| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.09.2010, 14:25
| #1 | ||
 |  Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Hallo liebes Trojanerboard-Team, ich habe ein Problem mit dem hartnäckigen Programm TR Vilsel.aejm. Avira findet es immer wieder, aber bei allen Neustarts kommt es zurück. Außerdem habe ich mir glaube ich seitdem ich vor einem Monat nach China gekommen bin auch andere bösartige Programm eingefangen, die Avira nicht findet. Gestern warnte mich meine VPN-Verbindung nach München, das ich zu viele Packete ins Internet sende. Ich habe versucht, statt Avira eine Freeware von Kaspersky runterzuladen, aber die Installation hat nicht geklappt, weil Kaspersky behauptet, ich hätte noch Avast installiert - das habe ich versucht zu löschen, aber es ging nur von Hand (habe alle Dateien entfernt) und Kaspersky behauptet immer noch es wäre da (die Systemsteuerung zeigt es aber nicht mehr). Deswegen habe ich Avira reinstalliert. Anscheinend haben hier schon andere Leute Probleme mit diesem hartnäckigen Trojaner gehabt, aber die Lösungen waren für alle unterschiedlich. In einem Fall lautete die Anweisung, Windows komplett neu aufzusetzen. Falls die Reparatur zu aufwändig sein sollte, würde ich das auch machen. Ich hatte schon im Juni Probleme mit Viren (da hatte ich aber Menschen, die mir helfen konnten, jetzt bin ich alleine in China), deswegen macht es vielleicht Sinn, alles einmal neu aufzusetzen? Ich habe meine eigene Windows-CD nicht, könnte aber eine von einem Bekannten bekommen. So, jetzt aber zu meinen weiteren Problemen: Ich habe die Anleitung befolgt und bin bis zu Schritt 4 gekommen. Jetzt finde ich aber gmer.zip nirgends - was soll ich tun? Hier schonmal die Logfiles von Malwarebites und dem defogger: Malwarebites: Zitat:
Zitat:
Ich freue mich über jede Hilfe! Viele Grüße Eva P.S.: Wie man vielleicht merkt, habe ich absolut gar keine Ahnung von Computern, bitte seid mir nicht böse, wenn ich mich komisch ausdrücke! |
|
15.09.2010, 15:05
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigenZitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
17.09.2010, 08:18
| #3 | |
| | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Hallo Arne,
__________________vielen Dank für Deine Antwort. Hier sind die Logfiles: Malwarebites: Zitat:
OTL1: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.09.2010 09:11:12 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 377,00 Mb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,20 Gb Total Space | 13,44 Gb Free Space | 19,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: EVA
Current User Name: Eva Blomberg
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{375943E2-B268-4AD7-B7A4-0FD90E9C2AC7}" = Skype™ 4.0
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series (deu)
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad-UltraNav-Assistent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7761-000000000003}" = Adobe Acrobat 3D version 8
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}" = Adobe Bridge 1.0
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B357C4B4-9024-4B64-9B3F-A6729031C3DD}" = SketchUp 5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}" = Adobe Photoshop Lightroom
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "TrackPoint-Eingabehilfen"
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad-Konfiguration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Acrobat 3D version 8" = Adobe Acrobat 3D version 8.1.3
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"ANNO 1602 Königs-Edition" = ANNO 1602 Königs-Edition
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AwayTask" = Maintenance Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"gretl_is1" = gretl version 1.6.5
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IE7Pro" = IE7Pro
"ie8" = Windows Internet Explorer 8
"legacyqcam_10.51" = Logitech Legacy USB Camera-Treiberpaket
"lvdrivers_12.0" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maple 10" = Maple 10
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Embedded Browser_is1" = Mozilla Embedded Browser version 2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NuSphere PhpED_is1" = NuSphere PhpED version 5.2
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PHP5_is1" = php-5.2.5 for NuSphere PhpED
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"QuicktimeAlt_is1" = QuickTime Alternative 2.5.1
"Security Task Manager" = Security Task Manager 1.7h
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZhornStickies" = Stickies 7.0b
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.04.2009 07:29:08 | Computer Name = EVA | Source = F-Secure Management Agent | ID = 103
Description =
Error - 29.04.2009 07:29:56 | Computer Name = EVA | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung fsaua.exe, Version 0.0.0.0, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 29.04.2009 07:30:55 | Computer Name = EVA | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung fsaua.exe, Version 8.22.2096.0, fehlgeschlagenes
Modul fsaua.exe, Version 8.22.2096.0, Fehleradresse 0x00019ca4.
