| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: iexplorer.exe im Hintergrund mit Werbung/SoundWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.06.2010, 22:25
| #16 |
| /// Selecta Jahrusso   |  iexplorer.exe im Hintergrund mit Werbung/Sound Bitte
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.06.2010, 09:11
| #17 |
 | iexplorer.exe im Hintergrund mit Werbung/Sound Nach 15 Stunden ist der Suchlauf endlich durch...
__________________Das Logfile mit "Save" zu speichern hat nicht geklappt. Lediglich in ein schon vorhandenes txt.dokument konnte ich es einfügen und dann speichern. Ein Komplett neues speichern ging garnicht. Der Taskmanager, der ca 30 sekunden zum Öffnen gebraucht hat, hat dann den prozess lsass mit ca.60% Auslastung angezeigt, ich schätze mal, dass das alles blockiert hat. Beenden ging auch nicht. Hier jetzt auf jeden Fall das Logfile: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-06-29 07:35:06
Windows 5.1.2600 Service Pack 3
Running: 5j0cirx9.exe; Driver: C:\DOKUME~1\Phil\LOKALE~1\Temp\awddapob.sys
---- System - GMER 1.0.15 ----
SSDT F7C90E9E ZwCreateKey
SSDT F7C90E94 ZwCreateThread
SSDT F7C90EA3 ZwDeleteKey
SSDT F7C90EAD ZwDeleteValueKey
SSDT F7C90EB2 ZwLoadKey
SSDT F7C90E80 ZwOpenProcess
SSDT F7C90E85 ZwOpenThread
SSDT F7C90EBC ZwReplaceKey
SSDT F7C90EB7 ZwRestoreKey
SSDT F7C90EA8 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xEB3C96D0]
---- Devices - GMER 1.0.15 ----
Device \Driver\Beep \Device\Beep 84E2C330
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mausklassentreiber/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp 84E2B070
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Threads - GMER 1.0.15 ----
Thread System [4:1404] 84E2EB70
Thread System [4:1408] 84E2B0E0
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3F 0x04 0x5D 0xDA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCD 0xE3 0x9E 0x84 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x54 0x31 0x43 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3F 0x04 0x5D 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCD 0xE3 0x9E 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x54 0x31 0x43 0x1E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3F 0x04 0x5D 0xDA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCD 0xE3 0x9E 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4F 0x5E 0x56 0x89 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3F 0x04 0x5D 0xDA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCD 0xE3 0x9E 0x84 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x54 0x31 0x43 0x1E ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 7563E592E1D8D6C0EE167E18C2C5B1D4B0200547DA4447361BCE5D0F0D970581357D13FA3821481096ED4C4E60E45C03D6F053F2E95509930F5EAFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB34529DB7CE019D40AA5CA6171C11EC38DE3DDF7D29F5458DC60BD344A380905C604DDEB036AD0032E07F77618989DDD7F28E16BEEDF881BCD8F11E3BADC32501E2C22099A9B5877B3A625F4CCFCAE3E6F832B65958F2328E8FD63BDBD4D8C09502944307944814C2ED2F28C7D1141F69E2636D6B321EC4568BF0A3DB1C5D2DD92529ADE5CD836DD0C81D441A5A23F54F06CED9B35D795C4DC47B459316B06C6D086E39C74047904FEB6B9AAEC87B02EA05A112964EC8CE8E85357F006EF63157B954B56469BA2ECA4ADA8514926210745A0F1B9B8C92289A6DE328C2E09861801FCF6394DB462A38AE3256FCBAE0A28755CEF2EEB4222556ED4E089F40411BB56FD8F9D6BC969D6D35B9CD41E0476EA3179989DFF5863A0B4E3F5D807061AB28B6EC22CBC81C5524CE41A4DA32A6DDAA142FC2E216930C63A987D7F2EAAC98EDD40CF9BACB0ECFFA4017836871550D6617D1F48FEC5FF5716EFA1CA5BC9C18017CBB138DA963457421140C2EF6ECCE7F3EC8EF22E64787A7DFEE456F886B95BDB784F450D6DB9
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
---- Files - GMER 1.0.15 ----
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\rr.log 1957 bytes
File C:\RRbackups\common\SAM 262144 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 53248 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtns.bin 23 bytes
File C:\RRbackups\common\usersids.dat 16640 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution\encobject.dat 16080 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution\hwkeys.dat 8496 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution\pwdrecovery.dat 1104 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo\Client Security Solution\symkeys.dat 2296 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1951327571-940724817-1707571536-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1951327571-940724817-1707571536-500\533145ef011ddf5ca3983e2545a902b4_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 2099 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1951327571-940724817-1707571536-500\a18ca4003deb042bbee7a40f15e1970b_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 54 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-500\e52e9f1c-69fd-4077-be12-9717abee40f4 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3250801073-3103221873-2972564955-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3250801073-3103221873-2972564955-500\96029940-cf30-47f6-8eb6-15f7f82d69fb 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3250801073-3103221873-2972564955-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-635094522-1192567674-3024440663-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-635094522-1192567674-3024440663-500\01e31b6f-ec63-4d7c-961f-e94ec3215c36 