| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virtumone.prx hält sich härtnäckig auf meinem RechnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.08.2010, 05:24
| #1 |
 |  Virtumone.prx hält sich härtnäckig auf meinem Rechner Einen schönen guten Morgen, seit geraumer Zeit nun plage ich mich schon mit diesem Trojaner. Spybot hat mich auf das Problem aufmerksam gemacht und bei meiner Web-Recherche bin ich über dieses Forum gestolpert. Bevor ich dieses Thema erstellt habe, hatte ich schon folgende Anweisungen befolgt (leider ohne Erfolg): h**p://w*w.ehow.com/how_6109953_remove-virtumonde_prx-trojan.html und auch ein Removal Programm benutzt, an dessen Namen ich mich leider nicht mehr erinnern kann. Ich habe wie von Euch angeregt bereits CCleaner und Malwarebytes durchlaufen lassen. Hier die Logdatei von Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4414
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
12.08.2010 22:56:48
mbam-log-2010-08-12 (22-56-48).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 223309
Laufzeit: 1 Stunde(n), 13 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\50bd6418 (Trojan.Vundo.H) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by ***** at 2010-08-16 06:09:15 Microsoft Windows XP Professional Service Pack 3 System drive C: has 3 GB (11%) free of 31 GB Total RAM: 1014 MB (19% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 06:09:33, on 16.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17080) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe E:\AdAware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe c:\programme\lenovo\system update\suservice.exe C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\Programme\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe C:\WINDOWS\system32\tp4serv.exe C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Programme\Lenovo\HOTKEY\TPONSCR.exe C:\Programme\Lenovo\Zoom\TpScrex.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Programme\Lenovo\AwayTask\AwaySch.EXE C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe C:\Programme\Lenovo\Client Security Solution\cssauth.exe E:\Razer\razerhid.exe C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\DNA\btdna.exe E:\Razer\razertra.exe C:\Programme\Windows Media Player\WMPNSCFG.exe E:\Razer\razerofa.exe C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe C:\Programme\Digital Line Detect\DLG.exe C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\BitTorrent\bittorrent.exe C:\Dokumente und Einstellungen\*****\Desktop\RSIT.exe C:\Programme\trend micro\*****.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: (no name) - {05BDF66B-75AC-4B46-8BB8-35B9EF574475} - (no file) O2 - BHO: (no name) - {0FA714F5-650B-4EE8-A7BF-37681C9EA8D4} - (no file) O2 - BHO: (no name) - {4F016B18-C8DB-4CD4-8FD0-510C4D49E50C} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\17.7.0.12\IPSBHO.DLL O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {CEB52EDC-7FB7-4196-9DE7-406BF27EAF2A} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {ef5b6f43-78da-48c9-8eac-4d014eb8fd11} - (no file) O2 - BHO: (no name) - {F020261D-0071-491F-BF92-0CC819A3E1C9} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog O4 - HKLM\..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [cssauth] "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [DeathAdder] E:\Razer\razerhid.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [QuickTime Task] "E:\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [50bd6418] rundll32.exe "C:\WINDOWS\system32\bupgxhoh.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Programme\DNA\btdna.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1198252786375 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198253101343 O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O20 - Winlogon Notify: cbv - Invalid registry found O20 - Winlogon Notify: yayWQhHY - Invalid registry found O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\AdAware\aawservice.exe O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: IPS-Basisservice (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Programme\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: System Update (SUService) - - c:\programme\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 12141 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job C:\WINDOWS\tasks\PMTask.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05BDF66B-75AC-4B46-8BB8-35B9EF574475}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FA714F5-650B-4EE8-A7BF-37681C9EA8D4}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F016B18-C8DB-4CD4-8FD0-510C4D49E50C}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] Symantec Intrusion Prevention - C:\Programme\Norton AntiVirus\Engine\17.7.0.12\IPSBHO.DLL [2010-05-14 79224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Programme\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CEB52EDC-7FB7-4196-9DE7-406BF27EAF2A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-17 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef5b6f43-78da-48c9-8eac-4d014eb8fd11}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F020261D-0071-491F-BF92-0CC819A3E1C9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Programme\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [] "BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog [] "TPFNF7"=C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe [2007-04-09 58416] "TrackPointSrv"=C:\WINDOWS\system32\tp4serv.exe [2007-04-26 91184] "TPHOTKEY"=C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176] "TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2007-03-29 