Error - 29.04.2009 07:34:04 | Computer Name = EVA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fsaua.exe, Version 8.22.2096.0, fehlgeschlagenes
Modul fsaua.exe, Version 8.22.2096.0, Fehleradresse 0x00019ca4.
Error - 29.04.2009 07:35:17 | Computer Name = EVA | Source = F-Secure Management Agent | ID = 103
Description =
Error - 29.04.2009 15:12:38 | Computer Name = EVA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fsaua.exe, Version 8.22.2096.0, fehlgeschlagenes
Modul fsaua.exe, Version 8.22.2096.0, Fehleradresse 0x00019ca4.
Error - 29.04.2009 15:13:12 | Computer Name = EVA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fsaua.exe, Version 8.22.2096.0, fehlgeschlagenes
Modul fsaua.exe, Version 8.22.2096.0, Fehleradresse 0x00019ca4.
Error - 29.04.2009 15:13:17 | Computer Name = EVA | Source = F-Secure Management Agent | ID = 103
Description =
Error - 30.04.2009 02:44:04 | Computer Name = EVA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fsaua.exe, Version 8.22.2096.0, fehlgeschlagenes
Modul fsaua.exe, Version 8.22.2096.0, Fehleradresse 0x00019ca4.
Error - 30.04.2009 02:44:44 | Computer Name = EVA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung fsaua.exe, Version 8.22.2096.0, fehlgeschlagenes
Modul fsaua.exe, Version 8.22.2096.0, Fehleradresse 0x00019ca4.
[ OSession Events ]
Error - 16.02.2008 10:52:23 | Computer Name = EVA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8614
seconds with 8100 seconds of active time. This session ended with a crash.
Error - 09.11.2008 16:13:30 | Computer Name = EVA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2429
seconds with 2400 seconds of active time. This session ended with a crash.
Error - 01.12.2008 07:29:16 | Computer Name = EVA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6686
seconds with 4080 seconds of active time. This session ended with a crash.
Error - 10.01.2009 17:00:33 | Computer Name = EVA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22237
seconds with 9480 seconds of active time. This session ended with a crash.
Error - 26.01.2009 06:27:22 | Computer Name = EVA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5810
seconds with 4380 seconds of active time. This session ended with a crash.
Error - 26.01.2009 11:23:31 | Computer Name = EVA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17746
seconds with 2340 seconds of active time. This session ended with a crash.
Error - 04.02.2009 17:30:17 | Computer Name = EVA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1829
seconds with 1740 seconds of active time. This session ended with a crash.
Error - 14.06.2009 13:04:42 | Computer Name = EVA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 37
seconds with 0 seconds of active time. This session ended with a crash.
Error - 08.06.2010 17:06:56 | Computer Name = EVA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 34
seconds with 0 seconds of active time. This session ended with a crash.
Error - 11.07.2010 09:11:15 | Computer Name = EVA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2522
seconds with 660 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 17.02.2009 06:36:10 | Computer Name = EVA | Source = Service Control Manager | ID = 7034
Description = Dienst "F-Secure Automatic Update Agent" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 17.02.2009 06:36:15 | Computer Name = EVA | Source = Service Control Manager | ID = 7034
Description = Dienst "F-Secure Automatic Update Agent" wurde unerwartet beendet.