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-635094522-1192567674-3024440663-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution\hwkeys.dat 4248 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys\a077ead69703e3bf1fd373a3c9376faa_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 925 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\533145ef011ddf5ca3983e2545a902b4_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 2099 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 917 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3250801073-3103221873-2972564955-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3250801073-3103221873-2972564955-500\96029940-cf30-47f6-8eb6-15f7f82d69fb 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3250801073-3103221873-2972564955-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-635094522-1192567674-3024440663-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-635094522-1192567674-3024440663-500\01e31b6f-ec63-4d7c-961f-e94ec3215c36 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-635094522-1192567674-3024440663-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Phil 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution\encobject.dat 19296 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution\hwkeys.dat 10620 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution\Phil.pwm 688 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution\pwdrecovery.dat 1104 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution\pwmaction.dat 56 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Lenovo\Client Security Solution\symkeys.dat 2296 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1951327571-940724817-1707571536-1005 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1951327571-940724817-1707571536-1005\533145ef011ddf5ca3983e2545a902b4_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 2099 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1951327571-940724817-1707571536-1005\5d051a7bfd9c6a4ea74f66c2148f803b_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 45 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1951327571-940724817-1707571536-1005\6b29ae44e85efac3c72ff4d1865d73f1_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 53 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1951327571-940724817-1707571536-1005\83aa4cc77f591dfc2374580bbd95f6ba_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 45 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-1951327571-940724817-1707571536-1005\8f71098770f72c7a67cd8f1151619865_93aee8ec-f3af-42b6-92c6-4f6508b6c7d7 54 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\8026f24c-a6d8-4be6-9d1e-00311a9d3648 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\01679403-50ed-410e-953f-8b6cff33d955 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\0225d706-853e-47a5-b776-0daeb9baece7 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\1a87754b-0cb6-498a-9073-e95ea31fedc1 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\376fd884-be36-4b21-be2f-218e0aa79ba7 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\5049fa47-e0f0-48a0-831d-4ece313c2990 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\63d9e2b5-e68b-41d0-8873-5944962053e8 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\6e0f03ff-cdc1-4bd2-9009-3b113b855de5 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\87bf3cf6-2c4d-40bc-ad62-c7c11e25ece1 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\91e50a8c-e9f9-4842-97c7-f3d8b4af864c 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\b8858000-743e-433b-b7fb-a2bcfde3f445 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\bc96bc7e-0841-4f85-bb0f-0c5f0d8de413 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\c9c6dd50-5098-499c-83fe-792334b2d4ea 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\ecae5782-a8ed-46b4-aae6-7b1fed662a49 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\f1524229-9a63-4650-843b-9f013c551753 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-1951327571-940724817-1707571536-1005\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3250801073-3103221873-2972564955-500 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3250801073-3103221873-2972564955-500\96029940-cf30-47f6-8eb6-15f7f82d69fb 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3250801073-3103221873-2972564955-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-635094522-1192567674-3024440663-500 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-635094522-1192567674-3024440663-500\01e31b6f-ec63-4d7c-961f-e94ec3215c36 388 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\Protect\S-1-5-21-635094522-1192567674-3024440663-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\SystemCertificates\Request 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\SystemCertificates\Request\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\SystemCertificates\Request\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Phil\Anwendungsdaten\Microsoft\SystemCertificates\Request\CTLs 0 bytes
---- EOF - GMER 1.0.15 ----
|
|
29.06.2010, 11:21
| #18 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Kannst Du dir bitte eine neue Version von ComboFix herunterladen und diese ausführen versuchen ?
