| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: iexplorer.exe im Hintergrund mit Werbung/SoundWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
29.06.2010, 21:14
| #31 |
 |  iexplorer.exe im Hintergrund mit Werbung/Sound Sorry, hab nicht richtig aufgepasst: Code:
ATTFilter OTL logfile created on: 29.06.2010 21:47:00 - Run 1 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Phil\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 465,00 Mb Available Physical Memory | 45,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 88,93 Gb Total Space | 31,42 Gb Free Space | 35,33% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive R: | 99,72 Mb Total Space | 99,54 Mb Free Space | 99,82% Space Free | Partition Type: FAT Computer Name: PHILIPPJ Current User Name: Phil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.06.29 21:46:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe PRC - [2010.06.01 00:19:10 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.19 17:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2010.01.19 16:56:42 | 001,392,640 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe PRC - [2010.01.19 16:52:32 | 000,954,368 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe PRC - [2010.01.19 16:44:10 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe PRC - [2010.01.19 16:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2008.10.15 01:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe PRC - [2007.08.11 02:30:40 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2007.06.01 03:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe PRC - [2006.11.17 02:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Programme\Lenovo\System Update\SUService.exe PRC - [2006.11.16 17:14:14 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\psasrv.exe PRC - [2006.11.13 14:50:28 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft ActiveSync\wcescomm.exe PRC - [2006.11.13 14:50:16 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft ActiveSync\rapimgr.exe PRC - [2006.11.12 12:48:46 | 000,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools\daemon.exe PRC - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE PRC - [2006.08.16 19:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\AwayTask\AwaySch.EXE PRC - [2006.07.25 03:19:40 | 000,094,208 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2006.07.14 19:20:38 | 000,817,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe PRC - [2006.07.14 19:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe PRC - [2006.07.14 19:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2006.07.14 18:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe PRC - [2006.07.14 18:24:52 | 000,629,504 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006.07.14 16:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe PRC - [2006.07.04 18:11:00 | 000,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE PRC - [2006.05.31 15:51:02 | 000,622,653 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe PRC - [2006.05.31 15:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe PRC - [2006.05.30 08:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2006.03.15 20:04:48 | 000,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe PRC - [2006.03.13 17:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe PRC - [2006.02.23 19:22:00 | 000,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE PRC - [2006.02.02 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.07.19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE PRC - [2005.07.05 07:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2005.06.20 13:15:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe PRC - [2005.06.06 22:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe PRC - [2005.05.20 02:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe PRC - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Programme\UPHClean\uphclean.exe PRC - [2005.04.12 00:15:25 | 000,060,416 | ---- | M] (Alexander Avdonin) -- C:\Programme\TaskSwitchXP\TaskSwitchXP.exe ========== Modules (SafeList) ========== MOD - [2010.06.29 21:46:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe MOD - [2008.04.14 04:22:32 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2008.04.14 04:22:32 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2008.04.13 19:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll MOD - [2007.08.11 02:30:34 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll MOD - [2006.08.16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL MOD - [2006.07.14 19:20:50 | 000,613,120 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll MOD - [2006.07.14 19:20:46 | 000,645,888 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll MOD - [2006.07.14 19:20:40 | 001,919,744 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvt_passwordmanager.dll MOD - [2006.07.14 18:24:00 | 000,682,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_banner.dll MOD - [2006.05.31 15:52:36 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Bluetooth Software\BTKeyInd.dll ========== Win32 Services (SafeList) ========== SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.19 17:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2010.01.19 16:52:32 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2010.01.19 16:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2009.08.24 19:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.10.24 15:17:52 | 000,145,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.01.15 17:51:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.06.01 03:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2006.11.17 02:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2006.11.16 17:14:14 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2006.07.14 19:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2006.07.14 19:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2006.07.14 18:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService) SRV - [2006.07.14 18:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006.07.14 16:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk) SRV - [2006.05.31 15:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.06.20 13:15:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC) SRV - [2005.06.06 22:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean) ========== Driver Services (SafeList) ========== DRV - [2010.06.29 18:52:48 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.06.08 23:20:14 | 000,011,712 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.01.13 08:24:42 | 006,598,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2009.08.10 00:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.07.26 22:31:22 | 000,215,872 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.08.11 02:25:28 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2007.06.01 03:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV - [2007.04.30 07:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.12.22 02:15:09 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2006.12.22 02:15:09 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2006.09.13 01:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006.08.02 18:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2006.08.02 18:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2006.07.20 19:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2006.07.14 18:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2006.07.14 18:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2006.07.14 16:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Programme\SMI2\smi2.sys -- (smi2) DRV - [2006.05.31 15:26:38 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006.05.31 15:22:26 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006.05.31 15:18:36 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.05.31 15:18:28 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2006.05.31 15:17:36 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.05.31 15:15:42 | 000,148,996 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006.05.25 18:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2006.04.25 20:13:20 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb) DRV - [2006.04.25 20:00:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV - [2006.03.15 18:08:00 | 000,088,576 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\shockprf.sys -- (Shockprf) DRV - [2006.03.13 17:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk) DRV - [2006.03.09 10:20:10 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006.03.01 04:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2006.02.02 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006.02.02 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006.02.02 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006.02.02 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006.02.02 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006.02.02 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006.02.02 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2005.12.06 04:21:32 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV) DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL) DRV - [2005.12.06 04:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf) DRV - [2005.11.18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.11.18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.11.18 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2005.10.11 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2005.07.05 07:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV) DRV - [2005.06.20 13:18:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShockMgr.sys -- (ShockMgr) DRV - [2005.05.27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.05.17 11:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm) DRV - [2004.10.08 11:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl) DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003.09.11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400) DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.prodlog.tu-bs.de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.cocktaildreams.de/forum/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.29 21:45:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.29 21:45:19 | 000,000,000 | ---D | M] [2008.12.09 12:48:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Extensions [2010.02.16 11:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\4sayjang.default\extensions [2010.02.16 11:57:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\4sayjang.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.16 11:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\4sayjang.default\extensions\searchrecs@veoh.com [2010.06.29 15:53:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions [2010.05.02 23:50:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.16 11:57:46 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.02.16 11:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\moveplayer@movenetworks.com [2009.09.17 23:17:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\searchrecs@veoh.com [2010.06.29 15:53:28 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.01.21 03:23:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.04.14 17:01:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2010.06.04 00:07:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.04 00:07:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.03.12 01:41:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.12 01:41:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.12 01:41:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.12 01:41:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.12 01:41:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.08 16:31:35 | 000,403,752 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 13964 more lines... O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.) O4 - HKCU..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O4 - HKCU..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2007.01.11 17:51:06 | 000,000,000 | -H-D | M] O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Programme\Lenovo\System Update\sulauncher.exe () O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275980193953 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited) O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Unbenannt.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Unbenannt.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.06.07 12:40:58 | 000,000,000 | RHS- | M] () - R:\autorun.inf -- [ FAT ] O33 - MountPoints2\{088550fa-7a78-11de-a094-0016cfee30c6}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found O33 - MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\Shell\AutoRun\command - "" = F:\dolly\bejbe.exe -- File not found O33 - MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\Shell\explore\command - "" = F:\dolly\bejbe.exe -- File not found O33 - MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\Shell\install\command - "" = F:\dolly\bejbe.exe -- File not found O33 - MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\Shell\open\command - "" = F:\dolly\bejbe.exe -- File not found O33 - MountPoints2\{560b084e-e9cb-11dc-9fe3-0016cfee30c6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{560b084e-e9cb-11dc-9fe3-0016cfee30c6}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found O33 - MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\Shell\AutoRun\command - "" = F:\BATO\\\\\BOSANEC.exe -- File not found O33 - MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\Shell\explore\command - "" = F:\BATO\\\\\\BOSANEC.exe -- File not found O33 - MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\Shell\open\command - "" = F:\BATO\\\\\\BOSANEC.exe -- File not found O33 - MountPoints2\{7ae67f4c-03be-11df-a0be-0016cfee30c6}\Shell\AutoRun\command - "" = pbudsara.exe O33 - MountPoints2\{7ae67f4c-03be-11df-a0be-0016cfee30c6}\Shell\open\Command - "" = pbudsara.exe O33 - MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\Shell\AutoRun\command - "" = F:\laf\lauski.exe -- File not found O33 - MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\Shell\explore\command - "" = F:\laf\\lauski.exe -- File not found O33 - MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\Shell\open\command - "" = F:\laf\\lauski.