Dies ist bereits 2 Mal passiert.
Error - 17.02.2009 12:38:22 | Computer Name = EVA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.02.2009 12:38:22 | Computer Name = EVA | Source = Service Control Manager | ID = 7034
Description = Dienst "F-Secure Automatic Update Agent" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 17.02.2009 12:42:09 | Computer Name = EVA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 17.02.2009 15:45:55 | Computer Name = EVA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 17.02.2009 15:45:55 | Computer Name = EVA | Source = Service Control Manager | ID = 7034
Description = Dienst "F-Secure Automatic Update Agent" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 17.02.2009 15:45:55 | Computer Name = EVA | Source = Service Control Manager | ID = 7034
Description = Dienst "F-Secure Automatic Update Agent" wurde unerwartet beendet.
Dies ist bereits 2 Mal passiert.
Error - 17.02.2009 15:49:42 | Computer Name = EVA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 18.02.2009 04:30:58 | Computer Name = EVA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASPI32" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
OTL2: OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.09.2010 09:11:12 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.014,00 Mb Total Physical Memory | 377,00 Mb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,20 Gb Total Space | 13,44 Gb Free Space | 19,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: EVA
Current User Name: Eva Blomberg
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\System Volume Information\_restore{d5fffa500b1b}\svchost.exe File not found
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (IBM)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
========== Win32 Services (SafeList) ==========
SRV - (TpKmpSVC) -- C:\WINDOWS\System32\TpKmpSVC.exe File not found
SRV - (PsaSrv) -- C:\WINDOWS\System32\PsaSrv.exe File not found
SRV - (i6rfpmou4ihm6ab) -- C:\WINDOWS\System32\peky.exe File not found
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe File not found
SRV - (CVPND) -- c:\Programme\LRZ VPN Client\cvpnd.exe File not found
SRV - (CLPSLS) -- C:\Programme\COMODO\COMODO livePCsupport\CLPSLS.exe File not found
SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe File not found
SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe File not found
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe File not found
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TVT Backup Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (TSSCoreService) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (IBM)
SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (SYMIDSCO) -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\SCFIDS~1\20071220.001\symidsco.sys File not found
DRV - (PcdrNdisuiox) -- C:\WINDOWS\System32\DRIVERS\PcdrNdisuiox.sys File not found
DRV - (PcdrNdisuios) -- C:\WINDOWS\System32\DRIVERS\PcdrNdisuios.sys File not found
DRV - (PcdrNdisuiol) -- C:\WINDOWS\System32\DRIVERS\PcdrNdisuiol.sys File not found
DRV - (PcdrNdisuioi) -- C:\WINDOWS\System32\DRIVERS\PcdrNdisuioi.sys File not found
DRV - (PcdrNdisuiob) -- C:\WINDOWS\System32\DRIVERS\PcdrNdisuiob.sys File not found
DRV - (PcdrNdisuio) -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys File not found
DRV - (ombytwcw) -- C:\WINDOWS\System32\Drivers\ombytwcw.sys File not found
DRV - (EGATHDRV) -- C:\WINDOWS\system32\EGATHDRV.SYS (IBM Corporation)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 250(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (smihlp2) SMI Helper Driver (smihlp2) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (Lenovo Group Limited)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (NETw3x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw3x32.sys (Intel® Corporation)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited)
DRV - (smi2) -- C:\Programme\SMI2\smi2.sys (IBM Corp.)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (PrivateDisk) -- C:\Programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys (Utimaco Safeware AG)
DRV - (HSXHWAZL) -- C:\WINDOWS\system32\drivers\hsxhwazl.sys (Conexant Systems, Inc.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS ()
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (DCamUSBUVT) -- C:\WINDOWS\system32\drivers\usbuvt.sys (IC Media Corporation)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.yahoo.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O1 HOSTS File: ([2010.06.02 21:32:12 | 000,403,752 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13964 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Stickies.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll File not found
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\IEPro\iepro.dll File not found
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202063834093 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273668527218 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Programme\Lenovo\AwayTask\AwayNotify.dll - C:\Programme\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Programme\Lenovo\HOTKEY\notifyf2.dll - C:\Programme\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{424ea5c0-431c-11df-b2db-001b776e201e}\Shell\AutoRun\command - "" = E:\browsercall.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\AutoRun\command - "" = E:\p\Miranda\miranda32.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\MIRANDA\COMMAND - "" = E:\p\Miranda\miranda32.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\NOTEPAD\COMMAND - "" = E:\p\Notepad++Portable\Notepad++Portable.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\OPENOFFICE\COMMAND - "" = E:\p\OpenOfficePortable\OpenOfficePortable.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\THUNDERBIRD\COMMAND - "" = E:\p\ThunderbirdPortable\ThunderbirdPortable.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\ZIP\COMMAND - "" = E:\p\7-zipPortable\7-zipPortable.exe -- File not found
