Internet Explorer startet im Hintergrund und spielt Reklame

babyhermann · 16.09.2009, 20:42

Moinsen allerseits,

Ich hab ein Problem, das hier schon gepostet wurde und auf Swizzor.A verweist: http://www.trojaner-board.de/28388-anleitung-entfernung-von-swizzor.html

Leider hat das bei mir nix geholfen, ich finde nämlich weder irgendwelche Programme, die ich deinstallieren könnte, noch Einträge in meiner HijackThis logfile, die dem genannten Muster in der Anleitung ähneln.

Mein Problem kurz gefasst: Ich benutze Firefox aber Internet Explorer startet regelmässig im Hintergrund und spielt beizeiten auch gerne Reklame ein. TOTNERVIG!

Streber wie ich bin habe ich die Regeln zum Posten durchgelesen und CCleaner, sowie RSIT installiert und ausgeführt. Malwarebytes-Anti-Malware ging bei mir leider nicht, jeder Versuch es zu starten wurde bei mir unterdrückt.

Möchte gleich noch vorweg nehmen, dass ich nicht der Fortgeschrittenste bin was Computer anbelangt, bitte zieht das bei Euren Instruktionen mir gegenüber in Betracht

Danke schonmal vorweg!!!

/BH

(P.s.: Ich habe ein weiteres Problem, und zwar dass meine Google-Suchresultate regelmässig weitergeleitet werden auf irgendwelche Werbeseiten. Ich werde einen unabhängigen Post erstellen, aber sollten diese 2 Dinge irgendwie zusammenhängen, wäre ich Euch dankbar wenn Ihr mich darauf hinweist.)

Hier meine RSIT log und info txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-16 20:56:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (19%) free of 25 GB
Total RAM: 1022 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:11 PM, on 9/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
D:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.***.net/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 10842 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-11-08 86016]
{D4027C7F-154A-4066-A1AD-4243D8127440}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"TrackPointSrv"=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [2008-03-04 92960]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007-12-05 122880]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-05 524288]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2008-11-08 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-11-08 368640]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-04 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-06 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Administrator.EXPERIEN-4D4040\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2008-07-05 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-21 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=1
"ForceClassicControlPanel"=1
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MemCheckBoxInRunDlg"=
"StartMenuFavorites"=
"Start_ShowMyComputer"=
"Start_ShowMyDocs"=
"Start_ShowMyMusic"=
"Start_ShowRun"=
"Start_ShowSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled

C++"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*

isabled:WinRAR archiver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e209a81a-89bb-11dd-84d6-001641170708}]
shell\AutoRun\command - G:\DTSP_Launcher.exe

======List of files/folders created in the last 1 months======

2009-09-16 20:56:05 ----D---- C:\rsit
2009-09-16 20:26:12 ----D---- C:\Program Files\CCleaner
2009-09-14 23:02:03 ----SHD---- C:\Config.Msi
2009-09-10 23:27:49 ----D---- C:\Program Files\Trend Micro
2009-08-29 16:39:12 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-08-29 15:28:57 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-29 15:28:46 ----D---- C:\Program Files\Lavasoft
2009-08-29 15:28:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-08-29 00:52:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations
2009-08-28 19:00:00 ----D---- C:\Documents and Settings\Administrator.EXPERIEN-4D4040\Application Data\VSRevoGroup
2009-08-23 00:36:33 ----A---- C:\WINDOWS\Sysvxd.exe

babyhermann · 16.09.2009, 20:47

(fortsetzung)