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2006.12.22 09:37:18 | 000,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902053519425536) ========== Files/Folders - Created Within 90 Days ========== [2010.06.30 03:35:59 | 000,552,960 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe [2010.06.30 03:35:55 | 000,000,000 | ---D | C] -- C:\_OTL [2010.06.29 21:46:20 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe [2010.06.29 19:02:57 | 126,850,486 | ---- | C] (Igor Pavlov) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTLPENet.exe [2010.06.29 18:52:20 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies [2010.06.29 13:33:34 | 000,000,000 | ---D | C] -- C:\AVZ [2010.06.29 12:40:22 | 000,000,000 | --SD | C] -- C:\ComFi [2010.06.27 17:33:36 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Dokumente und Einstellungen\Phil\Desktop\remover.exe [2010.06.27 17:33:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Desktop\bootkit_remover [2010.06.27 15:25:44 | 003,396,176 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Phil\Desktop\ccsetup233.exe [2010.06.27 14:05:51 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.06.27 13:25:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.06.27 13:25:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.06.27 13:25:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.06.27 13:25:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.06.27 13:24:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.06.27 13:10:45 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.06.13 23:12:33 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.06.13 23:12:32 | 000,000,000 | ---D | C] -- C:\rsit [2010.06.12 23:18:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Desktop\backups [2010.06.12 23:14:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Phil\Desktop\HiJackThis204.exe [2010.06.11 14:36:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.06.11 11:29:02 | 000,000,000 | ---D | C] -- C:\77b14c21bda8bca2b5713b38c4310e60 [2010.06.08 23:49:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Intel [2010.06.08 23:49:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Intel [2010.06.08 23:48:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Intel [2010.06.08 23:46:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intel [2010.06.08 23:46:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Intel [2010.06.08 12:54:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Phil\Recent [2010.06.08 12:50:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.06.08 12:22:22 | 000,000,000 | ---D | C] -- C:\b3fb7881123562c16bb16e3e [2010.06.08 11:48:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Malwarebytes [2010.06.08 11:48:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.06.08 11:48:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.06.08 11:48:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.06.08 11:48:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.08 09:37:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Uniblue [2010.06.08 09:27:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Avira [2010.06.08 08:26:11 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.06.08 08:26:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.06.08 01:00:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.06.08 00:56:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.06.08 00:56:27 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.06.08 00:56:27 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.06.08 00:56:27 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.06.08 00:56:27 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.06.08 00:56:27 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.06.08 00:56:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.06.04 00:08:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.04.17 10:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.06.30 03:37:16 | 010,485,760 | -H-- | M] () -- C:\Dokumente und Einstellungen\Phil\NTUSER.DAT [2010.06.29 21:46:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe [2010.06.29 21:42:48 | 000,009,962 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2010.06.29 21:42:07 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.06.29 21:41:48 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.06.29 21:39:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.06.29 21:39:27 | 1072,091,136 | -HS- | M] () -- C:\hiberfil.sys [2010.06.29 19:15:52 | 000,002,140 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\common.data [2010.06.29 18:56:10 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Phil\ntuser.ini [2010.06.29 18:54:24 | 126,850,486 | ---- | M] (Igor Pavlov) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTLPENet.exe [2010.06.29 18:52:48 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.06.29 13:00:50 | 104,857,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\SecureDrive.vol [2010.06.27 19:56:50 | 000,000,494 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tvt_userinfo.ini [2010.06.27 17:33:10 | 000,478,602 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\bootkit_remover.rar [2010.06.27 15:25:49 | 003,396,176 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Phil\Desktop\ccsetup233.exe [2010.06.27 14:06:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010.06.27 10:39:03 | 000,177,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.13 23:11:54 | 000,824,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\RSIT.exe [2010.06.13 22:37:02 | 000,000,747 | ---- | M] () -- C:\WINDOWS\win.ini [2010.06.13 22:37:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.06.13 22:37:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010.06.12 23:14:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Phil\Desktop\HiJackThis204.exe [2010.06.12 22:18:52 | 000,033,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100612_221847.reg [2010.06.12 22:10:04 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.11 14:51:55 | 001,034,420 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.11 14:51:55 | 000,462,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.11 14:51:55 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.11 14:51:55 | 000,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.11 14:51:55 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.08 23:46:35 | 000,356,352 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2010.06.08 16:31:35 | 000,403,752 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.06.08 16:25:26 | 000,000,820 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100608-163134.backup [2010.06.08 12:56:18 | 000,115,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100608_125602.reg [2010.05.15 21:27:25 | 000,024,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\Premium Rums.doc [2010.05.13 01:52:31 | 000,552,960 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010.04.22 10:10:10 | 000,318,976 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\KatS-Perosnalbogen OG BS_P.Jäckel.doc [2010.04.18 17:41:00 | 000,066,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\1099108.pdf [2010.04.05 17:29:01 | 000,011,299 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\gsview32.ini [2010.04.04 15:39:14 | 000,154,993 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\LP_ch0.pdf [2010.04.03 15:18:14 | 000,742,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\1._Lineare_Optimierung_und_lineare_Modelle.pdf [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.06.27 17:33:09 | 000,478,602 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\bootkit_remover.rar [2010.06.27 15:52:17 | 1072,091,136 | -HS- | C] () -- C:\hiberfil.sys [2010.06.27 14:06:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.06.27 14:05:57 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.06.27 13:25:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.06.27 13:25:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.06.27 13:25:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.06.27 13:25:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.06.27 13:25:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.06.13 23:11:53 | 000,824,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\RSIT.exe [2010.06.12 22:18:50 | 000,033,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100612_221847.reg [2010.06.08 23:46:35 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2010.06.08 12:56:06 | 000,115,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100608_125602.reg [2010.06.03 23:17:42 | 000,002,140 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\common.data [2010.04.21 10:33:24 | 000,318,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\KatS-Perosnalbogen OG BS_P.Jäckel.doc [2010.04.18 17:41:00 | 000,066,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\1099108.pdf [2010.04.04 15:39:12 | 000,154,993 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\LP_ch0.pdf [2010.04.03 15:18:11 | 000,742,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\1._Lineare_Optimierung_und_lineare_Modelle.pdf [2010.01.04 01:16:58 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.01.04 01:16:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010.01.04 01:16:57 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.01.04 01:16:56 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.01.04 01:16:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010.01.04 01:16:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.11.23 13:50:41 | 000,000,066 | ---- | C] () -- C:\WINDOWS\JcAdmin32.ini [2009.05.20 13:07:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.04.17 19:42:34 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.07.26 19:41:55 | 000,000,158 | ---- | C] () -- C:\WINDOWS\ChssBase.ini [2008.07.25 13:51:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\WINCMD.INI [2008.02.15 01:41:35 | 000,000,944 | ---- | C] () -- C:\WINDOWS\dokop301.ini [2008.02.15 01:39:38 | 001,201,206 | ---- | C] () -- C:\WINDOWS\System32\KART24GF.DLL [2008.02.15 01:39:38 | 001,201,206 | ---- | C] () -- C:\WINDOWS\System32\Kart24gd.dll [2008.02.15 01:39:38 | 000,692,214 | ---- | C] () -- C:\WINDOWS\System32\Kart_f24.dll [2008.02.15 01:39:38 | 000,692,214 | ---- | C] () -- C:\WINDOWS\System32\Kart_d24.dll [2008.02.15 01:39:38 | 000,115,478 | ---- | C] () -- C:\WINDOWS\System32\Karten_f.dll [2008.02.15 01:39:38 | 000,115,478 | ---- | C] () -- C:\WINDOWS\System32\Karten_d.dll [2008.02.15 01:39:38 | 000,038,614 | ---- | C] () -- C:\WINDOWS\System32\Kart_doj.dll [2008.02.15 01:39:38 | 000,028,958 | ---- | C] () -- C:\WINDOWS\System32\kart_dbl.dll [2007.08.16 17:34:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\VBUTILLight.dll [2007.08.16 17:34:11 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.08.16 17:34:11 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll [2007.05.23 10:11:19 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007.04.14 10:24:12 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2007.01.11 00:09:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.01.10 23:25:18 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.12.22 02:24:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.12.22 02:06:13 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.12.22 02:04:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.12.22 02:04:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.12.22 02:04:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.12.22 02:04:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.12.22 02:04:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.12.22 02:04:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.12.22 01:56:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll [2006.12.22 01:55:16 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006.12.22 01:53:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2006.12.22 01:53:11 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2006.12.22 01:52:53 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006.08.17 10:00:13 | 000,009,962 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI [2006.08.03 03:27:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll [2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll [2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006.06.12 13:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL [2006.05.31 15:37:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.02.17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2007.04.14 10:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2009.06.22 16:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileOpen [2007.01.10 21:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo [2009.07.26 22:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments [2009.11.23 13:52:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OPPU [2007.01.10 22:21:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr [2007.03.03 13:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2010.06.29 10:50:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2009.07.26 22:35:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{902029B2-957E-4066-85FA-30DA31731718} [2009.07.26 22:36:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C79A30AF-08C1-49CF-8F27-526F179A478D} [2007.04.14 10:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ACD Systems [2008.07.26 19:41:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ChessBase [2008.04.16 15:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Dev-Cpp [2009.06.22 16:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\FileOpen [2009.08.25 13:48:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\FileZilla [2007.01.23 13:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ICQLite [2007.02.02 17:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\InterVideo [2007.03.03 12:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Leadertech [2007.01.14 23:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Lenovo [2007.05.18 21:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ratiopharm [2006.12.22 02:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ThinkVantage [2007.12.01 20:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\TrueCrypt [2010.06.08 09:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Uniblue [2010.06.29 21:42:07 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010.06.13 22:37:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010.06.27 14:06:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2004.08.04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2004.08.03 23:00:10 | 000,262,448 | ---- | M] () -- C:\cmldr [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2006.12.22 02:05:42 | 000,002,301 | ---- | M] () -- C:\drivez.log [2010.06.24 13:11:21 | 000,014,030 | ---- | M] () -- C:\drwtsn32.log [2010.06.29 21:39:27 | 1072,091,136 | -HS- | M] () -- C:\hiberfil.sys [2009.06.22 16:08:09 | 000,018,800 | ---- | M] () -- C:\install.log [2006.01.27 04:18:40 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006.01.27 04:18:40 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004.08.04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008.06.23 14:22:45 | 000,251,712 | RHS- | M] () -- C:\NTLDR [2010.06.30 02:48:08 | 000,114,520 | ---- | M] () -- C:\OTL.Txt [2010.05.13 01:52:31 | 000,552,960 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe [2010.06.29 21:39:23 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys [2006.12.22 09:43:01 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl [2009.06.22 16:07:53 | 000,000,508 | ---- | M] () -- C:\uninstall.log [2007.12.17 15:28:58 | 000,000,518 | ---- | M] () -- C:\WirelessDiagLog.csv [2007.12.12 22:30:54 | 000,002,580 | ---- | M] () -- C:\wp_install.log < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.04.14 04:22:08 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.01.26 20:08:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006.01.26 20:08:21 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006.01.26 20:08:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\drivers\*.sys /90 > [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2010.06.29 18:52:48 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\system32\user32.dll /md5 > [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.04.14 04:22:32 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2008.04.14 04:22:32 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 351633 bytes -> C:\WINDOWS\Temp:temp < End of report > |
|
29.06.2010, 21:27
| #32 |
| /// Selecta Jahrusso   | iexplorer.exe im Hintergrund mit Werbung/Sound Schritt 1
__________________
Code:
ATTFilter :OTL
O32 - AutoRun File - [2010.06.07 12:40:58 | 000,000,000 | RHS- | M] () - R:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{088550fa-7a78-11de-a094-0016cfee30c6}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\Shell\AutoRun\command - "" = F:\dolly\bejbe.exe -- File not found
O33 - MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\Shell\explore\command - "" = F:\dolly\bejbe.exe -- File not found
O33 - MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\Shell\install\command - "" = F:\dolly\bejbe.exe -- File not found
O33 - MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\Shell\open\command - "" = F:\dolly\bejbe.exe -- File not found
O33 - MountPoints2\{560b084e-e9cb-11dc-9fe3-0016cfee30c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{560b084e-e9cb-11dc-9fe3-0016cfee30c6}\Shell\Open(&0)\command - "" = F:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\Shell\AutoRun\command - "" = F:\BATO\\\\\BOSANEC.exe -- File not found
O33 - MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\Shell\explore\command - "" = F:\BATO\\\\\\BOSANEC.exe -- File not found
O33 - MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\Shell\open\command - "" = F:\BATO\\\\\\BOSANEC.exe -- File not found
O33 - MountPoints2\{7ae67f4c-03be-11df-a0be-0016cfee30c6}\Shell\AutoRun\command - "" = pbudsara.exe
O33 - MountPoints2\{7ae67f4c-03be-11df-a0be-0016cfee30c6}\Shell\open\Command - "" = pbudsara.exe
O33 - MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\Shell\AutoRun\command - "" = F:\laf\lauski.exe -- File not found
O33 - MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\Shell\explore\command - "" = F:\laf\\lauski.exe -- File not found
O33 - MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\Shell\open\command - "" = F:\laf\\lauski.exe -- File not found
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
Schritt 2 Vorbereitung Lösche die vorhandene Version von Combofix und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es auf dem Desktop (nicht woanders hin, das ist wichtig)! Wenn Du ComboFix bereits vorher auf dem Rechner hattest, lösche die alte Version, da ComboFix laufend aktualisiert wird.