O33 - MountPoints2\{752cf6a8-0db2-11df-b265-001b776e201e}\Shell - "" = AutoRun
O33 - MountPoints2\{752cf6a8-0db2-11df-b265-001b776e201e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{752cf6a8-0db2-11df-b265-001b776e201e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8e4a6576-b63c-11df-b406-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{8e4a6576-b63c-11df-b406-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e4a6576-b63c-11df-b406-00059a3c7800}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{926fae44-5db8-11df-b319-001b776e201e}\Shell - "" = AutoRun
O33 - MountPoints2\{926fae44-5db8-11df-b319-001b776e201e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac0a3928-a30e-11df-b3c8-001b776e201e}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found
O33 - MountPoints2\{bead30e0-88ab-11de-b122-001b776e201e}\Shell - "" = AutoRun
O33 - MountPoints2\{bead30e0-88ab-11de-b122-001b776e201e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bead30e0-88ab-11de-b122-001b776e201e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d5867470-cc67-11de-b1c5-00059a3c7800}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{d5867470-cc67-11de-b1c5-00059a3c7800}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{d5867470-cc67-11de-b1c5-00059a3c7800}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.09.17 09:09:30 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2010.09.15 14:21:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.09.15 14:20:41 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.09.15 14:12:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2010.09.15 14:12:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.09.15 14:12:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.09.15 14:12:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.09.15 14:12:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.09.15 14:06:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\MFTools
[2010.09.14 16:51:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2010.09.14 16:28:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.09.14 16:28:32 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.09.14 16:28:32 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.09.14 16:28:32 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.09.14 16:28:32 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.09.14 16:28:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2010.09.14 16:24:49 | 000,000,000 | ---D | C] -- C:\Programme\avira
[2010.09.14 11:15:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
[2010.09.14 09:48:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.09.14 09:48:40 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.09.03 18:02:33 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010.09.03 18:02:33 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2010.09.03 18:02:32 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2010.09.03 18:02:32 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010.09.03 18:02:32 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010.09.03 18:02:32 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2010.09.03 18:02:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2010.09.03 18:02:32 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010.09.03 18:02:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2010.09.03 18:02:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010.09.03 18:02:27 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010.09.03 18:02:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010.09.03 18:02:12 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010.09.03 18:02:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010.09.03 18:02:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2010.09.03 18:02:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010.09.03 18:02:11 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010.09.03 18:02:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010.09.03 18:02:04 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010.09.03 18:02:04 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010.09.03 18:02:03 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010.09.03 18:02:03 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010.09.03 18:02:03 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010.09.03 18:02:03 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010.09.03 18:02:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2010.09.03 18:02:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010.09.03 18:02:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2010.09.03 18:02:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010.09.03 18:02:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2010.09.03 18:02:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010.09.03 18:01:49 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010.09.03 18:01:49 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010.09.03 18:01:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010.09.03 18:01:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2010.09.03 18:01:22 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2010.09.03 18:01:22 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010.09.03 18:01:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2010.09.03 18:01:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2010.09.03 18:01:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2010.09.03 18:01:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2010.09.03 18:01:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2010.09.03 18:01:22 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2010.09.03 18:01:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2010.09.03 18:01:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2010.09.03 18:01:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2010.09.03 18:01:12 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2010.09.03 10:13:06 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4prt.sys