======List of files/folders modified in the last 1 months======

2009-09-16 20:55:52 ----D---- C:\WINDOWS\Temp
2009-09-16 20:53:33 ----D---- C:\Program Files\Mozilla Firefox
2009-09-16 20:51:13 ----RD---- C:\Program Files
2009-09-16 20:51:13 ----D---- C:\WINDOWS\system32\drivers
2009-09-16 20:50:38 ----D---- C:\WINDOWS\system32
2009-09-16 20:49:47 ----D---- C:\WINDOWS
2009-09-16 20:47:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-16 20:47:51 ----A---- C:\Log.txt
2009-09-16 20:47:33 ----AC---- C:\WINDOWS\bdagent.INI
2009-09-16 20:30:05 ----D---- C:\WINDOWS\Debug
2009-09-15 21:55:32 ----D---- C:\WINDOWS\Prefetch
2009-09-15 20:24:16 ----SHD---- C:\WINDOWS\CSC
2009-09-14 23:15:10 ----SHD---- C:\WINDOWS\Installer
2009-09-14 23:09:42 ----D---- C:\Documents and Settings\Administrator.EXPERIEN-4D4040\Application Data\Winamp
2009-09-14 23:05:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2009-09-14 23:02:07 ----D---- C:\Program Files\Common Files
2009-09-14 23:02:06 ----D---- C:\Program Files\Skype
2009-08-29 15:33:33 ----HD---- C:\WINDOWS\inf
2009-08-29 15:30:27 ----SD---- C:\WINDOWS\Tasks
2009-08-29 15:30:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-29 15:30:12 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-29 15:28:38 ----D---- C:\WINDOWS\WinSxS
2009-08-29 15:13:30 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-29 15:11:38 ----D---- C:\Program Files\Mio Technology
2009-08-29 14:53:17 ----D---- C:\Program Files\Replay Music 3
2009-08-29 14:50:01 ----AC---- C:\WINDOWS\system32\AUDIOGENIE2.DLL
2009-08-29 14:05:45 ----D---- C:\wincmd
2009-08-29 14:05:45 ----D---- C:\Program Files\Windows Media Player
2009-08-29 14:05:45 ----D---- C:\audiograbber
2009-08-29 00:53:41 ----D---- C:\Program Files\Nokia
2009-08-29 00:53:41 ----D---- C:\Program Files\Common Files\Nokia
2009-08-22 20:02:17 ----D---- C:\Program Files\Java
2009-08-22 19:46:02 ----D---- C:\Programmes
2009-08-19 22:36:43 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-07-02 11520]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-05-06 36352]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-09-25 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-03-09 7168]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-21 2156032]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-11-08 86792]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-11-21 879624]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-10-18 242304]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-08-08 23720]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-06-01 30144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-10 260224]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-05 177664]
R3 TPInput;TPInput; C:\WINDOWS\System32\DRIVERS\TPInput.sys [2006-09-26 6528]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EU3_USB;WLAN miniUSB Adapter Driver; C:\WINDOWS\system32\DRIVERS\EU3USB.sys [2004-02-13 690176]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2006-01-19 17280]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 STV680;USB Dual-mode Camera; C:\WINDOWS\system32\drivers\STV680.sys [2002-02-11 119536]
S3 STV680m;USB Dual-mode Cameram; C:\WINDOWS\system32\drivers\STV680m.sys [2002-02-11 9024]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 WWSPLIT;Willing Webcam WDM Driver; C:\WINDOWS\system32\DRIVERS\wwsplit.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-07-05 90112]
R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-03-21 364629]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-07-05 212992]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-21 483328]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-11-26 264800]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-08-08 41248]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-05-06 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-12-02 1179648]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-25 94208]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-11-08 1261568]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-06 14336]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2008-11-08 86016]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-05-06 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-18 658432]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

babyhermann · 16.09.2009, 20:49

(fortsetzung)

info.txt logfile of random's system information tool 1.06 2009-09-16 20:56:14

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
Access IBM-->MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Ad-Aware-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
BitDefender Total Security 2008-->MsiExec.exe /I{DB368901-C41E-4D86-9809-E0EE635A6939}
BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Canon CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x7
ccc-Branding-->MsiExec.exe /I{7379FDD1-D0ED-4FF2-B168-E246772E731E}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Creative Jukebox Driver-->C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove
DC++ 0.750-->"C:\Program Files\DC++\uninstall.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
FTP Commander-->C:\Program Files\FTP Commander\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
ManyCam 2.4 (remove only)-->"C:\Program Files\ManyCam 2.4\uninstall.exe"
Message Center Plus-->MsiExec.exe /X{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web MUI (English)-->MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web-->MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Home Media Server-->MsiExec.exe /X{0EEB3C40-2A8C-4045-B3F9-13C4A5C490C0}
Nokia Map Loader-->MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia Music-->MsiExec.exe /I{7035F31B-20DA-4522-B0DB-3CA18B46DD77}
Nokia Ovi Application Installer 6.85.3011-->msiexec /qn /x {42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Application Installer-->MsiExec.exe /I{42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Content Copier 6.85.3011-->msiexec /qn /x {6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Content Copier-->MsiExec.exe /X{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Suite-->MsiExec.exe /I{2218B96C-ABA2-45D9-A0B4-56B71F5303DB}
Nokia Ovi System Utilities 6.85.3018-->msiexec /qn /x {F9EA1C47-64A6-45E4-9A80-8CC1575B971D}
Nokia Ovi System Utilities-->MsiExec.exe /X{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}
Nokia Photos-->MsiExec.exe /I{9292B96D-B693-4F07-B5FE-21CCDC7CB4AF}
Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Integrated 56K Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -ITkp0559k.inf -ISFG
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anything
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad SATA Power Management Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}\SETUP.EXE" -l0x9 anything
ThinkPad TrackPoint Driver-->C:\Program Files\Lenovo\TrackPoint\tp4unins.exe
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\Setup.exe" -l0x9 UNINSTALL
ThinkPad UltraNav Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x9 UNINSTALL
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\setup.dll" -l0x9 UNINSTALLFROMSYS
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\SETUP.EXE" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WD Backup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A351224F-533A-4EED-89F4-0BF3417FD31D}\setup.exe" -l0x9
WD Firewire HID Driver-->MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
Windows Commander (Remove or Repair)-->c:\wincmd\wcuninst.exe
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
Xbox Commander version 4.1-->MsiExec.exe /I{7D92D3FC-F62A-430D-A0B4-2AF50CFB4F58}
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======Hosts File======

127.0.0.1 update.bitdefender.com127.0.0.1 update.bitdefender.com

Securitycenter WMI appears to be broken

======System event log======

Computer Name: EXPERIEN-4D4040
Event Code: 43034
Message: Unknown EDID version

Record Number: 9105
Source Name: ati2mtag
Time Written: 20090717212705.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 43034
Message: Unknown EDID version

Record Number: 9104
Source Name: ati2mtag
Time Written: 20090717212705.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 43034
Message: Unknown EDID version

Record Number: 9103
Source Name: ati2mtag
Time Written: 20090717212705.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 43034
Message: Unknown EDID version