Bitte poste in Deiner nächsten Antwort COmbofix.txt
__________________ |
|
29.06.2010, 22:13
| #33 |
| | iexplorer.exe im Hintergrund mit Werbung/SoundCode:
ATTFilter All processes killed
========== OTL ==========
R:\autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{088550fa-7a78-11de-a094-0016cfee30c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{088550fa-7a78-11de-a094-0016cfee30c6}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09736a21-5e9a-11df-a0cf-0019d206b373}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09736a21-5e9a-11df-a0cf-0019d206b373}\ not found.
File F:\dolly\bejbe.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09736a21-5e9a-11df-a0cf-0019d206b373}\ not found.
File F:\dolly\bejbe.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09736a21-5e9a-11df-a0cf-0019d206b373}\ not found.
File F:\dolly\bejbe.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09736a21-5e9a-11df-a0cf-0019d206b373}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09736a21-5e9a-11df-a0cf-0019d206b373}\ not found.
File F:\dolly\bejbe.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{560b084e-e9cb-11dc-9fe3-0016cfee30c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{560b084e-e9cb-11dc-9fe3-0016cfee30c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{560b084e-e9cb-11dc-9fe3-0016cfee30c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{560b084e-e9cb-11dc-9fe3-0016cfee30c6}\ not found.
File F:\Recycled\ctfmon.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72092530-7a20-11de-a093-0016cfee30c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72092530-7a20-11de-a093-0016cfee30c6}\ not found.
File F:\BATO\\\\\BOSANEC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72092530-7a20-11de-a093-0016cfee30c6}\ not found.
File F:\BATO\\\\\\BOSANEC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{72092530-7a20-11de-a093-0016cfee30c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72092530-7a20-11de-a093-0016cfee30c6}\ not found.
File F:\BATO\\\\\\BOSANEC.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ae67f4c-03be-11df-a0be-0016cfee30c6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ae67f4c-03be-11df-a0be-0016cfee30c6}\ not found.
File pbudsara.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ae67f4c-03be-11df-a0be-0016cfee30c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ae67f4c-03be-11df-a0be-0016cfee30c6}\ not found.
File pbudsara.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b5936be-7206-11df-a0d7-0019d206b373}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b5936be-7206-11df-a0d7-0019d206b373}\ not found.
File F:\laf\lauski.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b5936be-7206-11df-a0d7-0019d206b373}\ not found.
File F:\laf\\lauski.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b5936be-7206-11df-a0d7-0019d206b373}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b5936be-7206-11df-a0d7-0019d206b373}\ not found.
File F:\laf\\lauski.exe not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Java cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Phil
->Temp folder emptied: 3984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27501264 bytes
->Flash cache emptied: 456 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 7478409 bytes
Total Files Cleaned = 33,00 mb
OTL by OldTimer - Version 3.2.7.0 log created on 06292010_233218
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter ComboFix 10-06-29.02 - Phil 29.06.2010 23:54:12.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.1022.547 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Phil\Desktop\CoFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\common.data
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-28 bis 2010-06-29 ))))))))))))))))))))))))))))))
.
2010-06-30 01:35 . 2010-05-12 23:52 552960 ----a-r- C:\OTLPE.exe
2010-06-30 01:35 . 2010-06-30 01:35 -------- d-----w- C:\_OTL
2010-06-29 16:52 . 2010-06-29 16:52 -------- d-----w- c:\programme\LSoft Technologies
2010-06-29 11:33 . 2010-06-29 11:34 -------- d-----w- C:\AVZ
2010-06-27 20:43 . 2008-04-14 02:22 39424 ----a-w- c:\windows\system32\grpconv.exe
2010-06-27 20:43 . 2008-04-14 02:22 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe
2010-06-27 10:40 . 2010-06-27 10:40 -------- d-s---w- c:\dokumente und einstellungen\Administrator\IETldCache
2010-06-13 21:12 . 2010-06-27 14:04 -------- d-----w- c:\programme\trend micro
2010-06-13 21:12 . 2010-06-13 21:12 -------- d-----w- C:\rsit
2010-06-11 12:35 . 2010-05-06 10:31 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-11 12:33 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-06-11 09:29 . 2010-06-11 10:06 -------- d-----w- C:\77b14c21bda8bca2b5713b38c4310e60
2010-06-08 21:49 . 2010-01-13 06:24 6598656 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-06-08 21:49 . 2009-09-15 09:19 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-06-08 21:49 . 2009-09-15 09:18 675840 ----a-w- c:\windows\system32\NETw5c32.dll
2010-06-08 21:49 . 2010-06-08 21:49 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Intel
2010-06-08 21:49 . 2010-06-08 21:49 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Anwendungsdaten\Intel
2010-06-08 21:49 . 2010-06-08 21:49 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Intel
2010-06-08 21:48 . 2010-06-08 21:48 -------- d-----w- c:\programme\Gemeinsame Dateien\Intel
2010-06-08 21:46 . 2010-06-08 21:46 356352 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-06-08 21:46 . 2010-06-08 21:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Intel
2010-06-08 21:46 . 2010-06-08 21:46 -------- d-----w- c:\dokumente und einstellungen\Phil\Anwendungsdaten\Intel
2010-06-08 10:50 . 2010-06-08 10:50 -------- d-----w- c:\programme\CCleaner
2010-06-08 10:22 . 2010-06-08 10:26 -------- d-----w- C:\b3fb7881123562c16bb16e3e
2010-06-08 09:48 . 2010-06-08 09:48 -------- d-----w- c:\dokumente und einstellungen\Phil\Anwendungsdaten\Malwarebytes
2010-06-08 09:48 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-08 09:48 . 2010-06-08 09:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-08 09:48 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-08 09:48 . 2010-06-08 09:48 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-06-08 07:37 . 2010-06-08 07:37 -------- d-----w- c:\dokumente und einstellungen\Phil\Anwendungsdaten\Uniblue
2010-06-08 07:27 . 2010-06-08 07:27 -------- d-----w- c:\dokumente und einstellungen\Phil\Anwendungsdaten\Avira
2010-06-08 07:02 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-08 07:00 . 2009-11-21 15:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-06-08 06:26 . 2010-06-29 08:49 -------- d-----w- c:\programme\Spybot - Search & Destroy
2010-06-08 06:26 . 2010-06-29 08:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-06-07 23:00 . 2010-06-27 11:09 -------- d-----w- c:\windows\system32\NtmsData
2010-06-07 22:56 . 2010-06-07 22:56 -------- d-----w- c:\programme\Avira
2010-06-07 22:56 . 2010-06-07 22:56 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2010-06-07 22:56 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-06-07 22:56 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-06-07 22:56 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-06-07 22:56 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-06-03 22:08 . 2010-06-03 22:08 61440 ----a-w- c:\dokumente und einstellungen\Phil\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65972cfe-n\decora-sse.dll
2010-06-03 22:08 . 2010-06-03 22:08 503808 ----a-w- c:\dokumente und einstellungen\Phil\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-787c26dc-n\msvcp71.dll
2010-06-03 22:08 . 2010-06-03 22:08 499712 ----a-w- c:\dokumente und einstellungen\Phil\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-787c26dc-n\jmc.dll
2010-06-03 22:08 . 2010-06-03 22:08 348160 ----a-w- c:\dokumente und einstellungen\Phil\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-787c26dc-n\msvcr71.dll
2010-06-03 22:08 . 2010-06-03 22:08 12800 ----a-w- c:\dokumente und einstellungen\Phil\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65972cfe-n\decora-d3d.dll
2010-06-03 22:07 . 2010-06-03 22:07 411368 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 16:52 . 2007-01-10 21:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-29 16:52 . 2006-12-21 23:52 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-06-29 08:50 . 2008-01-10 09:59 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\WinZip
2010-06-27 17:56 . 2006-12-22 00:24 -------- d-----w- c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Lenovo
2010-06-26 23:06 . 2009-11-20 22:46 -------- d-----w- c:\programme\JDownloader
2010-06-11 12:51 . 2006-01-27 01:01 85740 ----a-w- c:\windows\system32\perfc007.dat
2010-06-11 12:51 . 2006-01-27 01:01 462896 ----a-w- c:\windows\system32\perfh007.dat
2010-06-08 21:48 . 2006-12-21 23:54 -------- d-----w- c:\programme\Intel
2010-06-08 21:20 . 2006-12-22 00:15 11712 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-06-03 22:08 . 2006-12-22 00:03 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-06-03 22:07 . 2006-12-22 00:03 -------- d-----w- c:\programme\Java