[2010.09.03 10:12:56 | 000,206,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4.sys
[2010.09.03 10:12:51 | 000,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dot4usb.sys
[2010.08.28 17:42:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.08.28 17:33:59 | 000,000,000 | ---D | C] -- C:\Avira
[2010.08.27 14:19:34 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\%USERPROFILE%
[1 C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2026.02.18 07:04:03 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\ALLFSAF5a.ocx
[2010.09.17 09:09:37 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2010.09.17 08:34:28 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.09.17 08:32:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.17 08:31:53 | 000,025,304 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010.09.17 08:31:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.17 08:31:42 | 000,000,002 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010.09.17 08:31:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.17 08:31:38 | 1063,698,432 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.17 08:31:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010.09.17 08:31:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010.09.17 00:37:17 | 016,777,216 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT
[2010.09.17 00:37:17 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini
[2010.09.17 00:31:09 | 000,001,238 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3786359715-1756337803-377878462-500UA.job
[2010.09.16 17:57:50 | 000,774,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Incident report_2010 Sept 16th_EvaBlomberg.doc
[2010.09.16 17:56:30 | 000,774,144 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Incident Report_Eva.doc
[2010.09.16 05:46:22 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010.09.16 05:24:01 | 000,000,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit China.lnk
[2010.09.15 22:31:00 | 000,001,186 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3786359715-1756337803-377878462-500Core.job
[2010.09.15 15:06:30 | 000,464,134 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.09.15 15:06:30 | 000,445,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.15 15:06:30 | 000,086,318 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.09.15 15:06:30 | 000,072,824 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.15 15:06:29 | 001,082,156 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.15 15:01:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.09.15 14:44:43 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2010.09.15 14:20:42 | 000,000,597 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\NTREGOPT.lnk
[2010.09.15 14:20:42 | 000,000,578 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2010.09.15 14:12:44 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.15 14:10:45 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\defogger.exe
[2010.09.14 16:28:52 | 000,001,677 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.09.13 05:52:54 | 000,129,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.13 05:15:07 | 000,714,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Office Cleaning Schedule (2).docx
[2010.09.08 05:39:41 | 000,002,430 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk
[2010.09.07 08:47:38 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.09.03 18:23:09 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2010.09.03 18:10:32 | 000,082,488 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.09.03 18:06:29 | 001,596,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.27 15:10:06 | 000,103,424 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\September Events 2010.xls
[1 C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\*.tmp -> ]
========== Files Created - No Company Name ==========
[2026.02.18 07:04:03 | 000,003,120 | ---- | C] () -- C:\WINDOWS\System32\ALLFSAF5a.ocx
[2010.09.16 17:56:45 | 000,774,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Incident report_2010 Sept 16th_EvaBlomberg.doc
[2010.09.16 16:40:48 | 000,774,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Incident Report_Eva.doc
[2010.09.16 05:24:01 | 000,000,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verknüpfung mit China.lnk
[2010.09.15 14:44:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2010.09.15 14:20:42 | 000,000,597 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\NTREGOPT.lnk
[2010.09.15 14:20:42 | 000,000,578 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2010.09.15 14:12:44 | 000,000,682 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.15 14:09:17 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\defogger.exe
[2010.09.14 16:28:52 | 000,001,677 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010.09.13 05:15:06 | 000,714,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Office Cleaning Schedule (2).docx
