| |
| |||||||
Log-Analyse und Auswertung: TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp DateienWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.06.2010, 09:20
| #46 |
 |  TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Da sich die Taktung geändert hat, könnte es bedeuten, dass der Virus in 10 Tagen minütlich melden würde. Könnte es sich um einen gezielten Angriff handeln? Soll ich noch irgendwas durchlaufen lassen oder posten? |
|
28.06.2010, 09:23
| #47 | |
| /// Selecta Jahrusso   | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Hast du folgendes nicht gelesen ?
__________________Zitat:
Ich muss jetzt zum Arzt, bitte downloade dir eine neue Combofix version und poste mir die Log
__________________ |
|
28.06.2010, 09:42
| #48 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien gelesen habe ich das
__________________aber wohl nicht verstanden! Soll files alle Festplatten heissen? hatte c deakti iert show all war nicht aktiviert, habe es dann aktiviert. Oder soll es aus sein? |
|
28.06.2010, 10:28
| #49 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien GMER Scan habe ich nun so gemacht: Section kein Hacken IAT/EAT kein Hacken Files hat Hacken c: hat Hacken ist das Sytem e: keinen Hacken ADS hat Hacken show all hat keinen Hacken protokoll folgt |
|
28.06.2010, 14:17
| #50 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Jetzt sollte ich aber alles richtig gemacht haben. Protokoll NEU GMER: (Ist aber sehr kurz): GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-28 15:04:54
Windows 5.1.2600 Service Pack 3
Running: qbron9eb.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\ugtdipow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\Fastfat \Fat B9627D20
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xB0 0xC3 0xD9 0x1B ...
---- EOF - GMER 1.0.15 ----
|
|
28.06.2010, 14:18
| #51 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Hier noch das neue Protokoll von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.06.2010 15:06:50 - Run 3 OTL by OldTimer - Version 3.2.7.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 90,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 98,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 70,17 Gb Total Space | 7,38 Gb Free Space | 10,51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 111,79 Gb Total Space | 65,62 Gb Free Space | 58,70% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TEST Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (XAMPP) SRV - [2010.01.18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2009.11.18 14:04:18 | 000,038,248 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2009.11.17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.16 13:41:28 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2009.01.28 17:59:12 | 000,039,976 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC) SRV - [2009.01.02 20:51:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.11.04 11:48:10 | 000,288,112 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.10.27 11:03:52 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2008.10.27 11:02:30 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008.04.14 04:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007.11.26 16:58:08 | 000,264,800 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007.09.07 19:07:22 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psasrv.exe -- (PsaSrv) SRV - [2007.09.06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2006.08.16 19:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2006.07.14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2006.07.14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Stopped] -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService) SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk) SRV - [2006.05.23 21:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005.06.06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC) SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) SRV - [2003.03.09 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2010.06.27 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV) DRV - [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdm.sys -- (sscemdm) DRV - [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssceserd.sys -- (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) DRV - [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) DRV - [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscemdfl.sys -- (sscemdfl) DRV - [2009.12.11 10:17:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.11.18 14:03:36 | 000,026,608 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV - [2009.07.12 09:40:48 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2009.06.18 01:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.02.11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2009.01.28 17:58:46 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2009.01.28 17:57:12 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2009.01.03 12:12:57 | 000,073,312 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs) DRV - [2009.01.02 15:31:46 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2008.12.09 00:53:58 | 000,050,832 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb) DRV - [2008.11.11 01:52:08 | 003,301,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008.10.24 14:33:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2008.10.24 14:33:00 | 000,004,224 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2008.07.03 23:53:00 | 000,225,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2008.05.12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV) DRV - [2008.05.12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2008.04.14 03:57:20 | 000,040,448 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm) DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008.04.13 20:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008.04.13 20:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008.03.26 03:06:00 | 000,004,608 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2007.11.27 16:40:00 | 000,539,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007.11.27 16:40:00 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007.11.21 11:51:00 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007.11.01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007.11.01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007.11.01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007.09.07 19:06:32 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2007.06.29 12:38:00 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007.06.21 04:43:26 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2007.03.23 10:50:00 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006.11.28 23:46:24 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNMp50.sys -- (PDNMp50) DRV - [2006.11.28 23:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PDNSp50.sys -- (PDNSp50) DRV - [2006.10.02 01:55:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2006.10.02 01:55:00 | 000,009,343 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2006.09.27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel(R) DRV - [2006.08.16 19:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006.07.14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2006.07.14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2006.07.14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Stopped] -- C:\Programme\SMI2\smi2.sys -- (smi2) DRV - [2006.03.13 16:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Stopped] -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk) DRV - [2006.03.01 03:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB) DRV - [2006.02.02 05:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2006.02.02 05:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2006.02.02 05:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2006.02.02 05:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2006.02.02 05:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2006.02.02 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2006.02.02 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2006.01.31 04:19:34 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2005.12.06 04:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL) DRV - [2005.11.18 12:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.11.18 12:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2005.11.18 05:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM) DRV - [2005.05.17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm) DRV - [2004.11.30 16:38:24 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF) DRV - [2004.08.03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003.09.10 23:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001.08.18 14:22:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400) DRV - [2001.08.18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001.08.18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001.08.18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001.08.18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001.08.18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001.08.17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001.08.17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001.08.17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001.08.17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001.08.17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001.08.17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001.08.17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001.08.17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001.08.17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001.08.17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack) DRV - [2001.08.17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.06.27 09:12:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.06.27 09:12:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.04.04 10:21:49 | 000,000,000 | ---D | M] [2010.06.28 10:25:38 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.06.27 10:34:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.27 10:34:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.27 18:01:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [PDService.exe] C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\officejet 6100.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\sipgate X-Lite.lnk = C:\Programme\sipgate X-Lite\sipgateXLite.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 475 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230902201937 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O18 - Protocol\Handler\haufereader {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll (Haufe Mediengruppe) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited) O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\psfus: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.06.11 18:07:58 | 000,000,000 | ---D | M] - E:\Automobilia -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.06.28 10:47:40 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe [2010.06.28 10:47:38 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe [2010.06.27 19:33:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe [2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL [2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe [2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE [2010.06.27 19:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe [2010.06.27 19:27:59 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe [2010.06.27 19:27:53 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld [2010.06.27 19:27:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld [2010.06.27 18:24:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.06.27 18:10:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.06.27 17:47:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010.06.27 17:47:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010.06.27 17:47:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010.06.27 17:47:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010.06.27 17:47:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.06.27 17:44:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2010.06.27 17:40:29 | 000,000,000 | ---D | C] -- C:\rsit [2010.06.27 13:37:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.06.27 10:22:00 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.06.27 09:52:44 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.06.26 15:33:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.06.26 15:33:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.06.26 15:33:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.06.26 15:33:05 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.26 14:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2010.06.26 11:25:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.06.26 11:01:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.06.26 10:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.06.18 08:36:31 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft ActiveSync [2010.06.17 17:04:08 | 000,100,352 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys [2010.06.17 17:04:07 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys [2010.06.17 17:04:07 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys [2010.06.17 17:04:07 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys [2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys [2010.06.17 17:04:07 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys [2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys [2010.06.17 17:04:07 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys [2010.06.10 16:54:24 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE [2010.06.10 16:48:07 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache [2010.06.09 10:53:28 | 000,000,000 | ---D | C] -- C:\Programme\MyFree Codec [2010.06.04 10:06:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474 [2010.05.27 23:05:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.05.27 23:05:20 | 000,233,472 | ---- | C] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe [2010.05.27 23:04:10 | 000,000,000 | ---D | C] -- C:\Programme\DIFX [2010.05.27 23:04:09 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys [2010.05.27 23:02:54 | 000,000,000 | ---D | C] -- C:\Programme\PC Connectivity Solution [2010.05.27 23:02:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files [2010.05.27 23:02:14 | 000,000,000 | ---D | C] -- C:\Programme\MarkAny [2010.05.27 22:54:49 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Samsung [2010.05.22 09:49:07 | 000,000,000 | ---D | C] -- C:\Programme\eBay [2010.05.22 09:49:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\eBay [2010.04.23 16:59:54 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll [2010.04.23 16:59:54 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll ========== Files - Modified Within 90 Days ========== [2010.06.28 15:06:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.06.28 15:05:10 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini [2010.06.28 15:05:09 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat [2010.06.28 15:05:08 | 004,768,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.06.28 10:52:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.06.28 10:51:27 | 000,010,027 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2010.06.28 10:50:44 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.06.28 10:50:13 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job [2010.06.28 10:49:43 | 000,045,668 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2010.06.28 10:47:37 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2010.06.27 23:43:48 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\TFC.exe [2010.06.27 23:21:52 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\qbron9eb.exe [2010.06.27 19:30:55 | 000,000,053 | ---- | M] () -- C:\WINDOWS\Lic.xxx [2010.06.27 19:27:58 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe [2010.06.27 18:38:48 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2010.06.27 18:01:51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.06.27 18:01:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.06.27 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job [2010.06.27 09:12:23 | 000,001,573 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.06.27 09:06:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job [2010.06.26 15:33:11 | 000,000,683 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.26 10:29:39 | 000,409,923 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100626-131548.backup [2010.06.26 10:10:13 | 000,000,246 | ---- | M] () -- C:\WINDOWS\WININIT.INI [2010.06.24 20:31:43 | 000,000,494 | ---- | M] () -- C:\hpfr5550.xml [2010.06.23 20:09:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.06.23 08:59:50 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2010.06.23 08:19:00 | 001,179,070 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.06.23 08:19:00 | 000,521,298 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.06.23 08:19:00 | 000,491,870 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.06.23 08:19:00 | 000,105,016 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.06.23 08:19:00 | 000,089,666 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.06.22 21:19:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.06.10 19:34:49 | 004,376,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.10 16:54:58 | 000,034,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.06.09 11:26:50 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\System32\FsUsbExService.Exe [2010.06.09 11:26:50 | 000,036,608 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.05.30 00:27:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf [2010.05.28 07:08:28 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2010.05.01 08:51:28 | 000,110,592 | ---- | M] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.04.27 04:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys [2010.04.27 04:25:20 | 000,100,352 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\ssceserd.sys [2010.04.27 04:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys [2010.04.27 04:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys [2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys [2010.04.27 04:25:20 | 000,012,416 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys [2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys [2010.04.27 04:25:20 | 000,012,288 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys [2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe [2010.04.23 16:59:54 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll [2010.04.23 16:59:54 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\inetwh32.dll [2010.04.05 08:10:53 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk [2010.04.02 12:21:39 | 000,001,639 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Thunderbird.lnk ========== Files Created - No Company Name ========== [2010.06.28 10:47:42 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\qbron9eb.exe [2010.06.27 19:28:25 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Lic.xxx [2010.06.27 19:27:59 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest [2010.06.27 17:47:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010.06.27 17:47:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010.06.27 17:47:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010.06.27 17:47:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010.06.27 17:47:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010.06.26 19:57:59 | 000,000,512 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2010.06.26 19:57:57 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job [2010.06.26 15:33:11 | 000,000,683 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.23 08:49:26 | 010,529,280 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.06.04 10:06:30 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job [2010.05.27 23:05:20 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.05.27 23:05:20 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.05.27 22:53:27 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp [2010.04.05 08:10:53 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk [2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll [2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2009.01.03 17:58:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2009.01.03 17:58:29 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll [2009.01.03 17:58:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2009.01.03 17:58:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\SurCode.INI [2008.07.04 10:02:26 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Backup.INI [2008.02.09 20:16:29 | 000,000,246 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.02.04 21:30:57 | 000,000,111 | ---- | C] () -- C:\WINDOWS\telephon.ini [2008.01.23 14:57:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2008.01.23 14:57:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2008.01.23 14:57:19 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2007.11.26 16:56:04 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007.11.26 16:43:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007.11.15 21:31:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2007.11.15 21:27:40 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll [2007.11.15 21:25:28 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll [2007.11.15 21:25:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll [2007.10.07 13:21:17 | 000,003,325 | ---- | C] () -- C:\WINDOWS\tm.ini [2007.10.01 00:07:57 | 000,000,076 | ---- | C] () -- C:\WINDOWS\my.ini [2007.09.30 09:47:10 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2007.09.30 09:47:10 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2007.09.30 09:46:41 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2007.09.30 09:46:41 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2007.09.30 09:46:40 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2007.09.08 00:42:44 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PXTToolVC7.dll [2007.09.08 00:33:00 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.09.08 00:08:57 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2007.09.07 19:13:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.09.07 19:05:58 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2007.09.07 18:55:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007.09.07 18:55:42 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007.09.07 18:55:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007.09.07 18:55:42 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007.09.07 18:55:42 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007.09.07 18:47:30 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll [2007.09.07 18:46:20 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007.09.07 18:44:31 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2007.09.07 18:44:13 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2007.09.07 18:43:56 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006.09.21 14:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll [2006.09.21 14:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll [2006.09.21 14:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll [2006.08.17 10:00:13 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2006.08.17 10:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI [2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll [2006.06.14 18:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006.06.12 12:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL [2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll [2005.05.04 14:00:06 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia10VC7.dll [2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2004.08.04 02:44:46 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys [2003.03.09 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2001.12.12 12:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll [2001.12.12 12:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll [2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2000.12.04 20:27:06 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL [1999.05.14 15:05:22 | 000,015,627 | ---- | C] () -- C:\WINDOWS\System32\WBROLLRS.DLL [1996.12.14 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1996.12.14 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL ========== LOP Check ========== [2008.07.31 21:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo [2008.07.31 20:48:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ThinkVantage [2008.07.31 20:48:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Backup [2008.01.24 12:54:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2008.06.02 13:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eDocPrintPro [2010.01.20 18:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2009.05.19 22:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2008.07.31 21:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo [2008.07.31 20:48:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2010.06.27 19:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld [2009.01.03 17:58:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Minnetonka Audio Software [2010.05.27 23:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.06.26 19:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCDr [2008.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2008.07.31 20:48:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel [2010.06.27 13:46:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.10.17 09:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB [2010.06.28 10:47:37 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job [2010.06.27 16:01:00 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1190378331.job [2010.06.26 19:57:59 | 000,000,512 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job [2010.06.28 10:50:44 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [2010.06.26 19:57:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job [2010.06.28 10:50:13 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8 @Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > |
|
28.06.2010, 15:00
| #52 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Und hier nun noch das Protokoll von Combofix mit der neuen Version: Combofix Logfile: Code:
ATTFilter ComboFix 10-06-27.04 - Norman 28.06.2010 15:39:02.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3070.2313 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Norman\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\My.ini
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((( Dateien erstellt von 2010-05-28 bis 2010-06-28 ))))))))))))))))))))))))))))))
.