2010-05-31 22:19 . 2006-01-27 01:01 1036800 ----a-w- c:\windows\explorer.exe
2010-05-25 22:20 . 2006-01-27 01:01 14336 ----a-w- c:\windows\system32\svchost.exe
2010-05-12 19:50 . 2007-05-04 21:58 -------- d-----w- c:\dokumente und einstellungen\Phil\Anwendungsdaten\dvdcss
2010-05-06 10:31 . 2006-01-27 01:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 08:05 . 2009-04-29 09:36 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:29 . 2006-01-27 01:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 00:16 . 2009-07-14 00:16 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-07-14 00:16 . 2009-07-14 00:16 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\programme\TaskSwitchXP\TaskSwitchXP.exe" [2005-04-11 60416]
"DAEMON Tools"="c:\programme\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TpShocks"="TpShocks.exe" [2006-03-15 106496]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"DAEMON Tools"="c:\programme\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"IntelZeroConfig"="c:\programme\Intel\WiFi\bin\ZCfgSvc.exe" [2010-01-19 1392640]
"IntelWireless"="c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1206544]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\Phil\Startmen\Programme\Autostart\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\dokumente und einstellungen\Phil\Startmen\Programme\Autostart\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\dokumente und einstellungen\Phil\Startmen\Programme\Autostart\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\AutorunsDisabled
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2006-5-31 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-22 24576]
c:\dokumente und einstellungen\Phil\Startmen\Programme\Autostart\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\programme\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w- c:\programme\Lenovo\AwayTask\AwayNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 18:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w- c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
backup=c:\windows\pss\Adobe Reader - Schnellstart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Phil^Startmenü^Programme^Autostart^OpenOffice.org 2.2.lnk]
path=c:\dokumente und einstellungen\Phil\Startmenü\Programme\Autostart\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-14 20:38 623992 ----a-w- c:\programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-05-10 10:12 90112 ----a-w- c:\programme\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 13:24 458752 ----a-w- c:\programme\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 13:14 217088 ----a-w- c:\programme\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 09:50 155648 ----a-r- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-08-11 00:30 512000 ----a-w- c:\programme\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2007-08-11 00:30 110592 ----a-w- c:\programme\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2006-07-14 17:05 503808 ----a-w- c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"UPS"=3 (0x3)
"Themes"=2 (0x2)
"ose"=3 (0x3)
"mnmsrvc"=3 (0x3)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"FastUserSwitchingCompatibility"=2 (0x2)
"Eventlog"=2 (0x2)
"Diskeeper"=2 (0x2)
"TVT Scheduler"=2 (0x2)
"SENS"=2 (0x2)
"SCardSvr"=3 (0x3)
"aspnet_state"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2010\\RpcAgentSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\sandra.07.mui"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2010\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [08.06.2010 00:56 135336]
R2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 17:05 58368]
R2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 16:55 3968]
R2 smihlp;SMI helper driver;c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [25.04.2006 20:00 3456]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [08.03.2008 14:51 4352]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\drivers\fwlanusb.sys [08.03.2008 14:51 265088]
S3 QuarticsWP;QuarticsWP_Display_Driver;c:\windows\system32\DRIVERS\QuarticsWP.sys --> c:\windows\system32\DRIVERS\QuarticsWP.sys [?]
S3 QuarticsWPMirror;QuarticsWPMirror_Display_Driver;c:\windows\system32\DRIVERS\QuarticsWPMirror.sys --> c:\windows\system32\DRIVERS\QuarticsWPMirror.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [28.12.2009 12:31 93336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.01.2007 23:25 691696]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - uphcleanhlp
.
Inhalt des "geplante Tasks" Ordners
2010-06-29 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-12-21 16:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = www.prodlog.tu-bs.de
IE: An vorhandenes PDF anfügen - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\dokumente und einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cocktaildreams.de/forum/
FF - plugin: c:\dokumente und einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Notify-NavLogon - (no file)
SafeBoot-bqmdknwc
SafeBoot-ebpnoise
SafeBoot-gijrmagg.sys
MSConfigStartUp-updateMgr - c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-06-30 00:00
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,f7,0c,1d,ad,89,dd,46,ba,af,18,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,f7,0c,1d,ad,89,dd,46,ba,af,18,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="7563E592E1D8D6C0EE167E18C2C5B1D4B0200547DA4447361BCE5D0F0D970581357D13FA3821481096ED4C4E60E45C03D6F053F2E95509930F5EAFFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB34529DB7CE019D40AA5CA6171C11EC38DE3DDF7D29F5458DC60BD344A380905C604DDEB036AD0032E07F77618989DDD7F28E16BEEDF881BCD8F11E3BADC32501E2C22099A9B5877B3A625F4CCFCAE3E6F832B65958F2328E8FD63BDBD4D8C09502944307944814C2ED2F28C7D1141F69E2636D6B321EC4568BF0A3DB1C5D2DD92529ADE5CD836DD0C81D441A5A23F54F06CED9B35D795C4DC47B459316B06C6D086E39C74047904FEB6B9AAEC87B02EA05A112964EC8CE8E85357F006EF63157B954B56469BA2ECA4ADA8514926210745A0F1B9B8C92289A6DE328C2E09861801FCF6394DB462A38AE3256FCBAE0A28755CEF2EEB4222556ED4E089F40411BB56FD8F9D6BC969D6D35B9CD41E0476EA3179989DFF5863A0B4E3F5D807061AB28B6EC22CBC81C5524CE41A4DA32A6DDAA142FC2E216930C63A987D7F2EAAC98EDD40CF9BACB0ECFFA4017836871550D6617D1F48FEC5FF5716EFA1CA5BC9C18017CBB138DA963457421140C2EF6ECCE7F3EC8EF22E64787A7DFEE456F886B95BDB784F450D6DB9A76E090D091AD4BA8087BDDEFFA8467016094425EC7821BB0E6DF7298B660F5EE4C3D69D61F1515D2719260AA9C58A4DA5676D2E84D746FBD9F26966C96E1F711A3CB029B84BF2E3C149FA348AF0C26BEAB46845BBF3A6FC3728D05D2E80F6B060F773F0C14D64085AB907CE3815C560C6494BE9C03C668FE4DED57A0CC2E1D07067B0A8D46133B85D624C50FFE1965D3E749ED8A221FE9DC0274A8A002991E0061E75075B545D0449973DF4CBEA646DD031E80F649DB4803441F9B91713FC312E022848EA0CF76005A67AC14F7FCAFA466246B25C8AB9B49AEC2D32422A0A61025631C99E92B6629653C125284A79BD4263CA5D0164E40B83E06F9FE44D42584B6B8104719E12067E9857BE767484B53BA9EAAA3C919D613D4663BBCA886DEAA7D01DE41D8146392FA285829C29241B601537BC1A0F542CA37B2C66A45733A74CAF3092077F339B9905E99DB5FCE44C7B83C1ABDFB62AA088E8E530AB36E60054F97957468C8691C0636B53E28D8DF06870B0F2261EE7E2669719791B2DC3D3521C90E40C2ED82B11B1029FE2DA262237345E4EBF7C0EA34B8A8516CA33A8212BB3CFEFA42D3D722F1A3F14323AE6007EA482D8B8D13E6F6D151C0770C93A6DBFB71F990437C7FCB13F812A1E095B0CBBEC079E694B02864EDE22B06968B6086274595DE4B7F5240E8EE11276384ECBEA0B063D49EFBABA82AA1595B91D7AF3B"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1184)
c:\windows\system32\vrlogon.dll
c:\windows\system32\tvt_gina.dll
c:\programme\Lenovo\Client Security Solution\css_gina_plugin.dll
c:\programme\Lenovo\Client Security Solution\css_wait_bar.dll
c:\programme\Lenovo\Client Security Solution\cssuserdatadispatcher.dll
c:\programme\Lenovo\Client Security Solution\csswait.dll
c:\programme\Gemeinsame Dateien\Lenovo\tvt_banner.dll
c:\programme\Lenovo\Client Security Solution\cssdlgpwentry.dll
c:\programme\Lenovo\Client Security Solution\dlganswerprompt.dll
c:\programme\Lenovo\Client Security Solution\tvttsp.dll
c:\programme\Lenovo\Client Security Solution\tcsrpc.dll
c:\programme\Gemeinsame Dateien\Lenovo\tvt_res.dll
c:\programme\ThinkVantage Fingerprint Software\pscssint.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkVantage Fingerprint Software\VTI.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\crypto.dll
c:\programme\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
c:\programme\Lenovo\AwayTask\AwayNotify.dll
- - - - - - - > 'lsass.exe'(1240)
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
.
Zeit der Fertigstellung: 2010-06-30 00:04:09
ComboFix-quarantined-files.txt 2010-06-29 22:04
Vor Suchlauf: 27 Verzeichnis(se), 33.683.382.272 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 33.622.228.992 Bytes frei
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 20613E27E0A565662A22B1186C2F92AE
|
|
29.06.2010, 22:31
| #34 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Sieht oberflächlich gut aus  WIe läuft der Rechner ?
