank tatsächlich nicht mehr verfügbar ist, sollten Sie sich
mit dem Microsoft Software Service in Verbindung setzen. Dort erhalten Sie weitere
Anweisungen zu den Schritten, die erforderlich sind, damit die Wiederherstellung
auch ohne diese Datenbank fortgesetzt werden kann.
Error - 19.03.2013 12:01:58 | Computer Name = USER1-E1DFC2AF4 | Source = ESENT | ID = 454
Description = Catalog Database (1332) Bei Datenbankwiederherstellung trat ein unerwarteter
Fehler -1216 auf.
Error - 02.04.2013 14:27:57 | Computer Name = USER1-E1DFC2AF4 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Skype.exe, Version 5.6.59.110, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 22.04.2013 19:26:33 | Computer Name = USER1-E1DFC2AF4 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.04.2013 19:27:03 | Computer Name = USER1-E1DFC2AF4 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.04.2013 19:27:33 | Computer Name = USER1-E1DFC2AF4 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.04.2013 19:28:03 | Computer Name = USER1-E1DFC2AF4 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.04.2013 19:28:33 | Computer Name = USER1-E1DFC2AF4 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.04.2013 19:29:03 | Computer Name = USER1-E1DFC2AF4 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.04.2013 19:30:03 | Computer Name = USER1-E1DFC2AF4 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.04.2013 19:30:33 | Computer Name = USER1-E1DFC2AF4 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.04.2013 19:31:03 | Computer Name = USER1-E1DFC2AF4 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 22.04.2013 19:31:33 | Computer Name = USER1-E1DFC2AF4 | Source = DCOM | ID = 10010
Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
Nach einem Neustart war es leider vorbei mit dem Frieden, der Trojaner hinderte mich nun an der Arbeit. Taskmanager und abgesichert Modus gingen leider auch nicht... Deshalb hab ich die Logs auf einem anderen Rechner analysiert. Den befallenen Rechner hab ich von einem USB Stick gestartet und folgende Datein umbenannt: C:\Dokumente und Einstellungen\user1\7254830.dll C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0oljm.dat C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlo0.js das mjlo0.js hätte ich mir vermutlich sparen können, es scheint nur der Dropper zu sein. Damit war der Spuk erst mal vorbei. Daraufhin lieferte Gmer folgendes Ergebniss: GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-23 18:43:14
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OADEA 55,89GB
Running: ft3qpr2p.exe; Driver: C:\DOKUME~1\user1\LOKALE~1\Temp\kwnyipod.sys
---- System - GMER 2.1 ----
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xF76BD1AE]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 TPInput.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 TPInput.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Soweit so gut. Ich habe das Java6 , das vermutlich die Einfallslücke war von der Platte geputzt. Überbleibsel sind noch ein paar verwaiste Autostarts, die sich beschweren, das sie ihr File nicht finden können.  Hier ein nochmaliger OTL Lauf:OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.04.2013 17:40:26 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = c:\Dokumente und Einstellungen\user1\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,42 Mb Total Physical Memory | 411,90 Mb Available Physical Memory | 40,60% Memory free 1,63 Gb Paging File | 1,14 Gb Available in Paging File | 70,04% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 55,89 Gb Total Space | 16,43 Gb Free Space | 29,40% Space Free | Partition Type: NTFS Drive E: | 14,83 Gb Total Space | 8,44 Gb Free Space | 56,93% Space Free | Partition Type: FAT32 Computer Name: USER1-E1DFC2AF4 | User Name: user1 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.16 12:24:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Dokumente und Einstellungen\user1\Desktop\OTL.exe PRC - [2013.02.18 16:42:11 | 001,151,152 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe PRC - [2013.02.18 16:42:11 | 000,968,880 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe PRC - [2012.12.03 09:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2012.10.04 17:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe PRC - [2012.08.15 20:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012.06.11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE PRC - [2012.02.02 23:31:11 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe PRC - [2011.02.23 23:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.11.25 16:02:38 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe PRC - [2010.09.23 15:27:47 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe PRC - [2010.09.23 15:27:42 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgemc.exe PRC - [2010.07.15 21:43:12 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe PRC - [2010.07.15 21:43:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe PRC - [2010.07.15 21:42:59 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe PRC - [2010.07.06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe PRC - [2010.02.01 22:51:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.02.01 22:51:52 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2008.07.04 00:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.09.14 07:02:10 | 001,080,264 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE PRC - [2005.04.27 11:09:46 | 000,385,024 | ---- | M] () -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe PRC - [2005.04.27 09:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe PRC - [2005.04.04 12:43:32 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2005.03.24 16:20:34 | 