2010-06-27 17:33 . 2010-06-27 17:33 -------- d---a-w- c:\windows\rundll16.exe
2010-06-27 17:33 . 2010-06-27 17:33 -------- d---a-w- c:\windows\logo1_.exe
2010-06-27 17:29 . 2010-06-27 17:29 -------- d---a-w- c:\windows\VDLL.DLL
2010-06-27 17:29 . 2010-06-27 17:29 -------- d---a-w- c:\windows\system32\runouce.exe
2010-06-27 17:29 . 2010-06-27 17:29 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-06-27 17:29 . 2010-06-27 17:29 -------- d---a-w- c:\windows\logo_1.exe
2010-06-27 17:28 . 2010-06-27 17:28 632064 ----a-w- c:\windows\system32\msvcr80.dll
2010-06-27 17:28 . 2010-06-27 17:28 554240 ----a-w- c:\windows\system32\msvcp80.dll
2010-06-27 17:27 . 2010-06-27 17:27 34048 ----a-w- c:\windows\system32\eEmpty.exe
2010-06-27 17:27 . 2008-04-14 02:23 140800 ----a-w- c:\windows\system32\T.COM
2010-06-27 17:27 . 2008-04-14 02:22 153600 ----a-w- c:\windows\R.COM
2010-06-27 17:27 . 2010-06-27 17:27 -------- d-----w- c:\programme\Gemeinsame Dateien\MicroWorld
2010-06-27 17:27 . 2010-06-27 17:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MicroWorld
2010-06-27 17:23 . 2010-06-27 17:24 -------- d-----w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Download Manager
2010-06-27 15:40 . 2010-06-27 15:40 -------- d-----w- C:\rsit
2010-06-27 11:37 . 2010-06-27 11:38 -------- dc-h--w- c:\windows\ie8
2010-06-27 08:37 . 2010-06-27 08:37 503808 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcp71.dll
2010-06-27 08:37 . 2010-06-27 08:37 499712 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\jmc.dll
2010-06-27 08:37 . 2010-06-27 08:37 348160 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62394d3f-n\msvcr71.dll
2010-06-27 08:37 . 2010-06-27 08:37 61440 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-sse.dll
2010-06-27 08:37 . 2010-06-27 08:37 12800 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-38a358eb-n\decora-d3d.dll
2010-06-23 06:49 . 2010-06-28 08:52 10529280 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2010-06-22 11:22 . 2010-06-05 03:54 265528 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe
2010-06-22 11:22 . 2010-06-05 03:52 6144 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\de-DE\MCS.Thunder.Update.resources.dll
2010-06-22 11:22 . 2010-06-05 03:50 47616 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.Update.Util.dll
2010-06-22 11:22 . 2010-06-05 03:49 12288 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\AdminCmdAgent.dll
2010-06-22 11:22 . 2010-06-04 10:02 9728 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\Interop.CmdAgentLib.dll
2010-06-22 11:22 . 2010-06-04 10:00 204288 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\CabLib.dll
2010-06-22 11:22 . 2010-06-04 09:59 6656 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung\Kies\UpdateTemp\MSC.Thunder.UAC.dll
2010-06-18 06:36 . 2010-06-18 08:01 -------- d-----w- c:\programme\Microsoft ActiveSync
2010-06-17 15:04 . 2010-04-27 02:25 100352 ----a-w- c:\windows\system32\drivers\ssceserd.sys
2010-06-17 15:04 . 2010-04-27 02:25 98560 ----a-w- c:\windows\system32\drivers\sscebus.sys
2010-06-17 15:04 . 2010-04-27 02:25 14848 ----a-w- c:\windows\system32\drivers\sscemdfl.sys
2010-06-17 15:04 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\sscecmnt.sys
2010-06-17 15:04 . 2010-04-27 02:25 12416 ----a-w- c:\windows\system32\drivers\sscecm.sys
2010-06-17 15:04 . 2010-04-27 02:25 123648 ----a-w- c:\windows\system32\drivers\sscemdm.sys
2010-06-17 15:04 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\sscewhnt.sys
2010-06-17 15:04 . 2010-04-27 02:25 12288 ----a-w- c:\windows\system32\drivers\sscewh.sys
2010-06-17 10:23 . 2010-06-17 10:23 -------- d-----w- c:\dokumente und einstellungen\Norman\Lokale Einstellungen\Anwendungsdaten\PCHealth
2010-06-13 12:03 . 2010-06-13 12:03 1465512 ----a-w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update\patch_551455to551460_32\patch_551455to551460_32.02.exe
2010-06-10 14:54 . 2010-06-10 14:54 34848 ----a-w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-06-10 14:54 . 2010-06-10 14:54 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\PrivacIE
2010-06-10 14:48 . 2010-06-10 14:48 -------- d-sh--w- c:\dokumente und einstellungen\Administrator\IETldCache
2010-06-10 06:30 . 2010-05-06 10:31 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 08:53 . 2010-06-17 10:41 -------- d-----w- c:\programme\MyFree Codec
2010-06-04 08:06 . 2010-06-04 08:06 -------- d-----w- c:\windows\system32\KB905474
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 13:29 . 2008-01-06 11:48 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-06-28 13:22 . 2010-02-21 22:38 -------- d-----w- c:\programme\PC-Doctor
2010-06-28 13:22 . 2010-02-21 22:39 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PCDr
2010-06-28 08:21 . 2007-09-08 15:32 -------- d-----w- c:\programme\Mozilla Thunderbird
2010-06-27 11:46 . 2008-04-25 07:06 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2010-06-27 08:34 . 2010-06-26 09:24 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-27 08:22 . 2010-06-27 08:22 -------- d-----w- c:\programme\CCleaner
2010-06-27 07:52 . 2010-06-27 07:52 -------- d-----w- c:\programme\Trend Micro
2010-06-27 06:55 . 2008-09-11 06:58 -------- d-----w- c:\programme\Eusing Free Registry Cleaner
2010-06-27 06:14 . 2010-05-27 21:02 -------- d-----w- c:\programme\PC Connectivity Solution
2010-06-26 22:00 . 2007-09-07 17:06 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2010-06-26 13:33 . 2010-06-26 13:33 -------- d-----w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Malwarebytes
2010-06-26 13:33 . 2010-06-26 13:33 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-06-26 13:33 . 2010-06-26 13:33 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-06-26 13:03 . 2008-02-28 13:08 -------- d-----w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\IBP
2010-06-26 09:25 . 2007-09-07 16:54 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2010-06-26 09:24 . 2007-09-07 16:54 -------- d-----w- c:\programme\Java
2010-06-23 07:02 . 2007-09-07 16:43 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-06-23 06:19 . 2006-01-27 01:01 521298 ----a-w- c:\windows\system32\perfh007.dat
2010-06-23 06:19 . 2006-01-27 01:01 105016 ----a-w- c:\windows\system32\perfc007.dat
2010-06-18 08:17 . 2010-05-27 21:02 -------- d-----w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Samsung
2010-06-17 07:34 . 2007-09-09 06:14 -------- d-----w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\LPC
2010-06-17 07:32 . 2007-09-09 06:14 -------- d-----w- c:\programme\Link Popularity Check
2010-06-13 12:03 . 2010-05-20 05:07 -------- d-----w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\Update