Record Number: 9102
Source Name: ati2mtag
Time Written: 20090717212705.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 43034
Message: Unknown EDID version

Record Number: 9101
Source Name: ati2mtag
Time Written: 20090717212705.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: EXPERIEN-4D4040
Event Code: 1
Message:
Record Number: 2255
Source Name: Nokia Software Installer
Time Written: 20090717203854.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 1
Message:
Record Number: 2254
Source Name: Nokia Software Installer
Time Written: 20090717203837.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 1
Message:
Record Number: 2253
Source Name: Nokia Software Installer
Time Written: 20090717203837.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://w*w.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Record Number: 2192
Source Name: crypt32
Time Written: 20090615220201.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://w*w.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Record Number: 2191
Source Name: crypt32
Time Written: 20090615220201.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\Downloaded Program Files;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Lenovo
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"TVT"=C:\Program Files\Lenovo

-----------------EOF-----------------

john.doe · 16.09.2009, 22:21

Hallo und

Du hast kein Swizzor, deshalb nützt dir die Entfernung von Swizzor recht wenig.

Trojan.Qhost.AKR

=> http://www.trojaner-board.de/51187-a...i-malware.html (benenne es um in moppel.exe)

=> http://www.trojaner-board.de/74908-a...t-scanner.html

ciao, andreas

babyhermann · 18.09.2009, 22:48

Zitat:

Zitat von john.doe

Hallo und

Du hast kein Swizzor, deshalb nützt dir die Entfernung von Swizzor recht wenig.

Trojan.Qhost.AKR

=> http://www.trojaner-board.de/51187-a...i-malware.html (benenne es um in moppel.exe)

=> http://www.trojaner-board.de/74908-a...t-scanner.html

ciao, andreas

Hi Andreas!

Naaa, das wusste ich doch, wollt Dich nur mal testen

Ok, Spass beiseite, die Symptome sahen sich so ähnlich, dass ich es für Swizzor hielt.

Danke erstmal für die schnelle Hilfe und die Willkommensgrüsse

Habe die scans durchgeführt, aber anti-malwarebyte habe ich erst in Safemode zum laufen gekriegt. Ansonsten wurde es immer unterdrückt, egal ob ich es umbenannte oder nicht.

Kann noch nicht sagen, ob es geklappt hat, aber bis jetzt scheint alles ok.

Riesigen Dank für's erste. Hier die Resultate, sag Bescheid wenn Dir was auffällt:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 5.1.2600 Service Pack 3 (Safe Mode)

9/17/2009 10:58:09 PM
mbam-log-2009-09-17 (22-58-09).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 208879
Laufzeit: 58 minute(s), 30 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
\\?\globalroot\systemroot\system32\UACtnofrxnscm.dll (Trojan.Agent) -> Delete on reboot.
\\?\globalroot\systemroot\system32\UACjaypiboeig.dll (Rootkit.TDSS) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
\\?\globalroot\systemroot\system32\UACtnofrxnscm.dll (Trojan.Agent) -> Quarantined and deleted successfully.
\\?\globalroot\systemroot\system32\UACjaypiboeig.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

______

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-18 00:28:42
Windows 5.1.2600 Service Pack 3
Running: rq8uhgi1.exe; Driver: C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp\awwcqpod.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF766187E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xEE542B4C]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xEE542C3A]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7661BFE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xEE542AB0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender SRL)

---- EOF - GMER 1.0.15 ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:48 PM, on 9/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.christiankaulbach.net/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Moppel\moppel.exe" /runcleanupscript
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 11004 bytes

john.doe · 21.09.2009, 19:44

Hast du mit nLite gearbeitet?

ciao, andreas

babyhermann · 21.09.2009, 21:06

Nope, nicht bewusst zumindest...

/Christian

john.doe · 22.09.2009, 15:55

Die hier vorgestellten Programme benötigt Windows nicht unbedingt.
Bitte unter Start => Systemsteuerung => Software => Ändern/Entfernen... deinstallieren.

Selbst wenn du ein sicheres P2P Programm verwendest, ist es nur das Programm, das sicher ist. Du wirst Daten von unsicheren Quellen teilen und diese sind häufig infiziert.

Also BitTornado und DC++ bitte sofort deinstallieren, ansonsten sind alle weiteren Schritte eher sinnlos.

1.) Deinstalliere (die Hälfte der Einträge musste ich googlen, alleine bei der Beschreibung für einige Programme, ist mir schlecht geworden):

Ad-Aware
Adobe Reader 8.1.2
BitTornado 0.3.17
Choice Guard (Oder wurde das etwa bewusst installiert?)
DC++ 0.750
Java(TM) 6 Update 11
Message Center Plus

Die Hälfte der Nokia und Thinkpad-Software halte ich auch für entbehrlich.

2.) Installiere (Toolbars immer abwählen, Haken weg):

3.) Lade dir Lop S&D herunter.

Führe Lop S&D.exe per Doppelklick aus.
Wähle die Sprache deiner Wahl und anschließend die Option 2.
Warte bis der Scanbericht erstellt wird und poste ihn hier (Du findest ihn unter C:\lopR.txt, sollte der Bericht nicht erscheinen).