000,086,016 | ---- | M] (IBM Corporation) -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2005.03.18 03:07:00 | 000,745,472 | ---- | M] (IBM Corp.) -- C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE PRC - [2005.03.18 03:07:00 | 000,086,016 | ---- | M] (IBM Corp.) -- C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE PRC - [2005.03.18 03:07:00 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE PRC - [2004.10.14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe PRC - [2004.09.06 16:03:52 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2003.08.22 02:01:00 | 000,229,376 | ---- | M] (IBM Corporation) -- C:\Programme\ThinkPad\UltraNav-Assistent\UNavTray.exe PRC - [2003.07.11 18:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe ========== Modules (No Company Name) ========== MOD - [2013.02.18 16:42:11 | 001,151,152 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe MOD - [2013.02.18 16:42:11 | 000,968,880 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe MOD - [2013.02.18 16:42:11 | 000,156,848 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll MOD - [2011.02.06 12:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2010.06.28 14:21:42 | 009,905,152 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtWebKit4.dll MOD - [2010.06.28 14:21:42 | 007,793,152 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtGui4.dll MOD - [2010.06.28 14:21:42 | 002,530,304 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtXmlPatterns4.dll MOD - [2010.06.28 14:21:42 | 002,094,592 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtCore4.dll MOD - [2010.06.28 14:21:42 | 001,116,160 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtScript4.dll MOD - [2010.06.28 14:21:42 | 000,915,456 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\QtNetwork4.dll MOD - [2010.06.28 14:21:42 | 000,232,960 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\phonon4.dll MOD - [2010.06.28 14:21:42 | 000,120,320 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qjpeg4.dll MOD - [2010.06.28 14:21:42 | 000,022,016 | ---- | M] () -- C:\Programme\Veoh Networks\VeohWebPlayer\imageformats\qgif4.dll MOD - [2010.06.17 22:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2010.05.29 13:31:21 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2005.04.27 11:09:46 | 000,385,024 | ---- | M] () -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe MOD - [2005.04.27 09:53:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\pwdmon.dll MOD - [2005.04.14 01:01:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL MOD - [2005.04.14 01:01:00 | 000,036,864 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL MOD - [2005.04.05 15:02:26 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\TpShocks\MUI\0407\TpShocks.dll MOD - [2005.04.04 12:43:32 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe MOD - [2005.03.23 02:11:00 | 000,036,864 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL MOD - [2005.01.27 17:51:00 | 000,028,672 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\IconRes.dll MOD - [2005.01.27 17:50:54 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\Res\GR\TrayRes.dll MOD - [2004.09.06 16:03:52 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe MOD - [2004.08.17 12:28:12 | 000,225,280 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll MOD - [2004.08.12 20:11:26 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll MOD - [2003.07.11 18:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe MOD - [2003.07.03 23:49:30 | 000,024,576 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\ALLUSE~1\ANWEND~1\0oljm.dat -- (winmgmt) SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv) SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013.03.04 11:54:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.18 16:42:11 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0) SRV - [2012.06.11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012.06.11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2011.11.10 15:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2011.02.18 17:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.09.23 15:27:42 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010.07.15 21:43:08 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2005.05.24 22:36:46 | 000,163,840 | ---- | M] (Broadcom Corporation) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005.04.27 11:09:46 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service) SRV - [2005.03.18 03:07:00 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.11 18:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -- (SYMIDSCO) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013.02.18 16:42:12 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2011.09.18 18:05:51 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011.05.06 15:46:02 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010.07.15 21:43:01 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2008.08.04 13:56:28 | 000,424,320 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008.08.04 13:56:27 | 000,470,208 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211) DRV - [2008.04.03 10:11:22 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2005.10.09 22:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM) DRV - [2005.05.24 22:59:46 | 000,017,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2005.05.24 22:58:20 | 001,241,818 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2005.05.24 22:57:36 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2005.05.24 22:57:20 | 000,055,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005.05.24 22:23:40 | 000,148,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2005.05.17 