ungewolltes öffnen von Webseiten

Larusso · 06.11.2009, 12:48

Wähle bitte eine neue Analyse der Datei.

andi_1984 · 06.11.2009, 13:01

ok, anbei das ergebniss

Code:

ATTFilter

Antivirus  	Version  	letzte aktualisierung  	Ergebnis
a-squared	4.5.0.41	2009.11.06	-
AhnLab-V3	5.0.0.2	2009.11.06	-
AntiVir	7.9.1.59	2009.11.06	-
Antiy-AVL	2.0.3.7	2009.11.05	-
Authentium	5.2.0.5	2009.11.06	-
Avast	4.8.1351.0	2009.11.06	-
AVG	8.5.0.423	2009.11.06	-
BitDefender	7.2	2009.11.06	-
CAT-QuickHeal	10.00	2009.11.06	-
ClamAV	0.94.1	2009.11.06	-
Comodo	2857	2009.11.06	-
DrWeb	5.0.0.12182	2009.11.06	-
eTrust-Vet	35.1.7106	2009.11.05	-
F-Prot	4.5.1.85	2009.11.05	-
F-Secure	9.0.15370.0	2009.11.04	-
Fortinet	3.120.0.0	2009.11.06	-
GData	19	2009.11.06	-
Ikarus	T3.1.1.74.0	2009.11.06	-
Jiangmin	11.0.800	2009.11.06	-
K7AntiVirus	7.10.889	2009.11.05	-
Kaspersky	7.0.0.125	2009.11.06	-
McAfee	5793	2009.11.05	-
McAfee+Artemis	5793	2009.11.05	-
McAfee-GW-Edition	6.8.5	2009.11.06	-
Microsoft	1.5202	2009.11.05	-
NOD32	4578	2009.11.06	-
Norman	6.03.02	2009.11.05	-
nProtect	2009.1.8.0	2009.11.06	-
Panda	10.0.2.2	2009.11.05	-
PCTools	7.0.3.5	2009.11.06	-
Prevx	3.0	2009.11.06	-
Rising	21.54.42.00	2009.11.06	-
Sophos	4.47.0	2009.11.06	-
Sunbelt	3.2.1858.2	2009.11.06	-
Symantec	1.4.4.12	2009.11.06	-
TheHacker	6.5.0.2.062	2009.11.05	-
TrendMicro	9.0.0.1003	2009.11.06	-
VBA32	3.12.10.11	2009.11.06	-
ViRobot	2009.11.6.2025	2009.11.06	-
VirusBuster	4.6.5.0	2009.11.05	-
weitere Informationen
File size: 277784 bytes
MD5...: fd7f9d74c2b35dbda400804a3f5ed5d8
SHA1..: 39feded925d83da3ca6e1bc29415d141864e53ff
SHA256: 93baee15428e9b3ff2d5f7ee156697ea8c24e176c3a8e56d1b1aff4e541867e4
ssdeep: 6144:EjqSZFFV9Fn4qH2Pt5RU+vrchMfuLOl7ImkCM5/:HSZFFVPn4s8cG2Liza/
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x45d0d237 (Mon Feb 12 20:46:47 2007)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3cd24 0x3ce00 6.57 3a55855d6606112a2c2558ca3e28aa20
.rdata 0x3e000 0xb44 0xc00 5.49 659fde1e501b63cec92583ac99a67821
.data 0x3f000 0x7abe0 0x1000 4.73 4dff60affb31e6f5f915247c7f649411
INIT 0xba000 0xcf2 0xe00 5.35 ec1e9d71896e11de9c25758946a54d6f
.rsrc 0xbb000 0x458 0x600 2.58 7d876a919fb99e458d1dc30ba55e01e3
.reloc 0xbc000 0x1f86 0x2000 5.56 3d6be6825e09cbd97904f2a9207edaa6