4.) Starte HJT => Do a system scan only => Markiere:

Code:

ATTFilter

Alle R0, O2, O3, O8, O9, O16 und O20-Einträge
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')			Nicht bekanntes Programm. 
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')

=> Fix checked => Neustart => Neues HJT-Log posten

ciao, andreas

babyhermann · 22.09.2009, 22:45

Haha, schlecht geworden?! Ich hätte nicht gedacht, dass meine Installationen anderen so sehr auf's Gemüt schlagen könnten

Eine Sache: "Choice Guard (Oder wurde das etwa bewusst installiert?)" --> Ist nicht installiert meines Wissens nach und auf jeden Fall nicht bewusst von mir. Weder Revo noch Windows uninstall zeigen mir das Programm an...

Anyway, ich setz mich morgen mit Deiner Anleitung auseinander und melde mich dann. Nochmals allerherzlichsten Dank für Deine Hilfe, schätze sie sehr.

Bis denn,
Christian

john.doe · 22.09.2009, 22:54

Zitat:

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Start => Ausführen => MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} => OK

ciao, andreas

babyhermann · 28.09.2009, 22:52

Hi Andreas,

Sorry, dass es ne Weile gedauert hat, ich musste kurzfristig auf Geschäftsreise

Aaaaalso, jetzt habe ich alles durch, hier die Ergebnisse:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.86GHz )
BIOS : Phoenix FirstBIOS(tm) Notebook Pro Version 2.0 for IBM ThinkPad
USER : Administrator ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:24 Go (Free:3 Go)
D:\ (Local Disk) - NTFS - Total:12 Go (Free:11 Go)
E:\ (CD or DVD) - CDFS - Total:1 Go (Free:0 Go)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( Mon 09/28/2009|23:29 )

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Geloescht ! - C:\DOCUME~1\ADMINI~1.EXP\Cookies\administrator@partypoker[2].txt
-
[ Hosts Datei ] .. Wiederhergestellt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Ordner Verzeichnis unter APPLIC~1

[07/01/2008|10:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[07/01/2008|10:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[07/01/2008|08:38] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[07/01/2008|08:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla

[08/10/2008|02:44] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> .BitTornado
[08/20/2008|09:59] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Adobe
[08/29/2008|12:04] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> ArcSoft
[08/05/2008|08:43] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> ATI
[08/26/2008|08:55] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Avaya
[11/06/2008|10:32] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> BitDefender
[09/07/2008|05:28] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Canon
[08/28/2008|11:22] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Creative
[09/28/2009|10:10] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> DC++
[06/01/2009|08:28] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Downloaded

Installations
[09/28/2009|11:08] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Foxit
[08/07/2008|05:55] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Google
[03/14/2009|11:56] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Heitmeijer
[08/30/2008|01:07] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Help
[08/05/2008|09:21] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> IBM
[07/01/2008|11:42] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Identities
[08/04/2008|05:52] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Macromedia
[09/17/2009|09:56] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Malwarebytes
[06/14/2009|08:35] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> ManyCam
[08/17/2008|09:47] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Media Player Classic
[04/07/2009|08:59] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Microsoft
[01/25/2009|04:29] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Mozilla
[07/17/2009|09:22] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Nokia
[07/18/2009|04:04] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Nseries
[07/17/2009|09:34] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> PC Suite
[09/22/2009|12:04] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Skype
[09/21/2009|10:17] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> skypePM
[08/07/2008|05:51] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Sun
[04/26/2009|01:04] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> TVU networks
[08/28/2009|07:00] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> VSRevoGroup
[09/14/2009|11:09] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Winamp
[01/10/2009|03:05] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> WinRAR
[06/14/2009|08:11] C:\DOCUME~1\ADMINI~1.EXP\APPLIC~1\<DIR> Yahoo!

[07/01/2008|08:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft

[09/28/2009|10:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Adobe
[11/06/2008|10:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> BitDefender
[01/18/2009|06:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> FLEXnet
[08/11/2008|09:32] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> IBM
[08/29/2009|12:52] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Installations
[09/28/2009|10:04] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Lavasoft
[09/28/2009|10:18] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Lenovo
[09/17/2009|09:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Malwarebytes
[07/18/2009|04:02] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Microsoft
[08/17/2008|04:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Microsoft Help
[07/18/2009|09:59] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Nokia
[07/17/2009|09:17] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> NokiaMusic
[08/21/2008|07:43] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> NOS
[07/18/2009|04:03] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> PC Suite
[01/19/2009|11:13] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Rosetta Stone
[09/21/2009|10:14] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Skype
[05/22/2009|12:36] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> TVU Networks
[08/17/2008|09:12] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Winamp Toolbar
[09/24/2009|10:49] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> WinZip
[06/14/2009|05:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Yahoo!