[2010.09.03 18:02:32 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010.09.03 18:02:32 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010.09.03 18:02:32 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010.09.03 18:02:32 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010.09.03 18:02:22 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010.09.03 18:02:22 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010.09.03 18:02:22 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010.09.03 18:02:22 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010.09.03 18:02:22 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010.09.03 18:02:22 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010.09.03 18:02:22 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010.09.03 18:02:21 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010.09.03 18:02:21 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010.09.03 18:02:20 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010.09.03 18:02:20 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2010.09.03 18:02:20 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010.09.03 18:02:20 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010.09.03 18:02:20 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2010.09.03 18:02:20 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010.09.03 18:02:20 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010.09.03 18:02:20 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010.09.03 18:02:20 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010.09.03 18:02:20 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010.09.03 18:02:19 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010.09.03 18:02:19 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2010.09.03 18:02:18 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010.09.03 18:02:18 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010.09.03 18:02:16 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010.09.03 18:02:16 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010.09.03 18:02:15 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010.09.03 18:02:15 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2010.09.03 18:02:15 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010.09.03 18:02:15 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2010.09.03 18:02:15 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010.09.03 18:02:14 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010.09.03 18:02:14 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2010.09.03 18:02:12 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010.09.03 18:02:12 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010.09.03 18:02:04 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010.09.03 18:02:04 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2010.09.03 18:02:04 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010.09.03 18:02:04 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2010.09.03 18:02:04 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2010.09.03 18:02:04 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010.09.03 18:01:45 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010.09.03 18:01:45 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010.09.03 18:01:45 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010.09.03 18:01:45 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010.09.03 18:01:44 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010.09.03 18:01:44 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010.09.03 18:01:44 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010.09.03 18:01:44 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010.09.03 18:01:44 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010.09.03 18:01:44 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010.09.03 18:01:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010.09.03 18:01:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010.09.03 18:01:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010.09.03 18:01:44 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010.09.03 18:01:44 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010.09.03 18:01:44 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010.08.27 15:10:05 | 000,103,424 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\September Events 2010.xls
[2009.12.04 13:29:13 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.09.18 09:10:31 | 000,000,309 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\mdbu.bin
[2009.05.13 08:58:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\WGNUPLOT.INI
[2009.05.08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009.04.30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.04.29 22:03:41 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\8532util.dll
[2009.04.29 21:56:50 | 000,201,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV302AV.SYS
[2009.02.24 18:47:10 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2008.08.22 11:51:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008.02.10 16:18:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.12.24 13:05:01 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.12.14 17:12:14 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2007.11.01 15:53:13 | 000,285,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsio.sys
[2007.11.01 15:53:13 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\Onsreged.sys