( 2 imports )
> ntoskrnl.exe: ZwClose, ZwQueryValueKey, DbgPrint, ZwOpenKey, RtlCreateRegistryKey, RtlCopyUnicodeString, memmove, KeInsertQueueDpc, MmGetPhysicalAddress, KeInitializeSpinLock, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, IoInvalidateDeviceRelations, IoFreeWorkItem, IoRequestDeviceEject, IoQueueWorkItem, IoAllocateWorkItem, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, IofCompleteRequest, IofCallDriver, IoGetDmaAdapter, RtlWriteRegistryValue, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ZwCreateKey, swprintf, KeWaitForSingleObject, KeInitializeEvent, IoDisconnectInterrupt, IoGetConfigurationInformation, IoDeleteDevice, ExDeleteNPagedLookasideList, KeCancelTimer, IoFreeIrp, KeLeaveCriticalRegion, KeEnterCriticalRegion, IoDetachDevice, IoDeleteSymbolicLink, IoConnectInterrupt, IoReleaseRemoveLockAndWaitEx, strstr, strncat, sprintf, IoBuildDeviceIoControlRequest, PoSetPowerState, PoRegisterDeviceForIdleDetection, RtlCompareMemory, KeClearEvent, IoInitializeRemoveLockEx, ObfReferenceObject, KeSetTimer, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoAcquireRemoveLockEx, IoReleaseRemoveLockEx, KeSetEvent, RtlInitUnicodeString, KeInitializeDpc, KeInitializeTimer, ObfDereferenceObject, IoGetAttachedDeviceReference, IoAllocateIrp, IoInvalidateDeviceState, strncpy, strncmp, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, PoRequestPowerIrp, MmMapLockedPagesSpecifyCache, KeBugCheck, KeRemoveQueueDpc, KeQuerySystemTime, KeQueryTimeIncrement, KeTickCount, PsTerminateSystemThread, KeWaitForMultipleObjects, KeSetPriorityThread, ObReferenceObjectByHandle, PsCreateSystemThread, ExInitializeNPagedLookasideList, MmMapIoSpace, ExRegisterCallback, ExCreateCallback, IoReportResourceForDetection, ExUnregisterCallback, MmUnmapIoSpace, RtlCheckRegistryKey, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoCreateDevice, RtlUnicodeStringToInteger, wcsncpy, wcsstr, _wcsupr, IoGetDeviceProperty, ZwCreateDirectoryObject, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, _alldiv, PoStartNextPowerIrp, PoCallDriver, _purecall, ExSystemTimeToLocalTime, KeDelayExecutionThread, KeSetTimerEx, KeInitializeTimerEx, IoUnregisterPlugPlayNotification, _aullshr, IoGetDeviceObjectPointer, IoRegisterPlugPlayNotification, wcslen, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlQueryRegistryValues, _allmul, ExFreePoolWithTag, KeBugCheckEx
> HAL.dll: ExAcquireFastMutex, ExReleaseFastMutex, KfReleaseSpinLock, KfAcquireSpinLock, KeGetCurrentIrql, KeStallExecutionProcessor

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Intel Corporation
copyright....: Copyright(C) Intel Corporation 1994-2007
product......: Intel Matrix Storage Manager driver
description..: Intel Matrix Storage Manager driver - ia32
original name: iaStor.sys
internal name: iaStor.sys
file version.: 7.0.0.1020
comments.....: -ia32
signers......: Intel Corporation
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 10:36 PM 2/12/2007
verified.....: -
trid..: Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

andi_1984 · 06.11.2009, 13:29

anbei der RootRepeal Report

andi_1984 · 06.11.2009, 14:25

anbei der aktuelle Report

Code:

ATTFilter

Avira AntiRootkit Tool (1.1.0.1)

========================================================================================================
 - Scan started Freitag, 6. November 2009 - 14:04:06
========================================================================================================

--------------------------------------------------------------------------------------------------------
   Configuration:
--------------------------------------------------------------------------------------------------------
 - [X] Scan files
 - [X] Scan registry
 - [X] Scan processes
 - [ ] Fast scan
 - Working disk total size : 142.44 GB
 - Working disk free size : 15.42 GB (10 %)
--------------------------------------------------------------------------------------------------------