__________________Sollte CF nicht gehen bitte folgendes Downloade OTS.exe und speichere es unbedingt auf Deinem Desktop. Doppelklick auf die OTS.exe Wenn Dein Anti-Viren-Programm bei OTS Meldung macht, erlaube es.
__________________ Geändert von Larusso (29.06.2010 um 12:07 Uhr) |
|
29.06.2010, 12:05
| #19 |
| | iexplorer.exe im Hintergrund mit Werbung/Sound Combofix läuft immer noch nicht durch und bei OTS gibt es auch Probleme: Er friert wieder ein bei scanning driver: nbpnoise Wenn man in OTS die Option für driver auf none setzt, läuft er zwar weiter, scannt dann also als nächstes die Registry dann hängt er aber wieder bei scanning file: C:\WINDOWS\System32\drivers\nbpnoise.sys Also wieder dieser eine Treiber... Jetzt eben gerade ist mir noch aufgefallen, dass die iexplorer Prozesse momentan nicht laufen (auch nach einem restart). Die waren sonst immer sofort da. Aber eigentlich wurde doch durch die bisherigen Maßnahmen nichts gelöscht, oder? |
|
29.06.2010, 12:09
| #20 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Sorry, musste bei OTS einiges umbauen. Rootkit mit AVZ Antiviral-Toolkit entfernen AVZ Antiviral Toolkit ist ein russisches Projekt, welches auch in englisch verfügbar ist. Das Programm prüft auf Viren, Adware, Spyware, Dialer, verdächtige Software (Risktools), Hacktools und Rootkits. AVZ ist ein sehr mächtiges Tool, bitte nichts "auf eigene Faust" machen. Lege Dir nun auf der Festplatte C: den Ordner AVZ an. Bitte lade AVZ4 ( by oleg ) herunter und speichere es unter C:\AVZ.
Starte den Rechner neu auf
Starte den Rechner erneut neu auf Hänge nun folgende Dateien hier an. virusinfo_syscheck.zip virusinfo_syscure.zip Hier findest Du eine bebilderte Anleitung für AVZ.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.06.2010, 12:27
| #22 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Ja mach mit AVZ weiter 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.06.2010, 14:46
| #23 |
| | iexplorer.exe im Hintergrund mit Werbung/Sound AVZ bleibt beim ersten Scan kurz vorm Ende hängen . Scan ist dann gerade bei C:\WINDOWS\System32\drivers\disdn In dem Ordner ist eigentlich garnichts drin |
|
29.06.2010, 15:04
| #24 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Okay, vorbei mit spielen Möglichkeit eine CD zu brennen?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.06.2010, 15:23
| #25 |
| | iexplorer.exe im Hintergrund mit Werbung/Sound Jep, ... kann los gehn |
|
29.06.2010, 16:26
| #26 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Sorry, mein Mail Client treibt mich gerade in den Wahnsinn  Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
Nun boote von mit der OTLPE CD. Hinweis: Wie boote ich von CD
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.06.2010, 18:53
| #27 |
| | iexplorer.exe im Hintergrund mit Werbung/Sound Wenigstens etwas, dass geklappt hat. Die geforderte extras.txt wurde allerdings nicht erstellt. Wo finde ich die bzw. wie bekomme ich die? REATOGO-X-PE läuft auf dem Rechner nochCode:
ATTFilter OTL logfile created on: 6/29/2010 8:29:40 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,022.00 Mb Total Physical Memory | 773.00 Mb Available Physical Memory | 76.00% Memory free
906.00 Mb Paging File | 827.00 Mb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 88.93 Gb Total Space | 31.01 Gb Free Space | 34.87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (rbuvyokfjfec)
SRV - [2010/04/01 07:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 04:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/19 11:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/01/19 10:52:32 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2010/01/19 10:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/08/24 13:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/10/24 09:17:52 | 000,145,248 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2008/01/15 11:51:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/05/31 21:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2006/11/16 20:07:00 | 000,015,872 | ---- | M] ( ) [Auto] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/11/16 11:14:14 | 000,023,552 | ---- | M] () [Auto] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/10/26 14:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/08/16 13:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/07/14 13:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Disabled] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006/07/14 13:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006/07/14 12:42:22 | 000,723,712 | ---- | M] (IBM) [Auto] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006/07/14 12:24:52 | 000,629,504 | ---- | M] () [Auto] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/14 10:52:48 | 000,045,056 | ---- | M] () [Auto] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/05/31 09:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/11/13 20:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/20 07:15:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2005/06/06 16:26:22 | 000,032,768 | ---- | M] () [Auto] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/04/27 09:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Unavailable] -- -- (UnlockerDriver5)
DRV - File not found [Kernel | On_Demand] -- -- (QuarticsWPMirror)
DRV - File not found [Kernel | On_Demand] -- -- (QuarticsWP)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand] -- -- (NETw3x32) Intel(R)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/06/29 12:52:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/29 09:16:09 | 000,007,168 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\utewnjc1.sys -- (utewnjc1)
DRV - [2010/06/08 17:20:14 | 000,011,712 | ---- | M] (IBM Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010/06/03 17:46:40 | 000,136,192 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ebpnoise.sys -- (ebpnoise)