2010-06-09 09:26 . 2010-05-27 21:05 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2010-06-09 09:26 . 2010-05-27 21:05 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2010-05-28 08:52 . 2007-09-07 16:43 -------- d-----w- c:\programme\ThinkPad
2010-05-28 08:52 . 2007-09-07 16:46 -------- d-----w- c:\programme\Lenovo
2010-05-27 21:05 . 2010-05-27 21:05 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PC Suite
2010-05-27 21:05 . 2010-05-27 21:05 -------- d-----w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\PC Suite
2010-05-27 21:04 . 2010-05-27 21:04 -------- d-----w- c:\programme\DIFX
2010-05-27 21:02 . 2010-05-27 21:02 -------- d-----w- c:\programme\Common Files
2010-05-27 21:02 . 2010-05-27 21:02 -------- d-----w- c:\programme\MarkAny
2010-05-27 20:54 . 2010-05-27 20:54 -------- d-----w- c:\programme\Gemeinsame Dateien\Samsung
2010-05-22 07:49 . 2010-05-22 07:49 -------- d-----w- c:\programme\eBay
2010-05-21 15:41 . 2007-09-08 13:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\FLEXnet
2010-05-14 08:42 . 2009-05-27 12:51 -------- d-----w- c:\programme\IBP 11
2010-05-02 08:05 . 2009-04-24 21:47 1851392 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 06:51 . 2010-05-27 21:05 110592 ------w- c:\windows\system32\FsUsbExDevice.Dll
2010-04-29 13:39 . 2010-06-26 13:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-06-26 13:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:59 . 2010-04-23 14:59 49152 ------r- c:\windows\system32\inetwh32.dll
2010-04-23 14:59 . 2010-04-23 14:59 1044480 ------r- c:\windows\system32\roboex32.dll
2010-04-20 05:29 . 2006-01-27 01:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 06:27 . 2010-04-14 06:27 96768 ------w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\iGO8\SDS\saipservice.dll
2010-04-14 06:15 . 2010-04-14 06:15 152088 ------w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\NNGStart.exe
2010-04-14 06:15 . 2010-04-14 06:15 39632 ------w- c:\dokumente und einstellungen\Norman\Anwendungsdaten\becker\backup\CK-4ANV-XM1T-LXQV-A8R3\4187531\flash\NNGStart\MSVCR80.DLL
2010-03-30 22:16 . 2010-03-30 22:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-30 22:10 . 2010-03-30 22:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TpShocks"="TpShocks.exe" [2009-02-02 181536]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-12-21 69568]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-01-29 185688]
"AMSG"="c:\progra~1\THINKV~2\AMSG\Amsg.exe" [2007-02-02 419376]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-10-27 143360]
"Picasa Media Detector"="c:\programme\Picasa2\PicasaMediaDetector.exe" [2006-03-15 421888]
"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2007-06-29 286720]
"TP4EX"="tp4ex.exe" [2005-10-16 65536]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 59680]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-11-13 611712]
"Adobe Acrobat Speed Launcher"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]
"Acrobat Assistant 8.0"="e:\programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-04-03 640440]
"LENOVO.TPFNF6R"="c:\programme\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"StartCCC"="c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 576104]
hpoddt01.exe.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
officejet 6100.lnk - c:\programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2003-4-6 147456]
sipgate X-Lite.lnk - c:\programme\sipgate X-Lite\sipgateXLite.exe [2007-10-31 3227648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\programme\Lenovo\AwayTask\AwayNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\IBP 10\\IBP.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"e:\\Programme\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Programme\\sipgate X-Lite\\sipgateXLite.exe"=
"c:\\Programme\\Mozilla Thunderbird\\thunderbird.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [28.01.2009 17:57 20520]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [28.05.2010 10:51 13480]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [17.10.2009 11:55 108289]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [24.10.2008 10:05 53248]
R2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 16:05 58368]
R2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]
R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [02.03.2007 14:07 63928]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [21.05.2009 20:48 44984]
S2 XAMPP;XAMPP Service; [x]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.08.2008 06:46 288112]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [27.05.2010 23:05 36608]
S3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [28.11.2006 23:46 28224]
S3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [28.11.2006 23:46 27072]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [17.06.2010 17:04 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [17.06.2010 17:04 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [17.06.2010 17:04 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [17.06.2010 17:04 100352]
.
Inhalt des "geplante Tasks" Ordners
2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
2010-06-28 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 13:54]
2010-06-27 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8190378331.job
- c:\programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2010-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programme\PC-Doctor\uaclauncher.exe [2010-05-07 19:46]
2010-06-28 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-09-07 11:41]
2010-06-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\programme\PC-Doctor\pcdrcui.exe [2010-05-08 12:08]
2010-06-28 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.live.com
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm
IE: An vorhandene PDF-Datei anfügen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Senden an Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
Handler: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - c:\programme\Haufe\HaufeReader\HRInstmon.dll
FF - ProfilePath - c:\dokumente und einstellungen\Norman\Anwendungsdaten\Mozilla\Firefox\Profiles\z9ur2adu.default\
FF - prefs.js: network.proxy.http - http://1.1.1.1/http.de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-28 15:47
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,
a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:b0,c3,d9,1b,0d,c6,a4,08,1d,64,49,42,82,18,04,fb,e4,17,f8,7b,67,
a9,07,5d,f3,ac,ab,40,5f,be,22,07,1b,1c,fa,f9,46,89,07,2b,6b,40,38,fc,f6,ba,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\programme\Lenovo\AwayTask\AwayNotify.dll
.