[07/01/2008|08:31] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[07/01/2008|11:39] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\<DIR> Microsoft

[07/01/2008|08:31] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[07/01/2008|11:39] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\<DIR> Microsoft

[07/01/2008|08:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[07/01/2008|11:39] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\<DIR> Microsoft

--------------------\\ Geplante Aufgaben unter C:\WINDOWS\Tasks

[09/26/2009 03:30 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[09/28/2009 11:01 PM][--a--c---] C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[09/28/2009 11:05 PM][--a--c---] C:\WINDOWS\tasks\PMTask.job
[09/28/2009 11:04 PM][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[05/06/2008 02:00 PM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Ordner Verzeichnis unter C:\Program Files

[08/05/2008|07:10] C:\Program Files\<DIR> Analog Devices
[08/05/2008|08:40] C:\Program Files\<DIR> ATI Technologies
[11/06/2008|10:31] C:\Program Files\<DIR> BitDefender
[01/27/2009|10:41] C:\Program Files\<DIR> BOOMBox Radio Player
[08/05/2008|07:59] C:\Program Files\<DIR> Broadcom
[09/04/2008|09:52] C:\Program Files\<DIR> Canon
[09/16/2009|08:26] C:\Program Files\<DIR> CCleaner
[09/28/2009|10:12] C:\Program Files\<DIR> Common Files
[07/01/2008|08:30] C:\Program Files\<DIR> ComPlus Applications
[08/05/2008|09:10] C:\Program Files\<DIR> CONEXANT
[08/28/2008|11:36] C:\Program Files\<DIR> Creative
[08/28/2008|11:14] C:\Program Files\<DIR> Creative Installation Information
[07/18/2009|09:10] C:\Program Files\<DIR> DIFX
[08/05/2008|09:11] C:\Program Files\<DIR> Digital Line Detect
[06/21/2009|01:27] C:\Program Files\<DIR> DivX
[08/17/2008|07:12] C:\Program Files\<DIR> FLAC
[09/28/2009|11:21] C:\Program Files\<DIR> Foxit Software
[03/14/2009|10:24] C:\Program Files\<DIR> FTP Commander
[06/14/2009|08:18] C:\Program Files\<DIR> Google
[03/14/2009|11:56] C:\Program Files\<DIR> Heitmeijer
[08/05/2008|08:20] C:\Program Files\<DIR> IBM
[03/15/2009|12:58] C:\Program Files\<DIR> InstallShield Installation Information
[07/01/2008|10:23] C:\Program Files\<DIR> Intel
[09/28/2009|11:03] C:\Program Files\<DIR> Internet Explorer
[09/28/2009|11:25] C:\Program Files\<DIR> Java
[09/28/2009|10:18] C:\Program Files\<DIR> Lenovo
[01/08/2009|11:28] C:\Program Files\<DIR> MagicDisc
[11/06/2008|10:15] C:\Program Files\<DIR> MagicISO
[06/14/2009|08:35] C:\Program Files\<DIR> ManyCam 2.4
[04/07/2009|08:59] C:\Program Files\<DIR> Microsoft
[08/10/2008|05:17] C:\Program Files\<DIR> Microsoft Expression
[08/10/2008|05:07] C:\Program Files\<DIR> Microsoft Office
[08/10/2008|05:07] C:\Program Files\<DIR> Microsoft Visual Studio
[08/10/2008|05:04] C:\Program Files\<DIR> Microsoft Visual Studio 8
[08/10/2008|05:07] C:\Program Files\<DIR> Microsoft Works
[08/10/2008|05:06] C:\Program Files\<DIR> Microsoft.NET
[08/29/2009|03:11] C:\Program Files\<DIR> Mio Technology
[09/17/2009|09:42] C:\Program Files\<DIR> Moppel
[09/28/2009|11:27] C:\Program Files\<DIR> Mozilla Firefox
[07/17/2009|08:57] C:\Program Files\<DIR> MSBuild
[07/17/2009|09:18] C:\Program Files\<DIR> MSXML 6.0
[08/29/2008|12:03] C:\Program Files\<DIR> My Book
[07/01/2008|11:37] C:\Program Files\<DIR> NetMeeting
[08/05/2008|09:10] C:\Program Files\<DIR> NetWaiting
[08/29/2009|12:53] C:\Program Files\<DIR> Nokia
[08/21/2008|07:43] C:\Program Files\<DIR> NOS
[07/01/2008|08:30] C:\Program Files\<DIR> Online Services
[07/01/2008|08:35] C:\Program Files\<DIR> Opera
[07/01/2008|11:37] C:\Program Files\<DIR> Outlook Express
[07/17/2009|08:56] C:\Program Files\<DIR> Reference Assemblies
[08/29/2009|02:53] C:\Program Files\<DIR> Replay Music 3
[01/18/2009|06:31] C:\Program Files\<DIR> Rosetta Stone
[09/21/2009|10:14] C:\Program Files\<DIR> Skype
[08/05/2008|07:48] C:\Program Files\<DIR> Synaptics
[03/15/2009|12:58] C:\Program Files\<DIR> Team Craxtion
[08/05/2008|08:22] C:\Program Files\<DIR> ThinkPad
[09/10/2009|11:27] C:\Program Files\<DIR> Trend Micro
[07/01/2008|11:41] C:\Program Files\<DIR> Uninstall Information
[06/14/2009|04:38] C:\Program Files\<DIR> VS Revo Group
[06/14/2009|07:45] C:\Program Files\<DIR> Webcam
[04/07/2009|08:59] C:\Program Files\<DIR> Windows Live SkyDrive
[08/17/2008|09:31] C:\Program Files\<DIR> Windows Media Connect 2
[08/29/2009|02:05] C:\Program Files\<DIR> Windows Media Player
[07/01/2008|11:36] C:\Program Files\<DIR> Windows NT
[07/01/2008|11:38] C:\Program Files\<DIR> WindowsUpdate
[01/10/2009|03:04] C:\Program Files\<DIR> WinRAR
[08/17/2008|09:48] C:\Program Files\<DIR> XviD
[06/14/2009|08:23] C:\Program Files\<DIR> Yahoo!