DRV - [2010/03/01 04:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 08:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/01/13 02:24:42 | 006,598,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2009/08/09 18:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/08/07 18:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2009/07/26 16:31:22 | 000,215,872 | ---- | M] (TrueCrypt Foundation) [Kernel | System] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/05/11 06:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/10 20:25:28 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/31 21:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/04/30 01:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/01/25 20:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007/01/25 20:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2006/12/21 20:15:09 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/12/21 20:15:09 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2006/09/12 19:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/16 13:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/08/02 12:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/02 12:54:00 | 000,009,343 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/07/20 13:54:00 | 000,007,168 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/07/14 12:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006/07/14 12:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006/07/14 10:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto] -- C:\Programme\SMI2\smi2.sys -- (smi2)
DRV - [2006/05/31 09:26:38 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/05/31 09:22:26 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/05/31 09:18:36 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/05/31 09:18:28 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006/05/31 09:17:36 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/05/31 09:15:42 | 000,148,996 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/05/25 12:13:00 | 000,004,442 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/04/25 14:13:20 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/04/25 14:00:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp)
DRV - [2006/03/15 12:08:00 | 000,088,576 | ---- | M] (Lenovo) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\shockprf.sys -- (Shockprf)
DRV - [2006/03/13 11:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006/03/09 04:20:10 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/28 22:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/02 00:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 00:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 00:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 00:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 00:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 00:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 00:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/01/30 22:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/12/05 22:21:32 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
DRV - [2005/12/05 22:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005/12/05 22:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
DRV - [2005/11/18 07:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 07:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 00:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/10/11 12:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2005/07/05 01:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2005/06/20 07:18:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System] -- C:\WINDOWS\system32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2005/05/27 03:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/17 05:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004/10/08 05:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2004/08/03 17:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/10 18:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001/08/18 08:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 23:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001/08/17 18:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 18:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 18:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 18:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 18:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 17:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 17:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 17:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 17:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 17:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 17:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 17:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 17:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 17:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.cocktailforum.de/yabb/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Phil_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Phil_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.prodlog.tu-bs.de
IE - HKU\Phil_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010/06/27 06:12:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010/06/27 06:56:21 | 000,000,000 | ---D | M]
[2010/06/29 09:53:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007/01/20 21:23:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/04/14 11:01:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2010/06/03 18:07:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/03 18:07:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/11 19:41:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/03/11 19:41:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/03/11 19:41:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/03/11 19:41:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/03/11 19:41:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010/06/08 10:31:35 | 000,403,752 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13964 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Phil_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Phil_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKU\Phil_ON_C..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKU\Phil_ON_C..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\Phil_ON_C..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\Phil_ON_C..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2007/01/11 11:51:06 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Phil_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Phil_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Google-Suche - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Ins Deutsche übersetzen - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Ähnliche Seiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Im Cache gespeicherte Seite - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Verweisseiten - C:\Programme\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Programme\Lenovo\System Update\sulauncher.exe ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275980193953 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/26 22:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/06/29 13:02:57 | 126,850,486 | ---- | C] (Igor Pavlov) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTLPENet.exe