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
29.06.2010, 22:44
| #35 |
| | iexplorer.exe im Hintergrund mit Werbung/Sound Ziemlich gut. Antivir verbraucht jetzt statt 60MB nur noch 1MB Ram... das ist mir so nebenbei aufgefallen. Da scheint also auf jeden Fall etwas wieder in Ordnung zu sein. Vielen, vielen Dank für deine Hilfe. |
|
29.06.2010, 22:55
| #36 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Schritt 1 Update bitte Malwarebytes und lass einen QuickScan laufen. Schritt 2
Code:
ATTFilter :OTL
:services
:files
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=Dword:00000000
"FirewallDisableNotify"=Dword:00000000
"UpdatesDisableNotify"=Dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\souvawedi.exe"=-
"C:\WINDOWS\system32\lyvi.exe"=-
:Commands
[purity]
[emptytemp]
[reboot]
Schritt 3 Deinstalliere bitte deine aktuelle Version von Adobe Reader Start--> Systemsteuerung--> Software--> Adobe Reader und lade dir die neue Version von Hier herunter Als alternative würde ich dir den schlankeren Foxit Reader empfehlen Schritt 4 Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt 5 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Bitte poste in Deiner nächsten Antwort MBAM Log OTLfix Log ESET Log OTL.txt Extras.txt
__________________ --> iexplorer.exe im Hintergrund mit Werbung/Sound |
|
30.06.2010, 09:54
| #37 |
| | iexplorer.exe im Hintergrund mit Werbung/Sound MBAM hat noch was gefunden, hab damit aber erstmal nichts gemacht: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4260
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
01.07.2010 09:00:28
mbam-log-2010-07-01 (09-00-28).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140040
Laufzeit: 10 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\System volume information\Microsoft\services.exe (Trojan.Cycler) -> No action taken.
C:\System volume information\Microsoft\smss.exe (Trojan.Cycler) -> No action taken.
Code:
ATTFilter All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify"|Dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify"|Dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify"|Dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\souvawedi.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\lyvi.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Phil
->Temp folder emptied: 2735 bytes
->Temporary Internet Files folder emptied: 156913 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53511681 bytes
->Flash cache emptied: 1615 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 51,00 mb
OTL by OldTimer - Version 3.2.7.0 log created on 07012010_090451
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=ca7d667c95ed6e46b440f9044475d1df
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-01 08:43:45
# local_time=2010-07-01 10:43:45 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 321402 321402 0 0
# compatibility_mode=1797 16775141 100 93 333785 37061965 25411 0
# compatibility_mode=8192 67108863 100 0 242 242 0 0
# scanned=119444
# found=0
# cleaned=0
# scan_time=4953
Code:
ATTFilter OTL logfile created on: 01.07.2010 10:45:28 - Run 2 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Phil\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 471,00 Mb Available Physical Memory | 46,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 88,93 Gb Total Space | 31,38 Gb Free Space | 35,28% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive R: | 99,72 Mb Total Space | 99,54 Mb Free Space | 99,82% Space Free | Partition Type: FAT Computer Name: PHILIPPJ Current User Name: Phil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010.07.01 09:04:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe PRC - [2010.06.01 00:19:10 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.19 17:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2010.01.19 16:56:42 | 001,392,640 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe PRC - [2010.01.19 16:52:32 | 000,954,368 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe PRC - [2010.01.19 16:44:10 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe PRC - [2010.01.19 16:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2007.08.11 02:30:40 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2007.06.01 03:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe PRC - [2006.11.17 02:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Programme\Lenovo\System Update\SUService.exe PRC - [2006.11.16 17:14:14 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\psasrv.exe PRC - [2006.11.13 14:50:28 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft ActiveSync\wcescomm.exe PRC - [2006.11.13 14:50:16 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft ActiveSync\rapimgr.exe PRC - [2006.11.12 12:48:46 | 000,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools\daemon.exe PRC - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE PRC - [2006.07.25 03:19:40 | 000,094,208 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2006.07.14 19:20:38 | 000,817,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe PRC - [2006.07.14 19:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe PRC - [2006.07.14 19:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2006.07.14 18:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe PRC - [2006.07.14 18:24:52 | 000,629,504 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006.07.14 16:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe PRC - [2006.07.04 18:11:00 | 000,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE PRC - [2006.05.31 15:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe PRC - [2006.05.30 08:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2006.03.15 20:04:48 | 000,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe PRC - [2006.03.13 17:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe PRC - [2006.02.23 19:22:00 | 000,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE PRC - [2006.02.02 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.07.19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE PRC - [2005.07.05 07:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2005.06.20 13:15:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe PRC - [2005.06.06 22:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe PRC - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Programme\UPHClean\uphclean.exe PRC - [2005.04.12 00:15:25 | 000,060,416 | ---- | M] (Alexander Avdonin) -- C:\Programme\TaskSwitchXP\TaskSwitchXP.exe ========== Modules (SafeList) ========== MOD - [2010.07.01 09:04:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2007.08.11 02:30:34 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll MOD - [2006.08.16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL MOD - [2006.07.14 19:20:50 | 000,613,120 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll ========== Win32 Services (SafeList) ========== SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.19 17:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2010.01.19 16:52:32 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2010.01.19 16:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2009.08.24 19:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.10.24 15:17:52 | 000,145,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.01.15 17:51:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.06.01 03:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2006.11.17 02:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2006.11.16 17:14:14 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2006.07.14 19:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2006.07.14 19:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2006.07.14 18:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService) SRV - [2006.07.14 18:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006.07.14 16:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk) SRV - [2006.05.31 15:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.06.20 13:15:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC) SRV - [2005.06.06 22:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean) ========== Driver Services (SafeList) ========== DRV - [2010.06.29 18:52:48 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.06.08 23:20:14 | 000,011,712 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.01.13 08:24:42 | 006,598,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2009.08.10 00:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.07.26 22:31:22 | 000,215,872 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.08.11 02:25:28 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2007.06.01 03:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV - [2007.04.30 07:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.12.22 02:15:09 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2006.12.22 02:15:09 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2006.09.13 01:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006.08.02 18:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2006.08.02 18:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2006.07.20 19:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2006.07.14 18:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2006.07.14 18:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2006.07.14 16:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Programme\SMI2\smi2.sys -- (smi2) DRV - [2006.05.31 15:26:38 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006.05.31 15:22:26 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006.05.31 15:18:36 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.05.31 15:18:28 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2006.05.31 15:17:36 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.05.31 15:15:42 | 000,148,996 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006.05.25 18:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2006.04.25 20:13:20 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb) DRV - [2006.04.25 20:00:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV - [2006.03.15 18:08:00 | 000,088,576 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\shockprf.sys -- (Shockprf) DRV - [2006.03.13 17:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk) DRV - [2006.03.09 10:20:10 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006.03.01 04:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2006.02.02 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006.02.02 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006.02.02 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006.02.02 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006.02.02 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006.02.02 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006.02.02 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2005.12.06 04:21:32 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV) DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL) DRV - [2005.12.06 04:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf) DRV - [2005.11.18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.11.18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.11.18 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2005.10.11 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2005.07.05 07:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV) DRV - [2005.06.20 13:18:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShockMgr.sys -- (ShockMgr) DRV - [2005.05.27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.05.17 11:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm) DRV - [2004.10.08 11:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl) DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003.09.11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400) DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.prodlog.tu-bs.de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.cocktaildreams.de/forum/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.29 21:45:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.01 09:14:49 | 000,000,000 | ---D | M] [2008.12.09 12:48:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Extensions [2010.02.16 11:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\4sayjang.default\extensions [2010.02.16 11:57:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\4sayjang.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.16 11:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\4sayjang.default\extensions\searchrecs@veoh.com [2010.07.01 09:17:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions [2010.05.02 23:50:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.16 11:57:46 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.02.16 11:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\moveplayer@movenetworks.com [2009.09.17 23:17:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\searchrecs@veoh.com [2010.07.01 09:17:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\toolbar@ask.com [2010.07.01 09:17:42 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.01.21 03:23:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.04.14 17:01:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2010.06.04 00:07:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.04 00:07:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.01 09:14:00 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.03.12 01:41:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.12 01:41:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.12 01:41:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.12 01:41:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.12 01:41:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.30 00:00:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.) O4 - HKCU..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2010.06.29 22:10:43 | 000,000,000 | -H-D | M] O4 - Startup: C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Programme\Lenovo\System Update\sulauncher.exe () O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275980193953 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited) O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Unbenannt.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Unbenannt.