--------------------\\ Ordner Verzeichnis unter C:\Program Files\Common Files

[08/29/2008|12:03] C:\Program Files\Common Files\<DIR> ArcSoft
[11/06/2008|10:31] C:\Program Files\Common Files\<DIR> BitDefender
[08/28/2008|11:14] C:\Program Files\Common Files\<DIR> Creative
[08/10/2008|05:07] C:\Program Files\Common Files\<DIR> DESIGNER
[06/21/2009|01:27] C:\Program Files\Common Files\<DIR> DivX Shared
[08/05/2008|08:20] C:\Program Files\Common Files\<DIR> InstallShield
[09/28/2009|10:18] C:\Program Files\Common Files\<DIR> Lenovo
[01/18/2009|06:32] C:\Program Files\Common Files\<DIR> Macrovision Shared
[06/14/2009|05:27] C:\Program Files\Common Files\<DIR> Microsoft Shared
[07/01/2008|08:30] C:\Program Files\Common Files\<DIR> MSSoap
[07/17/2009|09:16] C:\Program Files\Common Files\<DIR> muvee Technologies
[08/29/2009|12:53] C:\Program Files\Common Files\<DIR> Nokia
[07/01/2008|09:22] C:\Program Files\Common Files\<DIR> ODBC
[07/01/2008|11:37] C:\Program Files\Common Files\<DIR> Services
[09/21/2009|10:14] C:\Program Files\Common Files\<DIR> Skype
[07/01/2008|09:22] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/10/2008|05:04] C:\Program Files\Common Files\<DIR> System
[04/07/2009|08:53] C:\Program Files\Common Files\<DIR> Windows Live

--------------------\\ Process

( 61 Processes )

... OK !

--------------------\\ Ueberpruefung mit S_Lop

Kein Lop Ordner gefunden !

--------------------\\ Suche nach Lop Dateien - Ordnern

Kein Lop Ordner gefunden !

--------------------\\ Suche innerhalb der Registry

..... OK !

--------------------\\ Ueberpruefung der Hosts Datei

Hosts Datei SAUBER

--------------------\\ Suche nach verborgenen Dateien mit Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

GMER - Rootkit Detector and Remover
Rootkit scan 2009-09-28 23:31:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Suche nach anderen Infektionen

Kein anderen Infektionen gefunden !

[F:245][D:12]-> C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\Temp
[F:20][D:0]-> C:\DOCUME~1\ADMINI~1.EXP\Cookies
[F:140][D:6]-> C:\DOCUME~1\ADMINI~1.EXP\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 09/28/2009|23:32 - Option : [2]

--------------------\\ Scan beendet um 23:32:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:37 PM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Moppel\moppel.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 7031 bytes

Wie sieht's aus?

Danke und Gruss,
Christian

john.doe · 29.09.2009, 16:27

Lösche den Ordner c:\rsit und poste neue RSIT-Logs.

ciao, andreas

babyhermann · 05.10.2009, 20:36

Hi Andreas!

Done:

info.txt logfile of random's system information tool 1.06 2009-10-05 21:30:49

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
Access IBM-->MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class

ISPLAY -clean
BitDefender Total Security 2008-->MsiExec.exe /I{DB368901-C41E-4D86-9809-E0EE635A6939}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Canon CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x7
ccc-Branding-->MsiExec.exe /I{7379FDD1-D0ED-4FF2-B168-E246772E731E}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Creative Jukebox Driver-->C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FTP Commander-->C:\Program Files\FTP Commander\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.105-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Moppel\unins000.exe"
ManyCam 2.4 (remove only)-->"C:\Program Files\ManyCam 2.4\uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Expression Web MUI (English)-->MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web-->MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia Home Media Server-->MsiExec.exe /X{0EEB3C40-2A8C-4045-B3F9-13C4A5C490C0}
Nokia Map Loader-->MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia Music-->MsiExec.exe /I{7035F31B-20DA-4522-B0DB-3CA18B46DD77}
Nokia Ovi Application Installer 6.85.3011-->msiexec /qn /x {42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Application Installer-->MsiExec.exe /I{42B74521-4706-412A-9A27-AED12B83E886}
Nokia Ovi Content Copier 6.85.3011-->msiexec /qn /x {6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Content Copier-->MsiExec.exe /X{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}
Nokia Ovi Suite-->MsiExec.exe /I{2218B96C-ABA2-45D9-A0B4-56B71F5303DB}
Nokia Ovi System Utilities 6.85.3018-->msiexec /qn /x {F9EA1C47-64A6-45E4-9A80-8CC1575B971D}
Nokia Ovi System Utilities-->MsiExec.exe /X{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}
Nokia Photos-->MsiExec.exe /I{9292B96D-B693-4F07-B5FE-21CCDC7CB4AF}
Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Integrated 56K Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -ITkp0559k.inf -ISFG
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anything
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad SATA Power Management Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}\SETUP.EXE" -l0x9 anything
ThinkPad TrackPoint Driver-->C:\Program Files\Lenovo\TrackPoint\tp4unins.exe
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\Setup.exe" -l0x9 UNINSTALL
ThinkPad UltraNav Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x9 UNINSTALL
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\setup.dll" -l0x9 UNINSTALLFROMSYS
ThinkVantage Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\SETUP.EXE" -l0x9 anything
ThinkVantage Active Protection System-->MsiExec.exe /X{46A84694-59EC-48F0-964C-7E76E9F8A2ED}
TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe"
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WD Backup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A351224F-533A-4EED-89F4-0BF3417FD31D}\setup.exe" -l0x9
WD Firewire HID Driver-->MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
Windows Commander (Remove or Repair)-->c:\wincmd\wcuninst.exe
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox Commander version 4.1-->MsiExec.exe /I{7D92D3FC-F62A-430D-A0B4-2AF50CFB4F58}
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