Results:
Hidden value : HKEY_LOCAL_MACHINE\Software\DeterministicNetworks\DNE\Parameters -> symboliclinkvalue

--------------------------------------------------------------------------------------------------------
Files: 0/113856
Registry items: 1/390010
Processes: 0/91
Scan time: 00:03:28
--------------------------------------------------------------------------------------------------------
Active processes:
  - kkgkqcyx.exe     (PID 4248) (Avira AntiRootkit Tool)
  - System           (PID 4)
  - smss.exe         (PID 1176)
  - csrss.exe        (PID 1232)
  - winlogon.exe     (PID 1264)
  - services.exe     (PID 1308)
  - lsass.exe        (PID 1320)
  - ibmpmsvc.exe     (PID 1516)
  - svchost.exe      (PID 1544)
  - svchost.exe      (PID 1628)
  - svchost.exe      (PID 1668)
  - btwdins.exe      (PID 1692)
  - svchost.exe      (PID 1724)
  - S24EvMon.exe     (PID 1784)
  - svchost.exe      (PID 1884)
  - svchost.exe      (PID 1916)
  - spoolsv.exe      (PID 400)
  - scardsvr.exe     (PID 452)
  - sched.exe        (PID 484)
  - svchost.exe      (PID 560)
  - AcPrfMgrSvc.exe  (PID 668)
  - avguard.exe      (PID 732)
  - CodeMeter.exe    (PID 760)
  - cvpnd.exe        (PID 820)
  - EvtEng.exe       (PID 856)
  - FreeAgentService.exe (PID 900)
  - svchost.exe      (PID 1068)
  - svchost.exe      (PID 1152)
  - ICQ Service.exe  (PID 1192)
  - iviRegMgr.exe    (PID 1284)
  - jqs.exe          (PID 1488)
  - svchost.exe      (PID 1552)
  - nvsvc32.exe      (PID 1796)
  - svchost.exe      (PID 1820)
  - RegSrvc.exe      (PID 2076)
  - RIB.License.Server.exe (PID 2096)
  - svchost.exe      (PID 2180)
  - tvt_reg_monitor_svc.exe (PID 2244)
  - TPHDEXLG.exe     (PID 2268)
  - tvttcsd.exe      (PID 2344)
  - rrpservice.exe   (PID 2360)
  - rrservice.exe    (PID 2416)
  - IUService.exe    (PID 2436)
  - searchindexer.exe (PID 2476)
  - AcSvc.exe        (PID 2560)
  - PWMDBSVC.exe     (PID 2624)
  - wmpnetwk.exe     (PID 2864)
  - svchost.exe      (PID 4072)
  - wmiapsrv.exe     (PID 240)
  - alg.exe          (PID 676)
  - wmiprvse.exe     (PID 692)
  - SvcGuiHlpr.exe   (PID 3240)
  - wscntfy.exe      (PID 3152)
  - explorer.exe     (PID 3916)
  - scheduler_proxy.exe (PID 696)
  - TpShocks.exe     (PID 932)
  - TPOSDSVC.exe     (PID 3536)
  - tpfnf7sp.exe     (PID 3136)
  - SynTPLpr.exe     (PID 3768)
  - SynTPEnh.exe     (PID 816)
  - smax4pnp.exe     (PID 2684)
  - rundll32.exe     (PID 320)
  - rundll32.exe     (PID 460)
  - LPMGR.EXE        (PID 280)
  - EZEJMNAP.EXE     (PID 2680)
  - cssauth.exe      (PID 2800)
  - ACWLIcon.exe     (PID 2808)
  - hpwuSchd2.exe    (PID 2968)
  - jusched.exe      (PID 2336)
  - stxmenumgr.exe   (PID 3908)
  - rundll32.exe     (PID 3020)
  - SearchSettings.exe (PID 2976)
  - avgnt.exe        (PID 3036)
  - ctfmon.exe       (PID 3112)
  - NMBgMonitor.exe  (PID 3564)
  - Skype.exe        (PID 4132)
  - btdna.exe        (PID 4148)
  - ICQ.exe          (PID 4188)
  - msmsgs.exe       (PID 4332)
  - NMIndexStoreSvr.exe (PID 4336)
  - wmpnscfg.exe     (PID 4436)
  - BTTray.exe       (PID 4876)
  - CodeMeterCC.exe  (PID 4908)
  - hpqtra08.exe     (PID 5168)
  - WindowsSearch.exe (PID 5264)
  - Dot1XCfg.exe     (PID 1460)
  - hpqste08.exe     (PID 1776)
  - hpqbam08.exe     (PID 3896)
  - AcFnF5.exe       (PID 648)
  - hpqgpc01.exe     (PID 4020)
  - avirarkd.exe     (PID 4196)
========================================================================================================
 - Scan finished  Freitag, 6. November 2009 - 14:07:35
========================================================================================================