[2010/06/29 12:52:20 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies
[2010/06/29 12:49:49 | 004,940,440 | ---- | C] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Phil\Desktop\IsoBurner-Setup.exe
[2010/06/29 07:33:34 | 000,000,000 | ---D | C] -- C:\AVZ
[2010/06/29 06:40:22 | 000,000,000 | --SD | C] -- C:\ComFi
[2010/06/27 16:43:43 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2010/06/27 16:43:43 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grpconv.exe
[2010/06/27 14:03:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sun
[2010/06/27 11:33:36 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Dokumente und Einstellungen\Phil\Desktop\remover.exe
[2010/06/27 11:33:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Desktop\bootkit_remover
[2010/06/27 09:25:44 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Phil\Desktop\ccsetup233.exe
[2010/06/27 08:05:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/27 07:25:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/27 07:25:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/27 07:25:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/27 07:25:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/27 07:24:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/27 07:10:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/27 06:40:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache
[2010/06/27 06:22:45 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe
[2010/06/13 17:12:33 | 000,000,000 | ---D | C] -- C:\Programme\trend micro
[2010/06/13 17:12:32 | 000,000,000 | ---D | C] -- C:\rsit
[2010/06/12 17:18:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Desktop\backups
[2010/06/12 17:14:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Phil\Desktop\HiJackThis204.exe
[2010/06/11 08:36:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2010/06/11 08:35:56 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/11 08:33:15 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/06/11 05:29:02 | 000,000,000 | ---D | C] -- C:\77b14c21bda8bca2b5713b38c4310e60
[2010/06/08 17:49:07 | 006,598,656 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NETw5x32.sys
[2010/06/08 17:49:07 | 002,756,608 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NETw5r32.dll
[2010/06/08 17:49:07 | 000,675,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NETw5c32.dll
[2010/06/08 17:49:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Intel
[2010/06/08 17:49:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Intel
[2010/06/08 17:49:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Intel
[2010/06/08 17:48:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Intel
[2010/06/08 17:46:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Intel
[2010/06/08 06:54:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Phil\Recent
[2010/06/08 06:50:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010/06/08 06:22:22 | 000,000,000 | ---D | C] -- C:\b3fb7881123562c16bb16e3e
[2010/06/08 05:48:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Malwarebytes
[2010/06/08 05:48:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/08 05:48:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/08 05:48:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/06/08 03:37:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Uniblue
[2010/06/08 03:27:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Avira
[2010/06/08 03:02:19 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/06/08 03:00:31 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/06/08 02:57:42 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010/06/08 02:26:11 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010/06/07 19:00:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/06/07 18:56:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/06/07 18:56:27 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/06/07 18:56:27 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/06/07 18:56:27 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/06/07 18:56:27 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/06/07 18:56:27 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010/06/05 17:20:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config\systemprofile\Anwendungsdaten\Sun
[2010/06/03 18:07:50 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/03 18:07:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/03 18:07:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/03 18:07:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/06/29 13:17:49 | 000,262,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2010/06/29 13:17:49 | 000,229,376 | -H-- | M] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2010/06/29 13:17:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/29 13:17:29 | 000,009,962 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/06/29 13:14:41 | 1072,091,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/29 13:00:22 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/06/29 13:00:04 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/29 12:56:10 | 010,485,760 | -H-- | M] () -- C:\Dokumente und Einstellungen\Phil\NTUSER.DAT
[2010/06/29 12:56:10 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Phil\ntuser.ini
[2010/06/29 12:54:24 | 126,850,486 | ---- | M] (Igor Pavlov) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTLPENet.exe
[2010/06/29 12:52:48 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/06/29 12:50:39 | 004,940,440 | ---- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Phil\Desktop\IsoBurner-Setup.exe
[2010/06/29 09:16:09 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utewnjc1.sys
[2010/06/29 07:00:50 | 104,857,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\SecureDrive.vol