=====HijackThis Backups=====

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.christiankaulbach.net/ [2009-09-28]
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2009-09-28]
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') [2009-09-28]
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') [2009-09-28]
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-09-28]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-09-28]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-28]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-09-28]
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2009-09-28]
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2009-09-28]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 [2009-09-28]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll [2009-09-28]
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) [2009-09-28]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-28]
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2009-09-28]
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') [2009-09-28]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL [2009-09-28]
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing) [2009-09-28]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-09-28]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-09-28]
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) [2009-09-28]
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2009-09-28]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-09-28]
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll [2009-09-28]
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2009-09-28]
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2009-09-28]
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-09-28]
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') [2009-09-28]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-09-28]
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2009-09-28]
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) [2009-09-28]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab [2009-09-28]

Securitycenter WMI appears to be broken

======System event log======

Computer Name: EXPERIEN-4D4040
Event Code: 43034
Message: Unknown EDID version

Record Number: 9750
Source Name: ati2mtag
Time Written: 20090730000907.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001641170708. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 9743
Source Name: Dhcp
Time Written: 20090730000500.000000+120
Event Type: warning
User:

Computer Name: EXPERIEN-4D4040
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 9740
Source Name: b57w2k
Time Written: 20090730000458.000000+120
Event Type: warning
User:

Computer Name: EXPERIEN-4D4040
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 9737
Source Name: b57w2k
Time Written: 20090730000451.000000+120
Event Type: warning
User:

Computer Name: EXPERIEN-4D4040
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 9731
Source Name: b57w2k
Time Written: 20090729194438.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: EXPERIEN-4D4040
Event Code: 1
Message:
Record Number: 2261
Source Name: Nokia Software Installer
Time Written: 20090717204640.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 1
Message:
Record Number: 2260
Source Name: Nokia Software Installer
Time Written: 20090717204440.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 1
Message:
Record Number: 2259
Source Name: Nokia Software Installer
Time Written: 20090717204440.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 1
Message:
Record Number: 2256
Source Name: Nokia Software Installer
Time Written: 20090717203854.000000+120
Event Type: error
User:

Computer Name: EXPERIEN-4D4040
Event Code: 1
Message:
Record Number: 2255
Source Name: Nokia Software Installer
Time Written: 20090717203854.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\WINDOWS\Downloaded Program Files;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Lenovo
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"TVT"=C:\Program Files\Lenovo

-----------------EOF-----------------

babyhermann · 05.10.2009, 20:39

(forts.1)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-10-05 21:30:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (16%) free of 25 GB
Total RAM: 1022 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:46 PM, on 10/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\System32\svchost.exe
D:\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Moppel\moppel.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 6955 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\PMTask.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"TrackPointSrv"=C:\Program Files\Lenovo\TrackPoint\tp4serv.exe [2008-03-04 92960]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007-12-05 122880]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-05 524288]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-03-24 68464]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [2008-11-08 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-11-08 368640]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
" Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Moppel\moppel.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-06 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Administrator.EXPERIEN-4D4040\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-21 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoSMConfigurePrograms"=1
"MemCheckBoxInRunDlg"=1
"NoSharedDocuments"=1
"NoActiveDesktop"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MemCheckBoxInRunDlg"=
"StartMenuFavorites"=
"Start_ShowMyComputer"=
"Start_ShowMyDocs"=
"Start_ShowMyMusic"=
"Start_ShowRun"=
"Start_ShowSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*

isabled:WinRAR archiver"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e209a81a-89bb-11dd-84d6-001641170708}]
shell\AutoRun\command - G:\DTSP_Launcher.exe

======List of files/folders created in the last 1 months======

2009-10-05 21:30:41 ----D---- C:\rsit
2009-09-28 23:29:37 ----A---- C:\lopR.txt
2009-09-28 23:26:52 ----D---- C:\Lop SD
2009-09-28 23:26:16 ----A---- C:\WINDOWS\system32\javaws.exe
2009-09-28 23:26:16 ----A---- C:\WINDOWS\system32\javaw.exe
2009-09-28 23:26:16 ----A---- C:\WINDOWS\system32\java.exe
2009-09-28 23:25:52 ----D---- C:\Program Files\Java
2009-09-28 23:08:40 ----D---- C:\Documents and Settings\Administrator.EXPERIEN-4D4040\Application Data\Foxit
2009-09-28 23:08:13 ----D---- C:\Program Files\Foxit Software
2009-09-28 23:01:19 ----D---- C:\WINDOWS\ie8updates
2009-09-28 23:01:13 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-28 23:00:25 ----D---- C:\WINDOWS\WBEM
2009-09-28 22:57:44 ----HDC---- C:\WINDOWS\ie8
2009-09-28 22:54:39 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-21 22:16:10 ----D---- C:\Documents and Settings\Administrator.EXPERIEN-4D4040\Application Data\Skype
2009-09-21 22:14:42 ----D---- C:\Program Files\Common Files\Skype
2009-09-17 23:12:42 ----D---- C:\WINDOWS\Minidump
2009-09-17 21:56:56 ----D---- C:\Documents and Settings\Administrator.EXPERIEN-4D4040\Application Data\Malwarebytes
2009-09-17 21:55:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-17 21:40:39 ----D---- C:\Program Files\Moppel
2009-09-17 21:40:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-09-16 20:26:12 ----D---- C:\Program Files\CCleaner
2009-09-10 23:27:49 ----D---- C:\Program Files\Trend Micro