Zeit der Fertigstellung: 2010-06-28 15:51:45
ComboFix-quarantined-files.txt 2010-06-28 13:51
ComboFix2.txt 2010-06-27 16:10
Vor Suchlauf: 4.594.737.152 Bytes frei
Nach Suchlauf: 4.578.394.112 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 6EBC1674694F34A205DA63215D41A220
|
|
28.06.2010, 15:03
| #53 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Was wird nun benötigt? Vielen Dank für die Hilfe und vor allem für die Geduld!  |
|
28.06.2010, 15:04
| #54 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Hier noch das Resident Log vom Spyboot, welches beim Neustart folgendes geändert hat: 28.06.2010 15:29:40 Erlaubt (based on user decision) value "DisableCMD" (new data: "0") hinzugefügt in Disable Command! 28.06.2010 15:29:45 Erlaubt (based on user decision) value "RestrictRun" (new data: "0") hinzugefügt in System Startup user entry! 28.06.2010 15:29:48 Erlaubt (based on user decision) value "RestrictRun" (new data: "") gelöscht in System Startup user entry! 28.06.2010 15:57:03 Erlaubt (based on user decision) value "NoDriveTypeAutoRun" (new data: "323") geändert in System Startup user entry! 28.06.2010 15:57:06 Erlaubt (based on user decision) value "DisableCMD" (new data: "") gelöscht in Disable Command! |
|
28.06.2010, 15:17
| #55 |
| /// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Das Problem ist, die Logs sehen alle gut aus. Hast Du die möglichkeit eine CD zu brennen ? Vorher versuchen wir noch http://www.trojaner-board.de/59299-a...eb-cureit.html Der SchnellScan dürfte ausreichen, kann aber denoch eine Weile in Anspruch nehmen.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
28.06.2010, 15:20
| #56 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Das mit dem Brennen sollte eigentlich gehen. Melde mich dann nach dem Scan. |
|
28.06.2010, 16:37
| #57 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Dr. Web hat wohl was gefunden: intelppm.sys;C:\WINDOWS\system32\drivers;BackDoor.Tdss.2459;Wird nach Neustart desinfiziert.; intelppm.sys;c:\windows\system32\drivers;BackDoor.Tdss.2459;Desinfiziert.; Aber ob es das ist war ? |
|
28.06.2010, 16:43
| #58 |
| /// Selecta Jahrusso | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Komisch das da keines der Tools anschlägt Downloade Dir bitte Filelister
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
28.06.2010, 17:01
| #59 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Hier das Protokoll vom FileLister.vbe: +++++++++++++++++++++++++++ + File Lister Version 1.1.4 + + + + By bamajim / SpywareHammer.com + +++++++++++++++++++++++++++ Report ran on --->>> 28.06.2010 17:53:33 ====== Running Processes ====== C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\rundll32.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\TpShocks.exe C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe C:\Programme\Lenovo\AwayTask\AwaySch.EXE C:\Programme\Synaptics\SynTP\SynTPLpr.exe C:\Programme\Lenovo\HOTKEY\TPONSCR.exe C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe C:\Programme\Lenovo\Zoom\TpScrex.exe C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Programme\Picasa2\PicasaMediaDetector.exe C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe C:\Programme\Lenovo\Client Security Solution\cssauth.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hposol08.exe C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe c:\programme\lenovo\system update\suservice.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Programme\Alice\Signup\AliceCnn.exe C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\WScript.exe C:\Programme\Internet Explorer\IEXPLORE.EXE C:\Programme\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Windows Live Toolbar\msn_sl.exe ====== BHO's ====== BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - BHO: (NO NAME) - {074C1DC5-9320-4A9A-947D-C042949C6216} - E:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: (NO NAME) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll BHO: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\ - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL BHO: (NO NAME) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: (NO NAME) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll BHO: (NO NAME) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll ====== System Keys (some whitelisted items will not be shown)====== Winlogon\Userinit = C:\WINDOWS\system32\userinit.exe, Winlogon\Shell = Explorer.exe ====== HKLM\~\Run Keys ====== HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PWRMGRTR] = rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [BLOG] = rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog [SynTPLpr] = C:\Programme\Synaptics\SynTP\SynTPLpr.exe [SynTPEnh] = C:\Programme\Synaptics\SynTP\SynTPEnh.exe [EZEJMNAP] = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [TPKMAPHELPER] = C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper [TpShocks] = TpShocks.exe [TPHOTKEY] = C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [SoundMAXPnP] = C:\Programme\Analog Devices\Core\smax4pnp.exe [LPManager] = C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [AMSG] = C:\PROGRA~1\THINKV~2\AMSG\Amsg.exe /startup [DLA] = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [ISUSPM Startup] = C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [ISUSScheduler] = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start [AwaySch] = C:\Programme\Lenovo\AwayTask\AwaySch.EXE [TVT Scheduler Proxy] = C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [DiskeeperSystray] = "C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [ACWLIcon] = C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe [Picasa Media Detector] = C:\Programme\Picasa2\PicasaMediaDetector.exe [PDService.exe] = "C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [cssauth] = "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent [QuickTime Task] = "C:\Programme\QuickTime\qttask.exe" -atboottime [TP4EX] = tp4ex.exe [LPMailChecker] = C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe [TPFNF7] = C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r [Adobe Reader Speed Launcher] = "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [AdobeCS4ServiceManager] = "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [Adobe Acrobat Speed Launcher] = "E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [Acrobat Assistant 8.0] = "E:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [Adobe_ID0ENQBO] = C:\PROGRA~1\GEMEIN~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE [LENOVO.TPFNF6R] = C:\Programme\Lenovo\HOTKEY\TPFNF6R.exe [StartCCC] = "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [avgnt] = "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min [Adobe ARM] = "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [SunJavaUpdateSched] = "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" ====== HKCU\~\Run Keys ====== [SpybotSD TeaTimer] = C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [ctfmon.exe] = C:\WINDOWS\system32\ctfmon.exe ====== DNS Info (List may be empty) ====== HKEY_LOCAL_MACHINE\CCS\~\{0498C351-E77C-4AB4-9D02-E0C50E0E954A}\ NameServer= 213.191.74.11 213.191.92.82 HKEY_LOCAL_MACHINE\CS001\~\{0498C351-E77C-4AB4-9D02-E0C50E0E954A}\ NameServer= 213.191.74.11 213.191.92.82 NV Hostname = TEST DataBasePath = %SystemRoot%\System32\drivers\etc ForwardBroadcasts = 0 IPEnableRouter = 0 Hostname = TEST UseDomainNameDevolution = 1 DeadGWDetectDefault = 1 DontAddDefaultGatewayDefault = 0 ====== Folders and Files from "%\" and "%\Windows" Created Last 60 Days ====== 28.06.2010 15:34:50 8274985 C:\cmdcons 28.06.2010 15:34:51 925696 C:\cmdcons\SYSTEM32 27.06.2010 17:44:13 1727196 C:\Qoobox 28.06.2010 15:30:50 12517 C:\Qoobox\BackEnv 27.06.2010 17:44:13 304368 C:\Qoobox\Quarantine 27.06.2010 17:50:53 294476 C:\Qoobox\Quarantine\C 28.06.2010 15:46:26 294476 C:\Qoobox\Quarantine\C\WINDOWS 28.06.2010 15:46:29 140800 C:\Qoobox\Quarantine\C\WINDOWS\system32 27.06.2010 17:44:13 9790 C:\Qoobox\Quarantine\Registry_backups 28.06.2010 17:41:32 85 C:\RECYCLER 28.06.2010 17:41:32 85 C:\RECYCLER\S-1-5-21-3983823669-670418646-3479873645-1005 27.06.2010 17:40:29 73724 C:\rsit 27.05.2010 22:53:27 2006 32 C:\aqua_bitmap.cpp 28.06.2010 15:34:57 211 32 C:\Boot.bak 28.06.2010 15:34:53 262448 32 C:\cmldr 28.06.2010 15:51:48 25705 32 C:\ComboFix.txt 28.06.2010 17:28:44 171 32 C:\DrWeb.txt 28.06.2010 15:04:54 945 32 C:\Gmer.txt 28.06.2010 17:30:24 3219574784 38 C:\hiberfil.sys 22.05.2010 09:49:32 1796 0 C:\InstallHelper.log 27.06.2010 22:45:18 30575 32 C:\MWAV.LOG 28.06.2010 15:09:48 111952 32 C:\OTL.Txt 18.06.2010 08:37:18 616386 C:\WINDOWS\$NtUninstallKB894476$ 18.06.2010 08:37:18 600002 C:\WINDOWS\$NtUninstallKB894476$\spuninst 10.06.2010 17:04:23 4131466 C:\WINDOWS\$NtUninstallKB952069_WM9$ 10.06.2010 17:04:23 633154 C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst 10.06.2010 16:29:01 1935869 C:\WINDOWS\$NtUninstallKB975562$ 10.06.2010 16:29:01 638461 C:\WINDOWS\$NtUninstallKB975562$\spuninst 12.06.2010 07:28:07 2646538 C:\WINDOWS\$NtUninstallKB978542$ 12.06.2010 07:28:07 639498 C:\WINDOWS\$NtUninstallKB978542$\spuninst 10.06.2010 16:29:37 3005550 C:\WINDOWS\$NtUninstallKB978695_WM9$ 10.06.2010 16:29:37 632046 C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst 10.06.2010 16:29:21 703479 C:\WINDOWS\$NtUninstallKB979482$ 10.06.2010 16:29:21 638455 C:\WINDOWS\$NtUninstallKB979482$\spuninst 10.06.2010 18:07:39 2485277 C:\WINDOWS\$NtUninstallKB979559$ 10.06.2010 18:07:39 638749 C:\WINDOWS\$NtUninstallKB979559$\spuninst 10.06.2010 16:35:40 936726 C:\WINDOWS\$NtUninstallKB980195$ 10.06.2010 16:35:40 637718 C:\WINDOWS\$NtUninstallKB980195$\spuninst 10.06.2010 18:07:55 924253 C:\WINDOWS\$NtUninstallKB980218$ 10.06.2010 18:07:55 638557 C:\WINDOWS\$NtUninstallKB980218$\spuninst 11.06.2010 07:11:22 852962 C:\WINDOWS\$NtUninstallKB981793$ 11.06.2010 07:11:22 655330 C:\WINDOWS\$NtUninstallKB981793$\spuninst 27.05.2010 22:58:07 19390480 C:\WINDOWS\$NtUninstallWMFDist11$ 27.05.2010 22:58:07 638093 C:\WINDOWS\$NtUninstallWMFDist11$\spuninst 27.06.2010 17:47:36 198973049 C:\WINDOWS\ERDNT 27.06.2010 18:09:06 26694768 C:\WINDOWS\ERDNT\cache 27.06.2010 17:47:36 92372292 C:\WINDOWS\ERDNT\Hiv-backup 28.06.2010 15:30:45 18599936 C:\WINDOWS\ERDNT\Hiv-backup\Users 28.06.2010 15:30:45 1556480 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001 28.06.2010 15:30:45 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002 28.06.2010 15:30:45 15249408 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003 28.06.2010 15:30:46 1556480 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004 28.06.2010 15:30:47 221184 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005 28.06.2010 15:30:47 8192 C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006 27.06.2010 18:00:06 79905879 C:\WINDOWS\ERDNT\subs 27.06.2010 18:00:10 17035264 C:\WINDOWS\ERDNT\subs\Users 27.06.2010 18:00:10 1556480 C:\WINDOWS\ERDNT\subs\Users\00000001 27.06.2010 18:00:10 8192 C:\WINDOWS\ERDNT\subs\Users\00000002 27.06.2010 18:00:10 15249408 C:\WINDOWS\ERDNT\subs\Users\00000003 27.06.2010 18:00:11 221184 C:\WINDOWS\ERDNT\subs\Users\00000004 27.06.2010 13:37:30 42897676 C:\WINDOWS\ie8 27.06.2010 13:37:30 1188500 C:\WINDOWS\ie8\spuninst 27.06.2010 19:33:07 0 C:\WINDOWS\logo1_.exe 27.06.2010 