[2010/06/27 14:03:28 | 005,242,880 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2010/06/27 14:00:37 | 000,002,528 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2010/06/27 13:59:16 | 104,857,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\SecureDrive.vol
[2010/06/27 13:56:54 | 000,000,769 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Windows Media Player.lnk
[2010/06/27 12:57:14 | 003,721,479 | R--- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Combo-Fix.exe
[2010/06/27 11:33:10 | 000,478,602 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\bootkit_remover.rar
[2010/06/27 09:25:49 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Phil\Desktop\ccsetup233.exe
[2010/06/27 08:06:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/06/27 06:52:36 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2010/06/27 06:22:49 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe
[2010/06/27 04:39:03 | 000,177,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/13 17:11:54 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\RSIT.exe
[2010/06/13 16:37:02 | 000,000,747 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/13 16:37:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/13 16:37:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/12 17:14:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Phil\Desktop\HiJackThis204.exe
[2010/06/12 16:18:52 | 000,033,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100612_221847.reg
[2010/06/12 16:10:04 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 08:51:55 | 001,034,420 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 08:51:55 | 000,462,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/06/11 08:51:55 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 08:51:55 | 000,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/06/11 08:51:55 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/08 17:46:35 | 000,356,352 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/06/08 17:20:14 | 000,011,712 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS
[2010/06/08 10:31:35 | 000,403,752 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/08 10:25:26 | 000,000,820 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100608-163134.backup
[2010/06/08 06:56:18 | 000,115,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100608_125602.reg
[2010/06/03 18:07:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/06/03 18:07:34 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/06/03 18:07:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/06/03 18:07:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/06/03 18:07:34 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/06/03 17:46:40 | 000,136,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\ebpnoise.sys
[2010/05/31 18:19:10 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2010/05/31 18:19:10 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/06/29 07:37:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utewnjc1.sys
[2010/06/27 14:00:37 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc
[2010/06/27 13:58:58 | 104,857,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\SecureDrive.vol
[2010/06/27 13:56:54 | 000,000,769 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Windows Media Player.lnk
[2010/06/27 12:56:46 | 003,721,479 | R--- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Combo-Fix.exe
[2010/06/27 11:33:09 | 000,478,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\bootkit_remover.rar
[2010/06/27 09:52:17 | 1072,091,136 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/27 08:06:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/06/27 08:05:57 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010/06/27 07:25:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/27 07:25:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/27 07:25:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/27 07:25:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/27 07:25:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/13 17:11:53 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\RSIT.exe
[2010/06/12 16:18:50 | 000,033,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100612_221847.reg
[2010/06/08 17:46:35 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/06/08 06:56:06 | 000,115,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100608_125602.reg
[2010/06/03 17:46:37 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\ebpnoise.sys
[2010/01/03 19:16:58 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/01/03 19:16:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/01/03 19:16:57 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/03 19:16:56 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/01/03 19:16:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/01/03 19:16:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/11/23 07:50:41 | 000,000,066 | ---- | C] () -- C:\WINDOWS\JcAdmin32.ini
[2009/06/18 14:17:17 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\winscp.rnd
[2009/06/18 07:24:17 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2009/05/20 07:07:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/17 13:42:34 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/19 18:53:12 | 000,011,299 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\gsview32.ini
[2008/07/26 13:41:55 | 000,000,158 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2008/07/25 07:51:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008/02/14 19:41:35 | 000,000,944 | ---- | C] () -- C:\WINDOWS\dokop301.ini
[2008/02/14 19:39:38 | 001,201,206 | ---- | C] () -- C:\WINDOWS\System32\KART24GF.DLL
[2008/02/14 19:39:38 | 001,201,206 | ---- | C] () -- C:\WINDOWS\System32\Kart24gd.dll
[2008/02/14 19:39:38 | 000,692,214 | ---- | C] () -- C:\WINDOWS\System32\Kart_f24.dll
[2008/02/14 19:39:38 | 000,692,214 | ---- | C] () -- C:\WINDOWS\System32\Kart_d24.dll
[2008/02/14 19:39:38 | 000,115,478 | ---- | C] () -- C:\WINDOWS\System32\Karten_f.dll
[2008/02/14 19:39:38 | 000,115,478 | ---- | C] () -- C:\WINDOWS\System32\Karten_d.dll
[2008/02/14 19:39:38 | 000,038,614 | ---- | C] () -- C:\WINDOWS\System32\Kart_doj.dll
[2008/02/14 19:39:38 | 000,028,958 | ---- | C] () -- C:\WINDOWS\System32\kart_dbl.dll
[2007/11/17 05:35:16 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\$_hpcst$.hpc