02:34:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2005.05.10 22:07:44 | 001,133,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.04.27 10:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter) DRV - [2005.04.21 16:44:54 | 000,014,336 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nsctpm11.sys -- (TPM11) DRV - [2005.04.14 01:01:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2005.03.18 03:07:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF) DRV - [2005.03.18 03:07:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2005.03.18 03:07:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK) DRV - [2005.03.17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005.02.14 08:00:10 | 003,255,168 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) DRV - [2005.02.01 17:00:42 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio) DRV - [2005.01.25 16:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.01.25 16:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2005.01.25 16:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005.01.21 01:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2005.01.21 01:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2004.12.02 16:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM) DRV - [2004.12.02 15:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput) DRV - [2004.11.10 16:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2004.10.15 10:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={57E89308-68AA-11E2-BE2B-000E9BDFEA47} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5B107BE7-0F32-464E-8B26-ED8044AAA671}&mid=0a587171fc449f004d455b1c69e8d00e-f5a28b6c490081e812b1e67eb31896b80a16b2ed&lang=de&ds=AVG&pr=fr&d=2011-12-07 08:48:52&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5B107BE7-0F32-464E-8B26-ED8044AAA671}&mid=0a587171fc449f004d455b1c69e8d00e-f5a28b6c490081e812b1e67eb31896b80a16b2ed&lang=de&ds=AVG&pr=fr&d=2011-12-07 08:48:52&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=OIE8HP&PC=UP62 IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=UP62DF&PC=UP62&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={5B107BE7-0F32-464E-8B26-ED8044AAA671}&mid=0a587171fc449f004d455b1c69e8d00e-f5a28b6c490081e812b1e67eb31896b80a16b2ed&lang=de&ds=AVG&pr=fr&d=2011-12-07 08:48:52&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6PQDz6xGDs&i=26 IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={57E89308-68AA-11E2-BE2B-000E9BDFEA47} IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SweetIM Search" FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={57E89308-68AA-11E2-BE2B-000E9BDFEA47}" FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.2.0.1 FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.02 FF - prefs.js..extensions.enabledAddons: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.18.0.7 FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.5.7.20130322105505 FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..extensions.enabledItems: avg@toolbar:14.1.0.10 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855 FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?pid=avg&sg=&cid=%7B97192599-6448-4ca1-988b-d205fb49d5af%7D&mid=0a587171fc449f004d455b1c69e8d00e-f5a28b6c490081e812b1e67eb31896b80a16b2ed&ds=AVG&v=14.2.0.1&lang=de&pr=fr&d=2011-12-07%2008%3A48%3A52&sap=ku&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb155?a=6PQDz6xGDs&i=26" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\FireFoxExt\14.2.0.1 [2013.02.18 16:42:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.04 11:54:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.03.04 11:54:27 | 000,000,000 | ---D | M] [2010.05.30 13:37:45 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Extensions [2013.03.29 15:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions [2010.10.10 12:03:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.03.29 15:06:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.03.11 14:00:35 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e} [2013.01.27 19:53:14 | 000,000,000 | ---D | M] (SweetPacks Toolbar for Firefox) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2013.03.11 13:59:57 | 000,021,485 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\extensions\plugin@yontoo.com.xpi [2010.06.29 18:22:34 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\searchplugins\conduit.xml [2012.07.15 20:57:35 | 000,002,203 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\searchplugins\MyStart Search.xml [2013.01.27 19:53:54 | 000,003,998 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Mozilla\Firefox\Profiles\973j61i7.default\searchplugins\sweetim.xml [2013.03.04 11:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.10 23:50:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.02.18 16:42:58 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1 File not found (No name found) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2013.03.04 11:54:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.03.10 21:45:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2013.03.04 11:53:28 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.18 16:43:03 | 000,003,714 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml [2013.03.04 11:53:28 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.03.04 11:53:28 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.03.04 11:53:28 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.04 11:53:28 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.04 11:53:28 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={57E89308-68AA-11E2-BE2B-000E9BDFEA47} CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\ CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\ CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\ CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\ CHR - Extension: No name found = C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.) O4 - HKLM..