======List of files/folders modified in the last 1 months======

2009-10-05 21:30:44 ----D---- C:\WINDOWS\Prefetch
2009-10-05 21:21:04 ----D---- C:\Program Files\Mozilla Firefox
2009-10-05 21:20:21 ----D---- C:\WINDOWS\Temp
2009-10-05 21:20:06 ----A---- C:\Log.txt
2009-10-04 22:43:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-04 22:43:06 ----AC---- C:\WINDOWS\bdagent.INI
2009-09-30 18:48:19 ----D---- C:\WINDOWS\system32
2009-09-28 23:28:30 ----SHD---- C:\WINDOWS\Installer
2009-09-28 23:25:57 ----AC---- C:\WINDOWS\system32\deploytk.dll
2009-09-28 23:25:52 ----RD---- C:\Program Files
2009-09-28 23:04:55 ----HD---- C:\WINDOWS\inf
2009-09-28 23:04:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-28 23:04:41 ----D---- C:\WINDOWS
2009-09-28 23:03:42 ----D---- C:\Program Files\Internet Explorer
2009-09-28 23:01:58 ----D---- C:\WINDOWS\system32\dllcache
2009-09-28 23:00:30 ----D---- C:\WINDOWS\system32\config
2009-09-28 23:00:25 ----D---- C:\WINDOWS\system32\en-US
2009-09-28 23:00:11 ----D---- C:\WINDOWS\Media
2009-09-28 23:00:07 ----D---- C:\WINDOWS\Help
2009-09-28 22:55:41 ----D---- C:\WINDOWS\system32\drivers
2009-09-28 22:54:42 ----D---- C:\WINDOWS\Debug
2009-09-28 22:18:21 ----RSD---- C:\WINDOWS\assembly
2009-09-28 22:18:20 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lenovo
2009-09-28 22:18:19 ----D---- C:\Program Files\Lenovo
2009-09-28 22:18:19 ----D---- C:\Program Files\Common Files\Lenovo
2009-09-28 22:13:09 ----D---- C:\WINDOWS\WinSxS
2009-09-28 22:12:24 ----D---- C:\Program Files\Common Files
2009-09-28 22:12:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-09-28 22:10:46 ----D---- C:\Documents and Settings\Administrator.EXPERIEN-4D4040\Application Data\DC++
2009-09-28 22:04:02 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-09-28 22:03:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-24 22:49:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2009-09-21 22:17:20 ----D---- C:\Documents and Settings\Administrator.EXPERIEN-4D4040\Application Data\skypePM
2009-09-21 22:14:43 ----RD---- C:\Program Files\Skype
2009-09-21 22:14:35 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype
2009-09-17 23:12:44 ----SHD---- C:\WINDOWS\CSC
2009-09-14 23:09:42 ----D---- C:\Documents and Settings\Administrator.EXPERIEN-4D4040\Application Data\Winamp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-07-02 11520]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-05-06 36352]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-09-25 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-03-09 7168]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-21 2156032]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-11-08 86792]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-11-21 879624]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-10-18 242304]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-08-08 23720]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-06-01 30144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-10 260224]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-05 177664]
R3 TPInput;TPInput; C:\WINDOWS\System32\DRIVERS\TPInput.sys [2006-09-26 6528]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EU3_USB;WLAN miniUSB Adapter Driver; C:\WINDOWS\system32\DRIVERS\EU3USB.sys [2004-02-13 690176]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Jukebox3;Jukebox3; C:\WINDOWS\system32\DRIVERS\ctpdusb.sys [2006-01-19 17280]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 STV680;USB Dual-mode Camera; C:\WINDOWS\system32\drivers\STV680.sys [2002-02-11 119536]
S3 STV680m;USB Dual-mode Cameram; C:\WINDOWS\system32\drivers\STV680m.sys [2002-02-11 9024]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2007-09-15 501800]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 WWSPLIT;Willing Webcam WDM Driver; C:\WINDOWS\system32\DRIVERS\wwsplit.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

babyhermann · 05.10.2009, 20:40

(forts.2)

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-07-05 90112]
R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-03-21 364629]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-07-05 212992]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-21 483328]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-11-26 264800]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-08-08 41248]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-05-06 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-28 153376]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-12-02 1179648]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-25 94208]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-11-08 1261568]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-06 14336]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [2008-11-08 86016]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-05-06 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-18 658432]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Und wie?

Gruss,
Christian

Internet Explorer startet im Hintergrund und spielt Reklame

Plagegeister aller Art und deren Bekämpfung: Internet Explorer startet im Hintergrund und spielt Reklame