andi_1984 · 06.11.2009, 14:44

nun noch der Bericht von SysProt.

Wie sehen die nächsten Schritte aus ?

Gruß Andi

Larusso · 06.11.2009, 15:10

schritt 1

ESET Online Scanner
- Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
- Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
- Dein Anti-Virus-Programm während des Scans deaktivieren.
- Button "ESET Online Scanner" drücken.
- Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
- Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User müssen das Installieren eines ActiveX Elements erlauben.
- Einen Haken bei "Remove found threads" und "Scan archives" machen.
- Start drücken.
- Signaturen werden heruntergeladen.
- Der Scan beginnt automatisch.
- Finish drücken.
- Browser schließen.
- Explorer öffnen.
- C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
- Logfile hier posten.
- Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
- Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
- IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
- O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

schritt 2

Schliesse bitte alle laufenden Programme inkl Browser.
Lösche bitte die Extra.txt von Deinem Desktop.
Doppelklick auf die OTL.exe und poste beide Logfiles.

Berichte wie der Rechner läuft

andi_1984 · 06.11.2009, 17:59

anbei die Datei.

Was bedeutet IE- User, was muss ich da genau ausführen ?

andi_1984 · 06.11.2009, 18:07

anbei die Extras.txt

andi_1984 · 06.11.2009, 18:14

[CODE]
OTL logfile created on: 06.11.2009 18:02:50 - Run 4
OTL by OldTimer - Version 3.1.3.3 Folder = C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,97 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,83% Memory free
3,81 Gb Paging File | 3,08 Gb Available in Paging File | 80,86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 142,44 Gb Total Space | 15,53 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465,76 Gb Total Space | 271,38 Gb Free Space | 58,27% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-5745C956
Current User Name: Andreas Schäfer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\RIB\License\RIB.License.Server.exe (RIB Software AG)
PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
PRC - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Programme\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard Co.)
PRC - C:\Programme\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\Programme\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (IBM)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\Cisco Systems\HBC-VPN-Client\vpngui.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Cisco Systems\HBC-VPN-Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwrsde.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)

========== Win32 Services (SafeList) ==========

SRV - (Sukoku Service) -- File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (RIB.License.Server) -- C:\Programme\RIB\License\RIB.License.Server.exe (RIB Software AG)
SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()
SRV - (FreeAgentGoNext Service) -- C:\Programme\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (Autodesk Licensing Service) -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (CodeMeter.exe) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08) -- C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (hpqddsvc) -- C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (HPSLPSVC) -- C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (TSSCoreService) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (IBM)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (CVPND) -- C:\Programme\Cisco Systems\HBC-VPN-Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Cisco Systems, Inc.)
DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (LenovoRd) -- C:\WINDOWS\system32\drivers\LenovoRd.sys (Lenovo)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (e1express) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (NETw4x32) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (AEAudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (smihlp) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs LLC)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (fxusbase) -- C:\WINDOWS\system32\drivers\fxusbase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ac97intc) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM Berlin)
DRV - (SSIPDDP) -- C:\WINDOWS\system32\drivers\SSIPDDP.SYS ()

andi_1984 · 06.11.2009, 18:15

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.2
FF - prefs.js..extensions.enabledItems: {7AB6D133-2A14-4C11-B3AD-35B1548D38F9}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2009.04.28 12:46:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.07 10:59:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2009.11.04 10:17:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.04 10:16:38 | 00,000,000 | ---D | M]