\Run: [QCTRAY] C:\Programme\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.) O4 - HKLM..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.) O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005..\Run: [VeohPlugin] C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - Startup: C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3927585152-1965609010-1154414099-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229524380906 (WUWebControl Class) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll () O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (IBM Corp.) O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user1\Anwendungsdaten\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.03 10:35:04 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.12.05 11:15:06 | 000,000,039 | ---- | M] () - E:\Autorun.inf -- [ FAT32 ] O33 - MountPoints2\{e7251998-db89-11df-bbe8-000e9bdfea47}\Shell\AutoRun\command - "" = E:\pstart.exe O33 - MountPoints2\{e7251998-db89-11df-bbe8-000e9bdfea47}\Shell\open\command - "" = E:\pstart.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.24 17:39:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user1\Desktop\OTL.exe [2013.04.23 01:58:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.02 21:27:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe,xxx [2013.03.25 23:18:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user1\Eigene Dateien\Personalien [2013.03.25 21:56:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.24 17:38:30 | 000,002,340 | ---- | M] () -- C:\WINDOWS\wincmd.ini [2013.04.24 17:37:10 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.04.24 17:32:12 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.24 17:31:32 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2013.04.24 17:31:04 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.04.24 17:30:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.24 17:29:53 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys [2013.04.23 16:22:44 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlo0.pad,xxx [2013.04.23 14:11:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.04.23 11:49:08 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Desktop\ft3qpr2p.exe [2013.04.02 21:31:02 | 000,000,803 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\msconfig.lnk [2013.04.02 21:29:06 | 000,003,037 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlo0.js,xxx [2013.04.02 21:27:52 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0oljm.dat,xxx [2013.04.02 21:27:50 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe,xxx [2013.04.02 21:26:50 | 000,130,048 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\7254830-dll.vir [2013.04.01 22:40:07 | 000,001,788 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2013.04.01 20:31:45 | 000,343,153 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Eigene Dateien\20ter Geb. Einladung.odt [2013.04.01 00:52:22 | 000,459,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.04.01 00:52:22 | 000,441,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.04.01 00:52:22 | 000,071,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.04.01 00:52:21 | 000,085,224 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.03.29 15:46:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.03.25 23:25:26 | 000,330,838 | ---- | M] () -- C:\Dokumente und Einstellungen\user1\Eigene Dateien\20. Geburtstag.JPG [2013.03.25 21:56:54 | 000,001,898 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2013.03.25 18:03:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.24 17:39:17 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Desktop\ft3qpr2p.exe [2013.04.02 21:31:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.04.02 21:30:59 | 000,000,803 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Startmenü\Programme\Autostart\msconfig.lnk [2013.04.02 21:29:06 | 000,003,037 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlo0.js,xxx [2013.04.02 21:28:58 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mjlo0.pad,xxx [2013.04.02 21:27:52 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\0oljm.dat,xxx [2013.04.02 21:26:50 | 000,130,048 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\7254830-dll.vir [2013.04.01 20:31:44 | 000,343,153 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Eigene Dateien\20ter Geb. Einladung.odt [2013.03.25 23:25:25 | 000,330,838 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Eigene Dateien\20. Geburtstag.JPG [2013.03.25 21:56:54 | 000,001,898 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2012.03.18 09:13:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.12.04 18:38:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2011.12.04 18:38:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2011.04.28 19:49:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\graphedt.INI [2010.06.01 17:00:41 | 000,073,728 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.04.03 10:34:57 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\user1\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.04.03 09:46:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 03:00:25 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Mir kommt der Rechner im Augenblick ziemlich langsam vor. Er hat aber schon ein paar Jährchen auf dem Buckel. Sonst fällt mir nichts wirklich auf. sieht jemand noch was anderes ? Gruß leonardo8 Geändert von leonardo8 (24.04.2013 um 21:32 Uhr) |
Baum-Darstellung