[2007/08/16 11:34:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\VBUTILLight.dll
[2007/08/16 11:34:11 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/08/16 11:34:11 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2007/05/23 04:11:19 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/04/14 04:24:12 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/01/10 18:09:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/10 17:28:51 | 000,177,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/10 15:21:36 | 010,485,760 | -H-- | C] () -- C:\Dokumente und Einstellungen\Phil\NTUSER.DAT
[2007/01/10 15:21:36 | 000,016,384 | -H-- | C] () -- C:\Dokumente und Einstellungen\Phil\ntuser.dat.LOG
[2007/01/10 15:21:36 | 000,000,300 | -HS- | C] () -- C:\Dokumente und Einstellungen\Phil\ntuser.ini
[2007/01/10 15:21:36 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/01/10 15:21:24 | 000,000,146 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/12/21 20:24:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/21 20:06:13 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/21 20:04:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/12/21 20:04:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/12/21 20:04:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/12/21 20:04:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/12/21 20:04:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/12/21 20:04:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/12/21 19:56:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/12/21 19:55:16 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/12/21 19:53:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/12/21 19:53:11 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/12/21 19:52:53 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/08/17 04:00:13 | 000,009,962 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/08/17 04:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2006/08/02 21:27:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/08/02 21:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/06/14 12:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/06/12 07:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/05/31 09:37:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/02/16 04:18:38 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/01/28 05:04:33 | 000,262,144 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT
[2006/01/28 05:04:33 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
[2006/01/27 13:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/27 13:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/26 22:26:12 | 000,106,496 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG
[2006/01/26 22:26:12 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2006/01/26 22:26:10 | 005,242,880 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2006/01/26 22:25:57 | 000,262,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT
[2006/01/26 22:25:57 | 000,008,192 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.dat.LOG
[2006/01/26 22:25:57 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.ini
[2006/01/26 22:25:56 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.ini
[2006/01/26 22:25:55 | 000,229,376 | -H-- | C] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2006/01/26 22:25:55 | 000,008,192 | -H-- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.dat.LOG
[2005/02/17 07:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 07:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 08:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
========== LOP Check ==========
[2006/12/21 20:24:26 | 000,000,000 | ---D | M] -- C:\WINDOWS\System32\config\systemprofile\Anwendungsdaten\Lenovo
[2006/12/21 20:24:31 | 000,000,000 | ---D | M] -- C:\WINDOWS\System32\config\systemprofile\Anwendungsdaten\ThinkVantage
[2010/06/27 13:56:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2006/12/21 20:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ThinkVantage
[2007/04/14 04:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ACD Systems
[2008/07/26 13:41:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ChessBase
[2008/04/16 09:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Dev-Cpp
[2009/06/22 10:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\FileOpen
[2009/08/25 07:48:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\FileZilla
[2007/01/23 07:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ICQLite
[2007/02/02 11:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\InterVideo
[2007/03/03 06:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Leadertech
[2007/01/14 17:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Lenovo
[2007/05/18 15:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ratiopharm
[2006/12/21 20:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ThinkVantage
[2007/12/01 14:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\TrueCrypt
[2010/06/08 03:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Uniblue
[2010/06/29 13:00:22 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 351633 bytes -> C:\WINDOWS\Temp:temp
< End of report >
|
|
29.06.2010, 19:16
| #28 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Extras brauchen wir jetzt eh nicht Downloade dir bitte die angehängte fix.txt auf einen USB Stick. Starte OTLPE, klicke auf den RunFix Button. Wenn du nach einer Datei gefragt wirst, klicke Yes und navigiere zu der fix.txt am USB Stick. Diese Öffnen. Wenn alles richtig ist, müsste sich in der Custom Scan/fixes Box ein Text befinden. Klicke erneut den RunFix Button. Schritt 2 Danach versuche den rechner normal zu starten und mir eine OTL Log zu posten CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.06.2010, 19:54
| #29 |
| | iexplorer.exe im Hintergrund mit Werbung/Sound Jetzt heißt das File Extras... naja, wird schon stimmen: Code:
ATTFilter OTL Extras logfile created on: 29.06.2010 21:47:00 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Phil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 465,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 88,93 Gb Total Space | 31,42 Gb Free Space | 35,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99,72 Mb Total Space | 99,54 Mb Free Space | 99,82% Space Free | Partition Type: FAT
Computer Name: PHILIPPJ
Current User Name: Phil