[2009.10.07 12:47:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Mozilla\Extensions
[2009.10.07 12:47:48 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.06 16:11:21 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Mozilla\Firefox\Profiles\1jov09i7.default\extensions
[2009.10.07 12:53:05 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Mozilla\Firefox\Profiles\1jov09i7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.06 16:11:21 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.28 11:57:19 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{7AB6D133-2A14-4C11-B3AD-35B1548D38F9}
[2008.12.24 13:32:21 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.10.30 16:42:53 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.04.28 12:47:02 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.10.15 15:30:16 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2009.10.30 16:42:43 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browserdirprovider.dll
[2009.10.30 16:42:44 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\brwsrcmp.dll
[2009.04.28 12:46:49 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeploytk.dll
[2008.11.21 22:45:04 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdivx32.dll
[2008.11.21 22:45:26 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009.10.30 16:42:48 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Programme\Mozilla Firefox\plugins\npnul32.dll
[2006.10.26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
[2009.02.27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Mozilla Firefox\plugins\nppdf32.dll
[2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 00,002,371 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\google.xml
[2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.10.21 23:00:49 | 00,002,381 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\sukoku123.xml
[2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
[2009.10.15 15:30:17 | 00,000,878 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (716 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Programme\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Programme\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RelevantKnowledge] C:\programme\relevantknowledge\rlvknlg.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoCAD-Startbeschleuniger.lnk = C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CodeMeter Control Center.lnk = C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hochschule Biberach VPN Client.lnk = C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk = C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Programme/Chessmaster%20Challenge/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Programme/Chessmaster%20Challenge/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Programme\Lenovo\HOTKEY\notifyf2.dll - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 03:18:40 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.05.25 11:50:12 | 00,000,062 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{49f478ef-e496-11dd-9f71-00215c56e355}\Shell - "" = AutoRun
O33 - MountPoints2\{49f478ef-e496-11dd-9f71-00215c56e355}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49f478ef-e496-11dd-9f71-00215c56e355}\Shell\AutoRun\command - "" = E:\OnSpcLCK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