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.01 09:17:10 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2010.07.01 09:15:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Foxit Software [2010.07.01 09:14:59 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2010.07.01 09:14:22 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software [2010.07.01 09:13:20 | 007,055,872 | ---- | C] (Foxit Software Company) -- C:\Dokumente und Einstellungen\Phil\Desktop\FoxitReader40_enu_Setup.exe [2010.07.01 09:04:51 | 000,000,000 | ---D | C] -- C:\_OTL [2010.07.01 09:03:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe [2010.06.30 23:46:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.06.29 18:52:20 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies [2010.06.27 22:43:43 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe [2010.06.27 22:43:43 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grpconv.exe [2010.06.27 14:05:51 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.06.27 13:25:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.06.27 13:25:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.06.27 13:25:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.06.27 13:25:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.06.27 13:24:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.06.13 23:12:33 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.06.11 14:36:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.06.11 14:35:56 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010.06.11 14:33:15 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.06.11 11:29:02 | 000,000,000 | ---D | C] -- C:\77b14c21bda8bca2b5713b38c4310e60 [2010.06.08 23:49:07 | 006,598,656 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\NETw5x32.sys [2010.06.08 23:49:07 | 002,756,608 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NETw5r32.dll [2010.06.08 23:49:07 | 000,675,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\NETw5c32.dll [2010.06.08 23:49:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Intel [2010.06.08 23:49:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Intel [2010.06.08 23:48:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Intel [2010.06.08 23:46:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intel [2010.06.08 23:46:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Intel [2010.06.08 12:54:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Phil\Recent [2010.06.08 12:50:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.06.08 12:22:22 | 000,000,000 | ---D | C] -- C:\b3fb7881123562c16bb16e3e [2010.06.08 11:48:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Malwarebytes [2010.06.08 11:48:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.06.08 11:48:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.06.08 11:48:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.06.08 11:48:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.08 09:37:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Uniblue [2010.06.08 09:27:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Avira [2010.06.08 09:02:19 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010.06.08 09:00:31 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010.06.08 08:57:42 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2010.06.08 08:26:11 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.06.08 08:26:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.06.08 01:00:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.06.08 00:56:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.06.08 00:56:27 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.06.08 00:56:27 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.06.08 00:56:27 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.06.08 00:56:27 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.06.08 00:56:27 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.06.08 00:56:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.06.04 00:08:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.06.04 00:07:50 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.06.04 00:07:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.06.04 00:07:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.06.04 00:07:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.01 09:17:00 | 002,672,312 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\esetsmartinstaller_enu.exe [2010.07.01 09:15:07 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.07.01 09:13:43 | 007,055,872 | ---- | M] (Foxit Software Company) -- C:\Dokumente und Einstellungen\Phil\Desktop\FoxitReader40_enu_Setup.exe [2010.07.01 09:11:07 | 000,009,962 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2010.07.01 09:10:28 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.07.01 09:10:09 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.01 09:07:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.01 09:07:36 | 1072,091,136 | -HS- | M] () -- C:\hiberfil.sys [2010.07.01 09:05:59 | 010,485,760 | -H-- | M] () -- C:\Dokumente und Einstellungen\Phil\NTUSER.DAT [2010.07.01 09:05:48 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Phil\ntuser.ini [2010.07.01 09:04:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe [2010.07.01 00:58:18 | 000,260,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\SoftonicDownloader38341.exe [2010.06.30 00:00:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.06.30 00:00:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.06.29 23:32:36 | 104,857,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\SecureDrive.vol [2010.06.29 22:04:57 | 000,012,972 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100629_220452.reg [2010.06.29 18:52:48 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.06.27 19:56:50 | 000,000,494 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tvt_userinfo.ini [2010.06.27 14:06:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010.06.27 10:39:03 | 000,177,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.13 22:37:02 | 000,000,747 | ---- | M] () -- C:\WINDOWS\win.ini [2010.06.13 22:37:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010.06.12 22:18:52 | 000,033,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100612_221847.reg [2010.06.12 22:10:04 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.11 14:51:55 | 001,034,420 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.11 14:51:55 | 000,462,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.11 14:51:55 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.11 14:51:55 | 000,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.11 14:51:55 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.08 23:46:35 | 000,356,352 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2010.06.08 23:20:14 | 000,011,712 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\EGATHDRV.SYS [2010.06.08 16:25:26 | 000,000,820 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100608-163134.backup [2010.06.08 12:56:18 | 000,115,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100608_125602.reg [2010.06.04 00:07:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.06.04 00:07:34 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.06.04 00:07:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.06.04 00:07:34 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.06.04 00:07:34 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.01 09:16:54 | 002,672,312 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\esetsmartinstaller_enu.exe [2010.07.01 09:15:07 | 000,000,224 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.07.01 00:58:16 | 000,260,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\SoftonicDownloader38341.exe [2010.06.29 22:04:56 | 000,012,972 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100629_220452.reg [2010.06.27 15:52:17 | 1072,091,136 | -HS- | C] () -- C:\hiberfil.sys [2010.06.27 14:06:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.06.27 14:05:57 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.06.27 13:25:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.06.27 13:25:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.06.27 13:25:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.06.27 13:25:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.06.27 13:25:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.06.12 22:18:50 | 000,033,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100612_221847.reg [2010.06.08 23:46:35 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2010.06.08 12:56:06 | 000,115,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100608_125602.reg [2010.01.04 01:16:58 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.01.04 01:16:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010.01.04 01:16:57 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.01.04 01:16:56 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.01.04 01:16:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010.01.04 01:16:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.11.23 13:50:41 | 000,000,066 | ---- | C] () -- C:\WINDOWS\JcAdmin32.ini [2009.05.20 13:07:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.04.17 19:42:34 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.07.26 19:41:55 | 000,000,158 | ---- | C] () -- C:\WINDOWS\ChssBase.ini [2008.07.25 13:51:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\WINCMD.INI [2008.02.15 01:41:35 | 000,000,944 | ---- | C] () -- C:\WINDOWS\dokop301.ini [2008.02.15 01:39:38 | 001,201,206 | ---- | C] () -- C:\WINDOWS\System32\KART24GF.DLL [2008.02.15 01:39:38 | 001,201,206 | ---- | C] () -- C:\WINDOWS\System32\Kart24gd.dll [2008.02.15 01:39:38 | 000,692,214 | ---- | C] () -- C:\WINDOWS\System32\Kart_f24.dll [2008.02.15 01:39:38 | 000,692,214 | ---- | C] () -- C:\WINDOWS\System32\Kart_d24.dll [2008.02.15 01:39:38 | 000,115,478 | ---- | C] () -- C:\WINDOWS\System32\Karten_f.dll [2008.02.15 01:39:38 | 000,115,478 | ---- | C] () -- C:\WINDOWS\System32\Karten_d.dll [2008.02.15 01:39:38 | 000,038,614 | ---- | C] () -- C:\WINDOWS\System32\Kart_doj.dll [2008.02.15 01:39:38 | 000,028,958 | ---- | C] () -- C:\WINDOWS\System32\kart_dbl.dll [2007.08.16 17:34:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\VBUTILLight.dll [2007.08.16 17:34:11 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.08.16 17:34:11 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll [2007.05.23 10:11:19 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007.04.14 10:24:12 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2007.01.11 00:09:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.01.10 23:25:18 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.12.22 02:24:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.12.22 02:06:13 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.12.22 02:04:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.12.22 02:04:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.12.22 02:04:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.12.22 02:04:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.12.22 02:04:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.12.22 02:04:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.12.22 01:56:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll [2006.12.22 01:55:16 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006.12.22 01:53:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2006.12.22 01:53:11 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2006.12.22 01:52:53 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006.08.17 10:00:13 | 000,009,962 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI [2006.08.03 03:27:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll [2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll [2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006.06.12 13:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL [2006.05.31 15:37:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.02.17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 351633 bytes -> C:\WINDOWS\Temp:temp < End of report > |
|
30.06.2010, 09:54
| #38 |
| | iexplorer.exe im Hintergrund mit Werbung/SoundCode:
ATTFilter OTL Extras logfile created on: 01.07.2010 10:45:28 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Phil\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 471,00 Mb Available Physical Memory | 46,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 88,93 Gb Total Space | 31,38 Gb Free Space | 35,28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99,72 Mb Total Space | 99,54 Mb Free Space | 99,82% Space Free | Partition Type: FAT
Computer Name: PHILIPPJ
Current User Name: Phil
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Disabled:ActiveSync Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\rapimgr.exe" = C:\Programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Disabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Disabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe:*:Disabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.07.mui" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.07.mui:*:Disabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe:*:Disabled:SiSoftware Sandra Agent Service -- (SiSoftware)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014EFADF-1AA8-44D0-B889-D39D77302A62}" = Intel(R) PROSet/Wireless WiFi-Software
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{4526E521-18BC-4C01-8563-5CCE47AAC01C}" = ThinkVantage Fingerprint Software 5.5
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage System für aktiven Festplattenschutz
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001C-0407-0000-0000000FF1CE}" = Microsoft Office Access Runtime (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1C8D94A-4303-4489-B585-4B6E6CD408CB}" = OpenOffice.org 2.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A638EC76-65C3-4F82-BA68-D105DDA393E7}" = FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF4782CC-1F5F-4D5D-A49D-238FD8CF62CD}" = DLRG Fragenkatalog Rettungsschwimmen
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C031CD16-1112-4133-B8C6-68F9582B3476}" = ATI Catalyst Control Center
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2010
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DA320635-F48C-4613-8325-D75A933C549E}" = ThinkVantage System Update Toolbar Button for IE
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F8C8FC80-E542-11D3-8F7F-009027591AA8}" = CMN
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.6 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_816" = Adobe Acrobat 8.1.6 - CPSID_49167
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"AudioConvert" = AudioConvert
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayTask" = ThinkVantage Away Manager
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Derive5" = Derive 5
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.2.4.1
"Foxit Reader" = Foxit Reader
"GPL Ghostscript 8.62" = GPL Ghostscript 8.62
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.9" = GSview 4.9
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Insane Uninstall" = Insane
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PDF Editor 2" = PDF Editor 2
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad-Präsentationsdirektor
"ProInst" = Intel PROSet Wireless
"QcDrv" = Logitech® Camera-Treiber
"QuickTime" = QuickTime
"Remove Multimedia Center" = Remove Multimedia Center
"Shogun Total War" = Shogun Total War
"SqrSoftACF" = SqrSoft® Advanced Crossfading (remove only)
"ST5UNST #1" = Doppelkopf Professionell 3.01sv
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TaskSwitchXP" = TaskSwitchXP
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.1 beta
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.05.2010 19:01:14 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libavcodec_plugin.dll, Version 0.0.0.0, Fehleradresse 0x00021464.
Error - 17.05.2010 19:02:07 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libvlccore.dll, Version 0.9.8.1, Fehleradresse 0x00073fc7.
Error - 17.05.2010 19:02:13 | Computer Name = PHILIPPJ | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung vlc.exe, Version 0.9.8.1, fehlgeschlagenes
Modul libvlccore.dll, Version 0.9.8.1, Fehleradresse 0x00073fc7.