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite -- File not found
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\WINDOWS\system32\souvawedi.exe" = C:\WINDOWS\system32\souvawedi.exe:*:Disabled:kare64 -- File not found
"C:\WINDOWS\system32\lyvi.exe" = C:\WINDOWS\system32\lyvi.exe:*:Disabled:kare64 -- File not found
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe:*:Disabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.07.mui" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.07.mui:*:Disabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe:*:Disabled:SiSoftware Sandra Agent Service -- (SiSoftware)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014EFADF-1AA8-44D0-B889-D39D77302A62}" = Intel(R) PROSet/Wireless WiFi-Software
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{4526E521-18BC-4C01-8563-5CCE47AAC01C}" = ThinkVantage Fingerprint Software 5.5
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage System für aktiven Festplattenschutz
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1C8D94A-4303-4489-B585-4B6E6CD408CB}" = OpenOffice.org 2.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A638EC76-65C3-4F82-BA68-D105DDA393E7}" = FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF4782CC-1F5F-4D5D-A49D-238FD8CF62CD}" = DLRG Fragenkatalog Rettungsschwimmen
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C031CD16-1112-4133-B8C6-68F9582B3476}" = ATI Catalyst Control Center
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DA320635-F48C-4613-8325-D75A933C549E}" = ThinkVantage System Update Toolbar Button for IE
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F8C8FC80-E542-11D3-8F7F-009027591AA8}" = CMN
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.6 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_816" = Adobe Acrobat 8.1.6 - CPSID_49167
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AudioConvert" = AudioConvert
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayTask" = ThinkVantage Away Manager
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Derive5" = Derive 5
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.4.1
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.9" = GSview 4.9
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Insane Uninstall" = Insane
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PDF Editor 2" = PDF Editor 2
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad-Präsentationsdirektor
"ProInst" = Intel PROSet Wireless
"QcDrv" = Logitech® Camera-Treiber
"QuickTime" = QuickTime
"Remove Multimedia Center" = Remove Multimedia Center
"Shogun Total War" = Shogun Total War
"SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only)
"ST5UNST #1" = Doppelkopf Professionell 3.01sv
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TaskSwitchXP" = TaskSwitchXP
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"winscp3_is1" = WinSCP 4.2.1 beta
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.05.2010 17:43:21 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00021464.
Error - 16.05.2010 17:43:44 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00021464.
Error - 16.05.2010 17:46:00 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00021464.
Error - 17.05.2010 18:57:17 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00021464.
Error - 17.05.2010 18:58:13 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00021464.
Error - 17.05.2010 19:00:59 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00021464.
Error - 17.05.2010 19:01:14 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00021464.
Error - 17.05.2010 19:02:07 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libvlccore.dll, Version 0.9.8.1, Fehleradresse 0x00073fc7.
Error - 17.05.2010 19:02:13 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libvlccore.dll, Version 0.9.8.1, Fehleradresse 0x00073fc7.
Error - 03.06.2010 17:45:55 | Computer Name = PHILIPPJ | Source = SUService | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
Verbindung zum Dienstcontroller herstellen
[ System Events ]
Error - 05.06.2010 17:13:54 | Computer Name = PHILIPPJ | Source = Rasman | ID = 20035
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
Puffer erstellt werden konnten. Starten Sie den Computer neu. Zugriff verweigert
Error - 05.06.2010 17:13:54 | Computer Name = PHILIPPJ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%5
Error - 05.06.2010 17:13:55 | Computer Name = PHILIPPJ | Source = Rasman | ID = 20035
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
Puffer erstellt werden konnten. Starten Sie den Computer neu. Zugriff verweigert
Error - 05.06.2010 17:13:55 | Computer Name = PHILIPPJ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%5
Error - 05.06.2010 17:13:55 | Computer Name = PHILIPPJ | Source = Rasman | ID = 20035
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
Puffer erstellt werden konnten. Starten Sie den Computer neu. Zugriff verweigert
Error - 05.06.2010 17:13:55 | Computer Name = PHILIPPJ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%5
Error - 05.06.2010 17:13:56 | Computer Name = PHILIPPJ | Source = Rasman | ID = 20035
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
Puffer erstellt werden konnten. Starten Sie den Computer neu. Zugriff verweigert
Error - 05.06.2010 17:13:57 | Computer Name = PHILIPPJ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%5
Error - 05.06.2010 17:13:57 | Computer Name = PHILIPPJ | Source = Rasman | ID = 20035
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
Puffer erstellt werden konnten. Starten Sie den Computer neu. Zugriff verweigert
Error - 05.06.2010 17:13:57 | Computer Name = PHILIPPJ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%5
< End of report >
|
|
29.06.2010, 20:51
| #30 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Das aber nicht die, die ich jetzt brauche Am Desktop müsste sich eine OTL.txt befinden. Wenn nicht dann nochmal laufen lassen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu iexplorer.exe im Hintergrund mit Werbung/Sound |
| anti-malware, center, code, dateien, folge, forum, hintergrund, hängt, iexplorer.exe, malwarebytes, manuel, maus, microsoft, nicht mehr, problem, security, service pack 3, services.exe, smss.exe, software, system volume information, systemstart, tastatur, version, werbung |
Box.
Box klicke auf den 
Button.
links oben, um die Untersuchung zu starten
Textbox.
.
Linear-Darstellung