181808] "EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-03-28 243248] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-16 138008] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-16 162584] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-16 138008] "TVT Scheduler Proxy"=C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [2007-02-08 536576] "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940] "ISUSPM Startup"=C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] "AwaySch"=C:\Programme\Lenovo\AwayTask\AwaySch.EXE [2006-11-07 91688] "LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2007-03-22 120368] "AMSG"=C:\Programme\ThinkVantage\AMSG\Amsg.exe [2007-02-01 419376] "ACTray"=C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe [2007-07-05 413696] "cssauth"=C:\Programme\Lenovo\Client Security Solution\cssauth.exe [2007-01-30 2618944] "DeathAdder"=E:\Razer\razerhid.exe [2007-09-07 159744] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "QuickTime Task"=E:\QuickTime\QTTask.exe [2009-11-11 417792] "SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-05-14 248552] "50bd6418"=C:\WINDOWS\system32\bupgxhoh.dll,b [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "SpybotSD TeaTimer"=C:\Programme\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] "BitTorrent DNA"=C:\Programme\DNA\btdna.exe [2009-11-13 323392] "WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart BTTray.lnk - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe Digital Line Detect.lnk - C:\Programme\Digital Line Detect\DLG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify] C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll [2007-07-05 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbv] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-05-02 204800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2] C:\Programme\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey] C:\Programme\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayWQhHY] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=255 "NoDrives"=0 "HonorAutoRunSetting"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Programme\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled:DNA" "E:\BitTorrent\bittorrent.exe"="E:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" "E:\Spiele\DoW\W40k.exe"="E:\Spiele\DoW\W40k.exe:*:Enabled:W40k" "E:\Spiele\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe"="E:\Spiele\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\Zattoo\zattood.exe"="C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood" "C:\Programme\Zattoo\Zattoo2.exe"="C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: " "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "E:\mIRC\mirc.exe"="E:\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Programme\Zattoo\Zattoo.exe"="C:\Programme\Zattoo\Zattoo.exe:*:Enabled: " "E:\Spiele\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"="E:\Spiele\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "E:\Spiele\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe"="E:\Spiele\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "E:\Spiele\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe"="E:\Spiele\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "E:\Spiele\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe"="E:\Spiele\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enGB-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "E:\Itunes\iTunes.exe"="E:\Itunes\iTunes.exe:*:Enabled:iTunes" "E:\Zattoo\zattood.exe"="E:\Zattoo\zattood.exe:*:Enabled:zattood" "E:\Spiele\World of Warcraft\Launcher.exe"="E:\Spiele\World of Warcraft\Launcher.exe:*:Enabled:Launcher" "C:\Programme\BitTorrent\bittorrent.exe"="C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-08-16 06:09:16 ----D---- C:\Programme\trend micro 2010-08-16 06:09:15 ----D---- C:\rsit 2010-08-12 09:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$ 2010-08-12 09:06:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$ 2010-08-12 09:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$ 2010-08-12 09:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$ 2010-08-12 09:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$ 2010-08-12 08:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$ 2010-08-12 08:54:56 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$ 2010-08-12 08:54:41 ----A---- C:\WINDOWS\imsins.BAK 2010-08-12 08:54:33 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$ 2010-08-10 21:36:47 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Malwarebytes 2010-08-10 21:36:35 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-08-10 21:36:34 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-08-10 21:36:33 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-08-04 12:20:12 ----SHD---- C:\Config.Msi 2010-08-03 13:48:33 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\BitTorrent 2010-08-03 13:48:25 ----D---- C:\Programme\BitTorrent 2010-08-03 09:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$ 2010-08-02 12:42:20 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun 2010-08-02 12:33:57 ----A---- C:\WINDOWS\system32\javaws.exe 2010-08-02 12:33:57 ----A---- C:\WINDOWS\system32\javaw.exe 2010-08-02 12:33:57 ----A---- C:\WINDOWS\system32\java.exe 2010-07-23 23:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$ 2010-07-23 23:34:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$ 2010-07-23 23:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$ 2010-07-23 23:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$ 2010-07-23 23:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$ 