19:29:52 0 C:\WINDOWS\logo_1.exe 27.06.2010 19:29:52 0 C:\WINDOWS\RUNDL132.EXE 27.06.2010 19:33:07 0 C:\WINDOWS\rundll16.exe 27.06.2010 18:10:34 81920 C:\WINDOWS\temp 27.06.2010 19:29:52 0 C:\WINDOWS\VDLL.DLL 28.06.2010 15:55:05 0 32 C:\WINDOWS\0.log 28.06.2010 17:39:59 8239 32 C:\WINDOWS\comsetup.log 28.06.2010 17:39:53 24733 32 C:\WINDOWS\FaxSetup.log 27.06.2010 17:47:41 80412 32 C:\WINDOWS\grep.exe 28.06.2010 17:39:56 29067 32 C:\WINDOWS\iis6.log 28.06.2010 17:40:02 1374 32 C:\WINDOWS\imsins.BAK 28.06.2010 17:40:02 1374 32 C:\WINDOWS\imsins.log 28.06.2010 17:39:24 9135 32 C:\WINDOWS\KB971961-IE8.log 28.06.2010 17:40:58 13280 32 C:\WINDOWS\KB976662-IE8.log 28.06.2010 17:40:07 9035 32 C:\WINDOWS\KB981332-IE8.log 28.06.2010 17:40:14 15325 32 C:\WINDOWS\KB982381-IE8.log 27.06.2010 19:28:25 53 32 C:\WINDOWS\Lic.xxx 27.06.2010 17:47:41 77312 32 C:\WINDOWS\MBR.exe 28.06.2010 17:40:04 1700 32 C:\WINDOWS\MedCtrOC.log 28.06.2010 17:40:02 1236 32 C:\WINDOWS\msgsocm.log 28.06.2010 17:40:02 7594 32 C:\WINDOWS\msmqinst.log 28.06.2010 17:40:04 4332 32 C:\WINDOWS\netfxocm.log 27.06.2010 17:47:41 31232 32 C:\WINDOWS\NIRCMD.exe 28.06.2010 16:25:03 159726 32 C:\WINDOWS\ntbtlog.txt 28.06.2010 17:40:00 4970 32 C:\WINDOWS\ntdtcsetup.log 28.06.2010 17:39:51 11824 32 C:\WINDOWS\ocgen.log 28.06.2010 17:40:05 1368 32 C:\WINDOWS\ocmsn.log 27.06.2010 17:47:41 256512 32 C:\WINDOWS\PEV.exe 27.06.2010 19:27:54 153600 32 C:\WINDOWS\R.COM 27.06.2010 17:47:41 98816 32 C:\WINDOWS\sed.exe 28.06.2010 17:39:59 0 32 C:\WINDOWS\setupact.log 28.06.2010 15:57:59 18059 32 C:\WINDOWS\setupapi.log 28.06.2010 17:39:59 0 32 C:\WINDOWS\setuperr.log 27.06.2010 17:47:41 161792 32 C:\WINDOWS\SWREG.exe 27.06.2010 17:47:41 136704 32 C:\WINDOWS\SWSC.exe 27.06.2010 17:47:41 212480 32 C:\WINDOWS\SWXCACLS.exe 28.06.2010 17:40:04 1244 32 C:\WINDOWS\tabletoc.log 28.06.2010 17:40:01 11286 32 C:\WINDOWS\tsoc.log 28.06.2010 17:40:48 2752 32 C:\WINDOWS\updspapi.log 27.06.2010 17:47:41 68096 32 C:\WINDOWS\zip.exe 04.06.2010 10:06:29 1907364 C:\WINDOWS\system32\KB905474 27.06.2010 19:29:52 0 C:\WINDOWS\system32\runouce.exe 26.06.2010 11:24:48 411368 32 C:\WINDOWS\system32\deployJava1.dll 27.06.2010 19:27:59 34048 32 C:\WINDOWS\system32\eEmpty.exe 27.05.2010 23:05:20 110592 0 C:\WINDOWS\system32\FsUsbExDevice.Dll 27.05.2010 23:05:20 36608 32 C:\WINDOWS\system32\FsUsbExDisk.Sys 27.05.2010 23:05:20 233472 32 C:\WINDOWS\system32\FsUsbExService.Exe 27.06.2010 10:34:49 145184 32 C:\WINDOWS\system32\java.exe 27.06.2010 10:34:49 73728 32 C:\WINDOWS\system32\javacpl.cpl 27.06.2010 10:34:49 145184 32 C:\WINDOWS\system32\javaw.exe 27.06.2010 10:34:49 153376 32 C:\WINDOWS\system32\javaws.exe 26.06.2010 11:23:55 4616 32 C:\WINDOWS\system32\jupdate-1.6.0_20-b02.log 27.06.2010 19:27:59 522 32 C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest 27.06.2010 19:28:01 554240 32 C:\WINDOWS\system32\msvcp80.dll 27.06.2010 19:28:02 632064 32 C:\WINDOWS\system32\msvcr80.dll 28.05.2010 07:29:19 18464 0 C:\WINDOWS\system32\spmsg.dll 27.06.2010 19:27:54 140800 32 C:\WINDOWS\system32\T.COM ====== "\Administrator & All Users\Startup" Last 60 Days====== ====== "\Program Files" Last 60 Days====== ======"Drivers" Modified Last 60 Days====== 04.08.2004 02:44:46 40448 32 C:\WINDOWS\system32\drivers\intelppm.sys 26.06.2010 15:33:05 20952 32 C:\WINDOWS\system32\drivers\mbam.sys 26.06.2010 15:33:08 38224 32 C:\WINDOWS\system32\drivers\mbamswissarmy.sys ====== Files Deleted under "%Temp%" ====== 11 Files deleted ======"All Users\Application Data" Last 60 Days====== ====== HKLM\~\ShellServiceObjectDelayLoad====== PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\shell32.dll CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - %Systemroot%\system32\webcheck.dll SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - %systemroot%\system32\stobject.dll WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll ====== HKLM\~\SharedTaskScheduler====== Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll ======HKLM\~\msconfig\startupreg====== HKLM\Software\microsoft\shared tools\msconfig\startupreg\ ====== Services ( Services that are Whitelisted are not shown) ====== adfs (adfs)- C:\WINDOWS\system32\drivers\adfs.sys - Auto/Running AEAudioService (AEAudio Service)- C:\WINDOWS\system32\drivers\AEAudio.sys - Manual/Running ANC (ANC)- C:\WINDOWS\system32\drivers\ANC.SYS - System/Running atmeltpm (atmeltpm)- C:\WINDOWS\system32\DRIVERS\atmeltpm.sys - Manual/Running avipbb (avipbb)- C:\WINDOWS\system32\DRIVERS\avipbb.sys - System/Running BTWDNDIS (Bluetooth-LAN-Zugangsserver)- C:\WINDOWS\system32\DRIVERS\btwdndis.sys - Manual/Stopped dgderdrv (dgderdrv)- C:\WINDOWS\system32\drivers\dgderdrv.sys - Manual/Stopped DLABOIOM (DLABOIOM)- C:\WINDOWS\system32\DLA\DLABOIOM.SYS - Auto/Running DLACDBHM (DLACDBHM)- C:\WINDOWS\system32\Drivers\DLACDBHM.SYS - System/Running DLADResN (DLADResN)- C:\WINDOWS\system32\DLA\DLADResN.SYS - Auto/Running DLAIFS_M (DLAIFS_M)- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS - Auto/Running DLAOPIOM (DLAOPIOM)- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS - Auto/Running DLAPoolM (DLAPoolM)- C:\WINDOWS\system32\DLA\DLAPoolM.SYS - Auto/Running DLARTL_N (DLARTL_N)- C:\WINDOWS\system32\Drivers\DLARTL_N.SYS - System/Running DLAUDFAM (DLAUDFAM)- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS - Auto/Running DLAUDF_M (DLAUDF_M)- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS - Auto/Running DRVMCDB (DRVMCDB)- C:\WINDOWS\system32\Drivers\DRVMCDB.SYS - Boot/Running DRVNDDM (DRVNDDM)- C:\WINDOWS\system32\Drivers\DRVNDDM.SYS - Auto/Running E100B (Intel(R) PRO-Adaptertreiber)- C:\WINDOWS\system32\DRIVERS\e100b325.sys - Manual/Stopped e1express (Intel(R) PRO/1000 PCI Express Network Connection Driver)- C:\WINDOWS\system32\DRIVERS\e1e5132.sys - Manual/Running EGATHDRV (IBM eGatherer)- \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS - Auto/Running FsUsbExDisk (FsUsbExDisk)- \??