Error - 03.06.2010 17:45:55 | Computer Name = PHILIPPJ | Source = SUService | ID = 0
Description = Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine
Verbindung zum Dienstcontroller herstellen
Error - 29.06.2010 15:59:41 | Computer Name = PHILIPPJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 29.06.2010 16:19:14 | Computer Name = PHILIPPJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 29.06.2010 17:38:04 | Computer Name = PHILIPPJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 29.06.2010 17:50:52 | Computer Name = PHILIPPJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 29.06.2010 18:10:29 | Computer Name = PHILIPPJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
Error - 01.07.2010 03:11:06 | Computer Name = PHILIPPJ | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
[ System Events ]
Error - 01.07.2010 03:17:13 | Computer Name = PHILIPPJ | Source = Rasman | ID = 20035
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
Puffer erstellt werden konnten. Starten Sie den Computer neu. Zugriff verweigert
Error - 01.07.2010 03:17:13 | Computer Name = PHILIPPJ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%5
Error - 01.07.2010 03:17:13 | Computer Name = PHILIPPJ | Source = Rasman | ID = 20035
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
Puffer erstellt werden konnten. Starten Sie den Computer neu. Zugriff verweigert
Error - 01.07.2010 03:17:13 | Computer Name = PHILIPPJ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%5
Error - 01.07.2010 03:17:14 | Computer Name = PHILIPPJ | Source = Rasman | ID = 20035
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
Puffer erstellt werden konnten. Starten Sie den Computer neu. Zugriff verweigert
Error - 01.07.2010 03:17:14 | Computer Name = PHILIPPJ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%5
Error - 01.07.2010 03:17:15 | Computer Name = PHILIPPJ | Source = Rasman | ID = 20035
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
Puffer erstellt werden konnten. Starten Sie den Computer neu. Zugriff verweigert
Error - 01.07.2010 03:17:15 | Computer Name = PHILIPPJ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%5
Error - 01.07.2010 03:33:14 | Computer Name = PHILIPPJ | Source = Rasman | ID = 20035
Description = Die RAS-Verbindungsverwaltung konnte nicht gestartet werden, da keine
Puffer erstellt werden konnten. Starten Sie den Computer neu. Zugriff verweigert
Error - 01.07.2010 03:33:14 | Computer Name = PHILIPPJ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler
beendet: %%5
< End of report >
|
|
30.06.2010, 09:59
| #39 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Hy, lass die Funde von MBAM löschen. Ich will noch auf Nummer sicher gehen. Die Dateien sind vorhanden, werden mir aber in keiner Logfile angezeigt. Macht mich stutzig Starte bitte die Bootkitremover.exe erneut und poste mir die Auswertung.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
30.06.2010, 10:40
| #40 |
| | iexplorer.exe im Hintergrund mit Werbung/SoundCode:
ATTFilter Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
www.esagelab.com
\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)
Press any key to quit...
|
|
30.06.2010, 10:44
| #41 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound Gefälllt mir Bitte führe MBAM erneut aus, lass alles gefundene entfernen. Schritt 2 Danach folgendes. http://www.trojaner-board.de/59299-a...eb-cureit.html Ein SchnellScan reicht mir aus. Schritt 3 Starte bitte OTL.exe und klicke auf den Quick Scan Button.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
30.06.2010, 11:48
| #42 |
| | iexplorer.exe im Hintergrund mit Werbung/Sound Hmm... Wenn ich DrWeb starten will im abgesicherten Modus, passiert garnichts (läuft auch nicht als Prozess) und wenn ich "starten als adminisitrator" wähle, dann bekomme ich die Fehlermeldung, dass das Programm nicht im abgesicherten Modus gestartet werden kann |
|
30.06.2010, 11:53
| #43 |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/Sound
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
30.06.2010, 13:49
| #44 |
| | iexplorer.exe im Hintergrund mit Werbung/Sound Ist zum Glück "nur" mein Laptop, auf dem pc sieht das alles besser aus  Antivir hat mit den Einstellungen nichts gefunden. OTL: Code:
ATTFilter OTL logfile created on: 01.07.2010 14:44:15 - Run 3 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Phil\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 534,00 Mb Available Physical Memory | 52,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 88,93 Gb Total Space | 31,43 Gb Free Space | 35,34% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive R: | 99,72 Mb Total Space | 99,54 Mb Free Space | 99,82% Space Free | Partition Type: FAT Computer Name: PHILIPPJ Current User Name: Phil Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.07.01 09:04:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe PRC - [2010.06.01 00:19:10 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.19 17:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2010.01.19 16:56:42 | 001,392,640 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe PRC - [2010.01.19 16:52:32 | 000,954,368 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe PRC - [2010.01.19 16:44:10 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe PRC - [2010.01.19 16:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2007.08.11 02:30:40 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2007.06.01 03:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe PRC - [2006.11.17 02:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Programme\Lenovo\System Update\SUService.exe PRC - [2006.11.16 17:14:14 | 000,023,552 | ---- | M] () -- C:\WINDOWS\system32\psasrv.exe PRC - [2006.11.13 14:50:28 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft ActiveSync\wcescomm.exe PRC - [2006.11.13 14:50:16 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft ActiveSync\rapimgr.exe PRC - [2006.11.12 12:48:46 | 000,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools\daemon.exe PRC - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE PRC - [2006.07.25 03:19:40 | 000,094,208 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2006.07.14 19:20:38 | 000,817,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe PRC - [2006.07.14 19:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\cssauth.exe PRC - [2006.07.14 19:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2006.07.14 18:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe PRC - [2006.07.14 18:24:52 | 000,629,504 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2006.07.14 16:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe PRC - [2006.07.04 18:11:00 | 000,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE PRC - [2006.05.31 15:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe PRC - [2006.05.30 08:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2006.03.15 20:04:48 | 000,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe PRC - [2006.03.13 17:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe PRC - [2006.02.23 19:22:00 | 000,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE PRC - [2006.02.02 06:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.07.19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE PRC - [2005.07.05 07:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2005.06.20 13:15:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe PRC - [2005.06.06 22:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe PRC - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) -- C:\Programme\UPHClean\uphclean.exe PRC - [2005.04.12 00:15:25 | 000,060,416 | ---- | M] (Alexander Avdonin) -- C:\Programme\TaskSwitchXP\TaskSwitchXP.exe ========== Modules (SafeList) ========== MOD - [2010.07.01 09:04:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2007.08.11 02:30:34 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll MOD - [2006.08.16 19:07:00 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL MOD - [2006.07.14 19:20:50 | 000,613,120 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll ========== Win32 Services (SafeList) ========== SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.19 17:00:26 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2010.01.19 16:52:32 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2010.01.19 16:41:46 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2009.08.24 19:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.10.24 15:17:52 | 000,145,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2008.01.15 17:51:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.06.01 03:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2006.11.17 02:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2006.11.16 17:14:14 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv) SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2006.07.14 19:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2006.07.14 19:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2006.07.14 18:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService) SRV - [2006.07.14 18:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2006.07.14 16:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk) SRV - [2006.05.31 15:43:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.06.20 13:15:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC) SRV - [2005.06.06 22:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2005.04.27 15:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\UPHClean\uphclean.exe -- (UPHClean) ========== Driver Services (SafeList) ========== DRV - [2010.06.29 18:52:48 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.06.08 23:20:14 | 000,011,712 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.01.13 08:24:42 | 006,598,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2009.08.10 00:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2009.08.08 00:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.07.26 22:31:22 | 000,215,872 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007.08.11 02:25:28 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2007.06.01 03:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV - [2007.04.30 07:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007.01.26 02:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 02:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.12.22 02:15:09 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2006.12.22 02:15:09 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2006.09.13 01:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006.08.02 18:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2006.08.02 18:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2006.07.20 19:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2006.07.14 18:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2006.07.14 18:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2006.07.14 16:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Programme\SMI2\smi2.sys -- (smi2) DRV - [2006.05.31 15:26:38 | 000,328,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006.05.31 15:22:26 | 000,851,434 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006.05.31 15:18:36 | 000,030,427 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.05.31 15:18:28 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2006.05.31 15:17:36 | 000,067,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2006.05.31 15:15:42 | 000,148,996 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2006.05.25 18:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2006.04.25 20:13:20 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb) DRV - [2006.04.25 20:00:00 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV - [2006.03.15 18:08:00 | 000,088,576 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\shockprf.sys -- (Shockprf) DRV - [2006.03.13 17:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk) DRV - [2006.03.09 10:20:10 | 000,152,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2006.03.01 04:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2006.02.02 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006.02.02 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006.02.02 06:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006.02.02 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006.02.02 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006.02.02 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006.02.02 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2005.12.06 04:21:32 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV) DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL) DRV - [2005.12.06 04:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf) DRV - [2005.11.18 13:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.11.18 13:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.11.18 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2005.10.11 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2005.07.05 07:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV) DRV - [2005.06.20 13:18:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShockMgr.sys -- (ShockMgr) DRV - [2005.05.27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.05.17 11:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm) DRV - [2004.10.08 11:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl) DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003.09.11 00:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400) DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.prodlog.tu-bs.de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.cocktaildreams.de/forum/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071101000055 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.29 21:45:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.01 09:14:49 | 000,000,000 | ---D | M] [2008.12.09 12:48:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Extensions [2010.02.16 11:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\4sayjang.default\extensions [2010.02.16 11:57:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\4sayjang.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.16 11:57:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\4sayjang.default\extensions\searchrecs@veoh.com [2010.07.01 09:17:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions [2010.05.02 23:50:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.16 11:57:46 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.02.16 11:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\moveplayer@movenetworks.com [2009.09.17 23:17:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\searchrecs@veoh.com [2010.07.01 09:17:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Mozilla\Firefox\Profiles\4sayjang.default\extensions\toolbar@ask.com [2010.07.01 09:17:42 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2007.01.21 03:23:29 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007.04.14 17:01:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2010.06.04 00:07:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.04 00:07:34 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.01 09:14:00 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2010.03.12 01:41:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.12 01:41:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.12 01:41:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.12 01:41:08 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.12 01:41:08 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.30 00:00:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.) O4 - HKCU..