2010-07-23 23:31:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$ 2010-07-23 23:30:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$ 2010-07-23 23:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$ 2010-07-23 23:18:20 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$ 2010-07-23 23:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-07-23 23:18:02 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$ 2010-07-23 23:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$ 2010-07-23 23:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$ 2010-07-23 23:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-07-23 23:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$ 2010-07-23 23:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$ 2010-07-23 21:18:48 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-07-23 21:10:55 ----N---- C:\WINDOWS\system32\browserchoice.exe ======List of files/folders modified in the last 1 months====== 2010-08-16 06:09:16 ----RD---- C:\Programme 2010-08-16 06:09:08 ----D---- C:\WINDOWS\Prefetch 2010-08-16 06:09:04 ----D---- C:\WINDOWS\Temp 2010-08-16 06:00:57 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\DNA 2010-08-16 05:31:52 ----D---- C:\Programme\Mozilla Firefox 2010-08-16 05:20:56 ----D---- C:\WINDOWS\system32\CatRoot2 2010-08-16 05:20:53 ----D---- C:\Programme\DNA 2010-08-16 05:19:57 ----AD---- C:\WINDOWS 2010-08-16 05:19:45 ----A---- C:\TPHKLOCK.TXT 2010-08-16 05:19:17 ----SHD---- C:\System Volume Information 2010-08-15 21:12:08 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-08-15 18:49:50 ----D---- C:\SWSHARE 2010-08-12 19:09:34 ----AD---- C:\WINDOWS\system32 2010-08-12 09:15:02 ----D---- C:\WINDOWS\Microsoft.NET 2010-08-12 09:14:56 ----RSD---- C:\WINDOWS\assembly 2010-08-12 09:07:51 ----HD---- C:\WINDOWS\inf 2010-08-12 09:07:41 ----ASHD---- C:\WINDOWS\system32\dllcache 2010-08-12 09:07:32 ----D---- C:\WINDOWS\system32\de-de 2010-08-12 09:07:32 ----D---- C:\Programme\Internet Explorer 2010-08-12 09:07:19 ----D---- C:\WINDOWS\ie7updates 2010-08-12 09:06:44 ----D---- C:\WINDOWS\system32\drivers 2010-08-12 09:06:38 ----HD---- C:\WINDOWS\$hf_mig$ 2010-08-12 09:05:22 ----SHD---- C:\WINDOWS\Installer 2010-08-12 09:04:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-08-12 09:03:41 ----D---- C:\WINDOWS\WinSxS 2010-08-12 08:55:37 ----D---- C:\WINDOWS\Debug 2010-08-12 08:55:00 ----D---- C:\Programme\Movie Maker 2010-08-11 07:55:55 ----D---- C:\Programme\Gemeinsame Dateien 2010-08-11 07:55:52 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2010-08-11 07:53:05 ----D---- C:\Dokumente und Einstellungen\*****\Anwendungsdaten\Media Player Classic 2010-08-11 07:53:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-08-11 07:52:48 ----D---- C:\WINDOWS\Minidump 2010-08-10 21:49:13 ----D---- C:\Programme\Spybot - Search & Destroy 2010-08-05 06:58:19 ----D---- C:\WINDOWS\system32\CatRoot 2010-08-04 12:28:03 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-08-04 12:27:15 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2010-08-04 12:27:14 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2010-08-04 12:26:16 ----D---- C:\Programme\MSBuild 2010-08-04 12:26:00 ----RSD---- C:\WINDOWS\Fonts 2010-08-04 12:20:52 ----D---- C:\Programme\Gemeinsame Dateien\System 2010-08-04 12:20:48 ----A---- C:\WINDOWS\win.ini 2010-08-04 12:16:56 ----D---- C:\Programme\InterVideo 2010-08-04 12:16:52 ----HD---- C:\Programme\InstallShield Installation Information 2010-08-04 12:16:16 ----D---- C:\Programme\Gemeinsame Dateien\InterVideo 2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe 2010-08-03 10:56:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment 2010-08-02 14:26:05 ----D---- C:\Programme\OpenOffice.org 3 2010-08-02 12:42:18 ----D---- C:\Programme\Gemeinsame Dateien\Java 2010-08-02 12:33:55 ----D---- C:\Programme\Java 2010-07-28 20:17:09 ----SD---- C:\WINDOWS\Tasks 2010-07-28 20:16:23 ----D---- C:\WINDOWS\system32\LogFiles 2010-07-28 08:19:46 ----D---- C:\WINDOWS\system32\drivers\NAV 2010-07-27 08:29:42 ----A---- C:\WINDOWS\system32\shell32.dll 2010-07-23 23:14:31 ----D---- C:\Programme\Outlook Express ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-03-01 89472] R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-02-12 277784] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528] R0 Shockprf;Shockprf; C:\WINDOWS\System32\DRIVERS\Apsx86.sys [2007-03-02 100656] R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS [2009-11-06 328752] R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS [2010-04-22 173104] R0 TPDIGIMN;TPDIGIMN; C:\WINDOWS\System32\DRIVERS\ApsHM86.sys [2007-03-02 19760] R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520] R1 BHDrvx86;BHDrvx86; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100719.001\BHDrvx86.sys [] R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys [2010-02-26 501888] R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys [] R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys [] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS [2010-04-22 325680] R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS [2010-04-22 43696] R1 SSHDRV79;SSHDRV79; \??