\C:\WINDOWS\system32\FsUsbExDisk.SYS - Manual/Stopped G400 (G400)- C:\WINDOWS\system32\DRIVERS\G400m.sys - Manual/Stopped HSFHWAZL (HSFHWAZL)- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys - Manual/Running HSF_DPV (HSF_DPV)- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys - Manual/Running HSXHWAZL (HSXHWAZL)- C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys - Manual/Stopped iaStor (Intel AHCI Controller)- C:\WINDOWS\system32\DRIVERS\iaStor.sys - Boot/Running IBMPMDRV (IBMPMDRV)- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys - Manual/Running IBMTPCHK (IBMTPCHK)- \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys - System/Running irda (IrDA-Protokoll)- C:\WINDOWS\system32\DRIVERS\irda.sys - Auto/Running Iviaspi (IVI ASPI Shell)- C:\WINDOWS\system32\drivers\iviaspi.sys - Manual/Stopped lenovo.smi (Lenovo System Interface Driver)- C:\WINDOWS\system32\DRIVERS\smiif32.sys - System/Running NETw3x32 (Intel(R) PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit)- C:\WINDOWS\system32\DRIVERS\NETw3x32.sys - Manual/Stopped NETw4x32 (Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit)- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys - Manual/Running NSCIRDA (NSC-Infrarotgerätetreiber)- C:\WINDOWS\system32\DRIVERS\nscirda.sys - Manual/Stopped PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol)- C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys - Manual/Stopped PDNMp50 (PDNMp50 NDIS Protocol Driver)- \??\C:\WINDOWS\system32\drivers\PDNMp50.sys - Manual/Stopped PDNSp50 (PDNSp50 NDIS Protocol Driver)- \??\C:\WINDOWS\system32\drivers\PDNSp50.sys - Manual/Stopped pmem (pmem)- \??\C:\WINDOWS\System32\drivers\pmemnt.sys - Auto/Running PrivateDisk (PrivateDisk)- \??\C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys - Auto/Running PROCDD (IPS-Helper-Treiber)- C:\WINDOWS\system32\DRIVERS\PROCDD.SYS - Auto/Running psadd (Lenovo Parties Service Access Device Driver)- C:\WINDOWS\system32\DRIVERS\psadd.sys - Manual/Running Rasirda (WAN-Miniport (IrDA))- C:\WINDOWS\system32\DRIVERS\rasirda.sys - Manual/Running Shockprf (Shockprf)- C:\WINDOWS\system32\DRIVERS\Apsx86.sys - Boot/Running Smapint (Smapint)- C:\WINDOWS\system32\drivers\Smapint.sys - System/Running smi2 (smi2)- \??\C:\Programme\SMI2\smi2.sys - Auto/Running sscebus (SAMSUNG USB Composite Device V2 driver (WDM))- C:\WINDOWS\system32\DRIVERS\sscebus.sys - Manual/Stopped sscemdfl (SAMSUNG Mobile Modem V2 Filter)- C:\WINDOWS\system32\DRIVERS\sscemdfl.sys - Manual/Stopped sscemdm (SAMSUNG Mobile Modem V2 Drivers)- C:\WINDOWS\system32\DRIVERS\sscemdm.sys - Manual/Stopped ssceserd (SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM))- C:\WINDOWS\system32\DRIVERS\ssceserd.sys - Manual/Stopped ssmdrv (ssmdrv)- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys - System/Running SynTP (Synaptics TouchPad Driver)- C:\WINDOWS\system32\DRIVERS\SynTP.sys - Manual/Running TcUsb (TC USB Kernel Driver)- C:\WINDOWS\system32\Drivers\tcusb.sys - Manual/Running TDSMAPI (TDSMAPI)- C:\WINDOWS\system32\drivers\TDSMAPI.SYS - System/Running TPDIGIMN (TPDIGIMN)- C:\WINDOWS\system32\DRIVERS\ApsHM86.sys - Boot/Running TPHKDRV (TPHKDRV)- C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys - System/Running TPPWRIF (TPPWRIF)- C:\WINDOWS\system32\drivers\Tppwrif.sys - System/Running TSMAPIP (TSMAPIP)- C:\WINDOWS\system32\drivers\TSMAPIP.SYS - System/Running tvtfilter (tvtfilter)- \??\C:\WINDOWS\system32\drivers\tvtfilter.sys - Auto/Running TVTPktFilter (TVT Packet Filter Service)- C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys - Manual/Running TwoTrack (IBM PS/2 TrackPoint-Filtertreiber)- C:\WINDOWS\system32\DRIVERS\TwoTrack.sys - Manual/Stopped UIUSys (Conexant Setup API)- C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS - Manual/Stopped WpdUsb (WpdUsb)- C:\WINDOWS\system32\DRIVERS\wpdusb.sys - Manual/Stopped ====== Uninstall List ====== A file named 'UNI.txt' was created and saved to FileListers default location. Post the results if requested. ======== Other Info ======== TOTAL PHYSICAL RAM: 3220 MB Boot Info [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect OS Type: Microsoft Windows XP Professional Build: 5.1.2600 Service Pack: 3.0 ====== Files with Hidden Attributes====== A file named 'Hidden.txt' was created and saved to FileListers default location. Post the results if requested. ==End of Report== PS: Als ich das Programm gestartet habe, hat Spybot reagiert, war mir nicht sicher, ob ich den ctfmon.exe erlauben durfte: 28.06.2010 17:53:45 Verweigert (based on user decision) value "ctfmon.exe" (new data: "C:\WINDOWS\system32\ctfmon.exe") hinzugefügt in System Startup user entry! |
|
28.06.2010, 17:14
| #60 |
| | TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien Will den Tag ja nicht vor dem Abend loben, bin seit 13 Minuten nach Programmende von Filelister online und bisher wurden keine neuen Temps in c:/windows angelegt und auch kein Virus gemeldet. |
|
| Themen zu TR/PSW.Zbot.133169.Y alle 11 Minuten Antivir und temp Dateien |
| aktiv, antivir, befallen, dateien, diverse, gelöscht, java, meldung, minute, minuten, neue, neuen, neuste, ordner, programm, programme, sperrt, stelle, system, temp, temporäre dateien, thema, tr/psw.zbot., tr/psw.zbot.133169.y temporäre dateien windows trojaner 11 minuten, update, version, virus, ähnliches |
Linear-Darstellung