andi_1984 · 06.11.2009, 18:16

========== Files/Folders - Created Within 30 Days ==========

[2009.11.06 18:01:29 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Recent
[2009.11.06 14:36:36 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\SysProt
[2009.11.06 13:51:40 | 00,188,673 | ---- | C] (Avira GmbH) -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\avirarkd.exe
[2009.11.06 13:49:32 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009.11.06 13:49:32 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009.11.06 13:49:32 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009.11.06 13:49:32 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009.11.06 13:49:30 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2009.11.06 13:04:37 | 00,472,064 | ---- | C] ( ) -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\RootRepeal.exe
[2009.11.04 10:23:01 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Malwarebytes
[2009.11.04 10:22:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009.11.04 10:22:56 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009.11.04 10:22:56 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2009.11.04 10:22:56 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2009.11.03 15:57:02 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009.11.03 12:27:40 | 00,527,872 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\OTL.exe
[2009.11.02 23:06:39 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009.10.23 11:28:31 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\vlc
[2009.10.15 22:24:34 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\Search Settings
[2009.10.15 15:30:16 | 00,000,000 | ---D | C] -- C:\Programme\Search Settings
[2009.10.15 15:26:54 | 00,315,392 | ---- | C] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2009.10.15 15:26:53 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009.10.15 15:26:53 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009.10.15 15:26:53 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009.10.15 15:26:53 | 00,084,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PICCLP32.OCX
[2009.10.15 15:26:53 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PCCLPFR.DLL
[2009.10.15 15:26:52 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009.10.15 15:26:52 | 00,000,000 | ---D | C] -- C:\Programme\Free FLV Converter
[2009.10.15 15:26:52 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\FreeFLVConverter
[2009.10.15 10:45:30 | 00,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2009.10.15 09:15:53 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009.10.15 09:15:53 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009.10.09 09:44:59 | 00,018,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009.10.09 09:44:54 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2008.11.16 14:27:19 | 00,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008.11.16 14:27:19 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009.11.06 14:48:02 | 00,002,435 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Hochschule Biberach VPN Client.lnk
[2009.11.06 14:46:19 | 07,340,032 | -H-- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\NTUSER.DAT
[2009.11.06 14:36:06 | 00,354,396 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\SysProt.zip
[2009.11.06 14:19:11 | 00,002,449 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hochschule Biberach VPN Client.lnk
[2009.11.06 14:19:06 | 00,000,320 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009.11.06 14:18:46 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.06 14:17:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.06 14:17:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.06 14:16:57 | 21,121,39264 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.06 14:15:23 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\ntuser.ini
[2009.11.06 13:49:41 | 00,001,690 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009.11.06 13:31:07 | 00,065,893 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\antivir_rootkit.zip
[2009.11.06 13:03:51 | 00,465,298 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\RootRepeal.rar
[2009.11.05 13:40:07 | 00,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Microsoft Office Word 2007.lnk
[2009.11.04 13:45:41 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.04 13:41:38 | 00,088,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.04 10:22:59 | 00,000,695 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.03 16:09:43 | 00,454,279 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\GMER 1.doc
[2009.11.03 13:22:16 | 00,291,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\df8efhso.exe
[2009.11.03 12:27:41 | 00,527,872 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\OTL.exe
[2009.11.02 23:14:49 | 00,000,904 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\.recently-used.xbel
[2009.11.02 16:15:06 | 00,000,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.10.26 12:39:59 | 01,114,258 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.10.26 12:39:59 | 00,487,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009.10.26 12:39:59 | 00,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.10.26 12:39:59 | 00,095,538 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009.10.26 12:39:59 | 00,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.10.23 11:33:10 | 00,000,783 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Free FLV Converter.lnk
[2009.10.23 11:22:12 | 00,315,392 | ---- | M] (Koyote Soft - http://www.koyotesoft.com) -- C:\WINDOWS\System32\TubeFinder.exe
[2009.10.23 11:13:32 | 00,000,710 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2009.10.21 05:06:57 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009.10.21 05:06:57 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009.10.09 10:03:34 | 00,000,781 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Windows Media Player.lnk
[2009.10.09 09:58:19 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009.10.09 09:58:19 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009.10.09 09:44:54 | 00,000,837 | ---- | M] () -- C:\WINDOWS\win.ini
[12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.11.06 14:36:06 | 00,354,396 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\SysProt.zip
[2009.11.06 13:49:41 | 00,001,690 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009.11.06 13:31:07 | 00,065,893 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\antivir_rootkit.zip
[2009.11.06 13:03:51 | 00,465,298 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\RootRepeal.rar
[2009.11.04 10:22:59 | 00,000,695 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.03 15:12:51 | 00,454,279 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\GMER 1.doc
[2009.11.03 13:22:15 | 00,291,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\df8efhso.exe
[2009.11.02 23:14:49 | 00,000,904 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\.recently-used.xbel
[2009.10.23 11:13:32 | 00,000,710 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2009.10.15 15:26:55 | 00,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Desktop\Free FLV Converter.lnk
[2009.10.15 15:26:53 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\PropertyGrid.ocx
[2009.10.15 15:26:53 | 00,208,500 | ---- | C] () -- C:\WINDOWS\System32\ReyXpBasics.tlb
[2009.10.15 15:26:52 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\ControlSubX.ocx
[2009.06.05 18:35:55 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2009.04.17 10:28:14 | 00,000,067 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2009.04.06 21:12:42 | 00,001,292 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2009.03.06 15:31:48 | 00,010,122 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2008.12.31 18:42:12 | 00,000,035 | ---- | C] () -- C:\WINDOWS\render.ini
[2008.11.26 16:16:43 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.11.26 16:16:40 | 00,088,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.21 22:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.21 22:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.11.21 22:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.11.21 22:44:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.11.18 22:09:04 | 00,055,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSIPDDP.SYS
[2008.11.18 21:47:58 | 00,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini
[2008.11.18 21:47:52 | 00,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2008.11.18 21:47:52 | 00,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2008.11.18 21:47:52 | 00,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2008.11.16 16:04:13 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008.11.16 14:57:45 | 00,109,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2008.11.16 14:52:02 | 03,667,688 | -H-- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2008.11.16 14:52:02 | 00,000,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.11.16 14:52:02 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\Andreas Schäfer\Anwendungsdaten\desktop.ini
[2008.11.16 14:47:11 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.11.16 14:41:58 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008.11.16 14:39:04 | 00,000,124 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.11.16 14:37:39 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.11.16 14:37:39 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.11.16 14:37:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.11.16 14:37:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.11.16 14:37:39 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.11.16 14:37:39 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.11.16 14:32:14 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.11.16 14:32:14 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.11.16 14:32:13 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.11.16 14:32:13 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.11.16 14:28:56 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008.11.16 14:27:19 | 09,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008.11.16 14:27:19 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2008.11.16 14:26:20 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008.05.26 22:23:36 | 00,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 00,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 00,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.07.16 11:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.07.16 11:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.02.27 17:48:38 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.27 17:29:32 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006.06.29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.06.29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.04.18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.04.18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.01.27 18:18:01 | 00,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.27 18:05:14 | 00,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006.01.27 02:01:34 | 00,000,837 | ---- | C] () -- C:\WINDOWS\win.ini
[2006.01.27 02:01:31 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006.01.26 18:09:23 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
[2005.02.17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP

158BAF9
@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:93E9C78D
< End of report >

[/CODE]

Larusso · 06.11.2009, 19:33

Zitat:

Zitat von andi_1984

anbei die Datei.

Was bedeutet IE- User, was muss ich da genau ausführen ?

Ignorier das mal.
Wo ist die ESET Logfile

Schon vergessen das die Reihenfolge Gründe hat ?

andi_1984 · 07.11.2009, 18:08

Hi,

es müsste die fünft letzte Antwort sein, die Datei heiß Log.txt, ich hab sie angehängt

gruß Andi

andi_1984 · 10.11.2009, 11:14

Hi

hast du die Datei gefunden ? Muss ich noch weitere Schritte vornehmen oder was meinst du? Der Rechner läuft ganz OK, die Webseiten seind weg.

Ich glaub mein Rechner ist ein wenig überfüllt mit Programmen, weil er ist erst ein Jahr und es ist ein Lenovo Thin Pad aber er braucht relativ lang zum hochfahren.

Oder woran liegt das ? Meinst dzu auch das ich ihn zu vollgeladen habe ?

Danke nochmals

Gruß Andi

Larusso · 10.11.2009, 11:52

Einmal anhängen, einmal posten nervt irrsinnig

Starte OTL.exe
Klicke rechts oben auf den CleanUp Button.
Poste eine neue HJT Logfile

06.11.2009, 12:48	#61
Larusso /// Selecta Jahrusso	ungewolltes öffnen von Webseiten Wähle bitte eine neue Analyse der Datei. __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

10.11.2009, 11:52	#75
Larusso /// Selecta Jahrusso	ungewolltes öffnen von Webseiten Einmal anhängen, einmal posten nervt irrsinnig Starte OTL.exe Klicke rechts oben auf den CleanUp Button. Poste eine neue HJT Logfile __________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie

ungewolltes öffnen von Webseiten

Log-Analyse und Auswertung: ungewolltes öffnen von Webseiten