\C:\WINDOWS\system32\drivers\SSHDRV79.sys [] R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS [2010-04-29 116784] R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS [2010-05-06 361904] R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-23 17778] R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-06-17 4442] R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-04-09 12848] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-18 21393] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys [] R2 s24trans;WLAN-Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-03-29 12416] R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2007-11-18 33536] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792] R3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS\system32\drivers\btaudio.sys [2007-01-24 530861] R3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-10-09 30459] R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042] R3 DAdderFltr;DeathAdder Mouse; C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 22784] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAudN.sys [2007-04-27 666112] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-03-25 988032] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-03-25 210688] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-02 5706784] R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424] R3 IDSxpx86;IDSxpx86; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100813.004\IDSxpx86.sys [] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 NAVENG;NAVENG; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100814.002\NAVENG.SYS [] R3 NAVEX15;NAVEX15; \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100814.002\NAVEX15.SYS [] R3 NETw4x32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976] R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2006-09-13 28224] R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [] R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2007-04-26 22832] R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264] R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2007-02-08 17664] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-03-25 731136] S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-10-15 149123] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960] S3 Dot4;MS IEEE-1284.4-Treiber; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976] S3 Dot4Print;Druckerklassentreiber für IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928] S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-18 23936] S3 E100B;Intel(R) PRO-Adaptertreiber; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-18 117760] S3 G400;G400; C:\WINDOWS\system32\DRIVERS\G400m.sys [2001-08-18 322432] S3 jnv4_mib;jnv4_mib; \??\C:\DOKUME~1\*****\LOKALE~1\Temp\jnv4_mib.sys [] S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272] S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864] S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [] S3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMDNS.SYS [] S3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.026\SYMFW.SYS [] S3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.026\SYMIDS.SYS [] S3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NAV\1008000.026\SYMNDIS.SYS [] S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMREDRV.SYS [] S3 TwoTrack;IBM PS/2 TrackPoint-Filtertreiber; C:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520] S3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP-Bus-Filtertreiber; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 sisagp;SIS AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;VIA AGP-Bus-Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; E:\AdAware\aawservice.exe [2008-08-28 611664] R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-07-05 65536] R2 AcSvc;Access Connections Main Service; C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe [2007-07-05 184320] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 btwdins;Bluetooth Service; C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Programme\Intel\Wireless\Bin\EvtEng.exe [2007-04-16 647168] R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-05-31 36400] R2 IviRegMgr;IviRegMgr; C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-07-17 153376] R2 NAV;Norton AntiVirus; C:\Programme\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Programme\Intel\Wireless\Bin\RegSrvc.exe [2007-04-16 327680] R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Programme\Intel\Wireless\Bin\S24EvMon.exe [2007-04-16 983040] R2 SUService;System Update; c:\programme\lenovo\system update\suservice.exe [2006-12-15 11776] R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe [2007-01-30 644672] R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-03-02 37680] R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Programme\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 569344] R2 TVT Backup Service;TVT Backup Service; C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe [2007-02-08 950272] R2 TVT Scheduler;TVT Scheduler; c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe [2007-02-08 1118208] R2 tvtnetwk;tvtnetwk; C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-02-08 45056] R2 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 IPSSVC;IPS-Basisservice; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-30 108080] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-11-12 545568] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536] S3 SQLWriter;SQL Server VSS Writer; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
| Themen zu Virtumone.prx hält sich härtnäckig auf meinem Rechner |
| 32 bit, ad-aware, antivirus, bho, bonjour, browser, desktop, device driver, einstellungen, eraser, explorer, firefox, fontcache, hijack, hijackthis, hkus\s-1-5-18, iastor.sys, installation, intrusion prevention, lenovo, logfile, monitor, mozilla, nodrives, plug-in, problem, programm, registry, rundll, security, senden, software, staropen, symantec, system, thinkvantage registry monitor service, windows xp |
Baum-Darstellung