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutorunsDisabled [2010.06.29 22:10:43 | 000,000,000 | -H-D | M] O4 - Startup: C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Programme\Lenovo\System Update\sulauncher.exe () O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275980193953 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited) O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Unbenannt.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Unbenannt.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.07.01 11:39:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Desktop\bootkit_remover [2010.07.01 09:15:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Foxit Software [2010.07.01 09:14:59 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2010.07.01 09:14:22 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software [2010.07.01 09:04:51 | 000,000,000 | ---D | C] -- C:\_OTL [2010.07.01 09:03:41 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe [2010.06.30 23:46:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.06.29 18:52:20 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies [2010.06.27 14:05:51 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.06.27 13:25:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.06.27 13:25:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.06.27 13:25:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.06.27 13:25:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.06.27 13:24:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.06.13 23:12:33 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.06.11 14:36:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.06.11 11:29:02 | 000,000,000 | ---D | C] -- C:\77b14c21bda8bca2b5713b38c4310e60 [2010.06.08 23:49:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Intel [2010.06.08 23:49:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Intel [2010.06.08 23:48:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Intel [2010.06.08 23:46:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intel [2010.06.08 23:46:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Intel [2010.06.08 12:54:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Phil\Recent [2010.06.08 12:50:43 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.06.08 12:22:22 | 000,000,000 | ---D | C] -- C:\b3fb7881123562c16bb16e3e [2010.06.08 11:48:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Malwarebytes [2010.06.08 11:48:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.06.08 11:48:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.06.08 11:48:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.06.08 11:48:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.08 09:37:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Uniblue [2010.06.08 09:27:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Avira [2010.06.08 08:26:11 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.06.08 08:26:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.06.08 01:00:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.06.08 00:56:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.06.08 00:56:27 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.06.08 00:56:27 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.06.08 00:56:27 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.06.08 00:56:27 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.06.08 00:56:27 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.06.08 00:56:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.06.04 00:08:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.04.17 10:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.07.01 14:33:12 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.07.01 14:32:58 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.01 14:32:04 | 000,009,962 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2010.07.01 14:29:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.01 14:29:16 | 1072,091,136 | -HS- | M] () -- C:\hiberfil.sys [2010.07.01 14:27:46 | 010,485,760 | -H-- | M] () -- C:\Dokumente und Einstellungen\Phil\NTUSER.DAT [2010.07.01 12:27:52 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Phil\ntuser.ini [2010.07.01 12:08:45 | 002,378,340 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\drweb-cureit.exe [2010.07.01 11:38:52 | 000,478,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\bootkit_remover.rar [2010.07.01 09:15:07 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.07.01 09:04:12 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Phil\Desktop\OTL.exe [2010.07.01 00:58:18 | 000,260,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\SoftonicDownloader38341.exe [2010.06.30 00:00:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.06.30 00:00:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.06.29 23:32:36 | 104,857,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\SecureDrive.vol [2010.06.29 22:04:57 | 000,012,972 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100629_220452.reg [2010.06.29 18:52:48 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.06.27 19:56:50 | 000,000,494 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tvt_userinfo.ini [2010.06.27 14:06:00 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010.06.27 10:39:03 | 000,177,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.13 22:37:02 | 000,000,747 | ---- | M] () -- C:\WINDOWS\win.ini [2010.06.13 22:37:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010.06.12 22:18:52 | 000,033,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100612_221847.reg [2010.06.12 22:10:04 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.11 14:51:55 | 001,034,420 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.11 14:51:55 | 000,462,896 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.11 14:51:55 | 000,444,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.11 14:51:55 | 000,085,740 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.11 14:51:55 | 000,072,238 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.08 23:46:35 | 000,356,352 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2010.06.08 16:25:26 | 000,000,820 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100608-163134.backup [2010.06.08 12:56:18 | 000,115,482 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100608_125602.reg [2010.05.15 21:27:25 | 000,024,064 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\Premium Rums.doc [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010.04.22 10:10:10 | 000,318,976 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\KatS-Perosnalbogen OG BS_P.Jäckel.doc [2010.04.18 17:41:00 | 000,066,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\1099108.pdf [2010.04.05 17:29:01 | 000,011,299 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\gsview32.ini [2010.04.04 15:39:14 | 000,154,993 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\LP_ch0.pdf [2010.04.03 15:18:14 | 000,742,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Phil\Desktop\1._Lineare_Optimierung_und_lineare_Modelle.pdf [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.01 14:29:16 | 1072,091,136 | -HS- | C] () -- C:\hiberfil.sys [2010.07.01 12:08:29 | 002,378,340 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\drweb-cureit.exe [2010.07.01 11:38:51 | 000,478,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\bootkit_remover.rar [2010.07.01 09:15:07 | 000,000,224 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2010.07.01 00:58:16 | 000,260,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\SoftonicDownloader38341.exe [2010.06.29 22:04:56 | 000,012,972 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100629_220452.reg [2010.06.27 14:06:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010.06.27 14:05:57 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.06.27 13:25:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.06.27 13:25:38 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.06.27 13:25:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.06.27 13:25:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.06.27 13:25:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.06.12 22:18:50 | 000,033,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100612_221847.reg [2010.06.08 23:46:35 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2010.06.08 12:56:06 | 000,115,482 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Eigene Dateien\cc_20100608_125602.reg [2010.04.21 10:33:24 | 000,318,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\KatS-Perosnalbogen OG BS_P.Jäckel.doc [2010.04.18 17:41:00 | 000,066,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\1099108.pdf [2010.04.04 15:39:12 | 000,154,993 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\LP_ch0.pdf [2010.04.03 15:18:11 | 000,742,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Phil\Desktop\1._Lineare_Optimierung_und_lineare_Modelle.pdf [2010.01.04 01:16:58 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2010.01.04 01:16:58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini [2010.01.04 01:16:57 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.01.04 01:16:56 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.01.04 01:16:56 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2010.01.04 01:16:56 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009.11.23 13:50:41 | 000,000,066 | ---- | C] () -- C:\WINDOWS\JcAdmin32.ini [2009.05.20 13:07:04 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009.04.17 19:42:34 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.07.26 19:41:55 | 000,000,158 | ---- | C] () -- C:\WINDOWS\ChssBase.ini [2008.07.25 13:51:33 | 000,000,552 | ---- | C] () -- C:\WINDOWS\WINCMD.INI [2008.02.15 01:41:35 | 000,000,944 | ---- | C] () -- C:\WINDOWS\dokop301.ini [2008.02.15 01:39:38 | 001,201,206 | ---- | C] () -- C:\WINDOWS\System32\KART24GF.DLL [2008.02.15 01:39:38 | 001,201,206 | ---- | C] () -- C:\WINDOWS\System32\Kart24gd.dll [2008.02.15 01:39:38 | 000,692,214 | ---- | C] () -- C:\WINDOWS\System32\Kart_f24.dll [2008.02.15 01:39:38 | 000,692,214 | ---- | C] () -- C:\WINDOWS\System32\Kart_d24.dll [2008.02.15 01:39:38 | 000,115,478 | ---- | C] () -- C:\WINDOWS\System32\Karten_f.dll [2008.02.15 01:39:38 | 000,115,478 | ---- | C] () -- C:\WINDOWS\System32\Karten_d.dll [2008.02.15 01:39:38 | 000,038,614 | ---- | C] () -- C:\WINDOWS\System32\Kart_doj.dll [2008.02.15 01:39:38 | 000,028,958 | ---- | C] () -- C:\WINDOWS\System32\kart_dbl.dll [2007.08.16 17:34:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\VBUTILLight.dll [2007.08.16 17:34:11 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.08.16 17:34:11 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll [2007.05.23 10:11:19 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2007.04.14 10:24:12 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2007.01.11 00:09:29 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.01.10 23:25:18 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.12.22 02:24:50 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.12.22 02:06:13 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini [2006.12.22 02:04:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.12.22 02:04:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.12.22 02:04:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.12.22 02:04:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.12.22 02:04:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.12.22 02:04:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.12.22 01:56:20 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll [2006.12.22 01:55:16 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006.12.22 01:53:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2006.12.22 01:53:11 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2006.12.22 01:52:53 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006.08.17 10:00:13 | 000,009,962 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI [2006.08.03 03:27:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll [2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll [2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006.06.12 13:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL [2006.05.31 15:37:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.02.17 13:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 13:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2007.04.14 10:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2009.06.22 16:09:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileOpen [2007.01.10 21:28:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo [2009.07.26 22:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments [2009.11.23 13:52:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OPPU [2007.01.10 22:21:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr [2007.03.03 13:08:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2010.06.29 10:50:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip [2009.07.26 22:35:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{902029B2-957E-4066-85FA-30DA31731718} [2009.07.26 22:36:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C79A30AF-08C1-49CF-8F27-526F179A478D} [2007.04.14 10:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ACD Systems [2008.07.26 19:41:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ChessBase [2008.04.16 15:29:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Dev-Cpp [2009.06.22 16:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\FileOpen [2009.08.25 13:48:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\FileZilla [2010.07.01 09:15:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Foxit Software [2007.01.23 13:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ICQLite [2007.02.02 17:17:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\InterVideo [2007.03.03 12:58:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Leadertech [2007.01.14 23:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Lenovo [2007.05.18 21:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ratiopharm [2006.12.22 02:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\ThinkVantage [2007.12.01 20:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\TrueCrypt [2010.06.08 09:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\Uniblue [2010.07.01 14:33:12 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [2010.07.01 09:15:07 | 000,000,224 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 351633 bytes -> C:\WINDOWS\Temp:temp < End of report > Jetzt weiß ich auch, warum DrWeb nicht funktioniert hat: Der Download war irgendwie nicht vollständig... |
|
30.06.2010, 13:53
| #45 | |
| /// Selecta Jahrusso | iexplorer.exe im Hintergrund mit Werbung/SoundZitat:
Wenn ja, wäre zu empfehlen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu iexplorer.exe im Hintergrund mit Werbung/Sound |
| anti-malware, center, code, dateien, folge, forum, hintergrund, hängt, iexplorer.exe, malwarebytes, manuel, maus, microsoft, nicht mehr, problem, security, service pack 3, services.exe, smss.exe, software, system volume information, systemstart, tastatur, version, werbung |
Textbox.
.
Linear-Darstellung