[2007.10.27 21:37:57 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2007.10.24 20:43:00 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007.10.24 20:42:52 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007.10.24 20:42:17 | 000,000,683 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2007.10.24 20:36:59 | 000,000,740 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2007.10.23 21:21:06 | 000,029,480 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007.10.23 21:19:28 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007.10.23 21:19:25 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007.09.08 17:58:45 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2007.09.08 17:58:19 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2007.08.31 23:13:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\WMIMPLEX.dll
[2007.08.31 23:13:30 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\maplec.dll
[2007.08.29 23:17:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007.08.26 16:37:45 | 000,129,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.23 04:10:53 | 000,000,494 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tvt_userinfo.ini
[2007.07.17 01:15:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.07.17 01:06:12 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007.07.17 00:58:14 | 000,000,319 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.07.17 00:56:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007.07.17 00:56:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007.07.17 00:56:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007.07.17 00:56:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007.07.17 00:56:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007.07.17 00:56:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007.07.17 00:49:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007.07.17 00:48:49 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007.07.17 00:47:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007.07.17 00:47:20 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007.07.17 00:47:10 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2007.02.03 08:59:04 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006.08.17 10:00:13 | 000,025,304 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006.08.17 10:00:09 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006.08.03 03:27:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006.08.03 03:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006.05.31 14:37:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006.02.16 10:18:38 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.01.27 19:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.01.27 19:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.07.06 16:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 388229 bytes -> C:\WINDOWS\Temp:temp
< End of report >
Der Trojaner ist immer noch da, Avira meldet ihn noch. Danke für Deine Hilfe! Viele Grüße Eva |
|
17.09.2010, 08:21
| #4 |
| | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Hallo nochmal, was mir gerade noch einfällt: Seitdem ich eure Board-Anleitung umgesetzt habe (was ja nur bis Schritt 4 geklappt hat), sagt mein Computer, meine Firewall wäre deaktiviert. Was kann ich dagegen machen? Liebe Grüße Eva |
|
17.09.2010, 11:02
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
PRC - C:\System Volume Information\_restore{d5fffa500b1b}\svchost.exe File not found
SRV - (TpKmpSVC) -- C:\WINDOWS\System32\TpKmpSVC.exe File not found
SRV - (PsaSrv) -- C:\WINDOWS\System32\PsaSrv.exe File not found
SRV - (i6rfpmou4ihm6ab) -- C:\WINDOWS\System32\peky.exe File not found
DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (SYMIDSCO) -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\SCFIDS~1\20071220.001\symidsco.sys File not found
DRV - (PcdrNdisuiox) -- C:\WINDOWS\System32\DRIVERS\PcdrNdisuiox.sys File not found
DRV - (PcdrNdisuios) -- C:\WINDOWS\System32\DRIVERS\PcdrNdisuios.sys File not found
DRV - (PcdrNdisuiol) -- C:\WINDOWS\System32\DRIVERS\PcdrNdisuiol.sys File not found
DRV - (PcdrNdisuioi) -- C:\WINDOWS\System32\DRIVERS\PcdrNdisuioi.sys File not found
DRV - (PcdrNdisuiob) -- C:\WINDOWS\System32\DRIVERS\PcdrNdisuiob.sys File not found
DRV - (PcdrNdisuio) -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys File not found
DRV - (ombytwcw) -- C:\WINDOWS\System32\Drivers\ombytwcw.sys File not found
O33 - MountPoints2\{424ea5c0-431c-11df-b2db-001b776e201e}\Shell\AutoRun\command - "" = E:\browsercall.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\AutoRun\command - "" = E:\p\Miranda\miranda32.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\MIRANDA\COMMAND - "" = E:\p\Miranda\miranda32.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\NOTEPAD\COMMAND - "" = E:\p\Notepad++Portable\Notepad++Portable.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\OPENOFFICE\COMMAND - "" = E:\p\OpenOfficePortable\OpenOfficePortable.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\THUNDERBIRD\COMMAND - "" = E:\p\ThunderbirdPortable\ThunderbirdPortable.exe -- File not found
O33 - MountPoints2\{6cff5394-db9a-11de-b1de-001b776e201e}\Shell\ZIP\COMMAND - "" = E:\p\7-zipPortable\7-zipPortable.exe -- File not found
O33 - MountPoints2\{752cf6a8-0db2-11df-b265-001b776e201e}\Shell - "" = AutoRun
O33 - MountPoints2\{752cf6a8-0db2-11df-b265-001b776e201e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{752cf6a8-0db2-11df-b265-001b776e201e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8e4a6576-b63c-11df-b406-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{8e4a6576-b63c-11df-b406-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8e4a6576-b63c-11df-b406-00059a3c7800}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{926fae44-5db8-11df-b319-001b776e201e}\Shell - "" = AutoRun
O33 - MountPoints2\{926fae44-5db8-11df-b319-001b776e201e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac0a3928-a30e-11df-b3c8-001b776e201e}\Shell\AutoRun\command - "" = E:\Menu.exe -- File not found
O33 - MountPoints2\{bead30e0-88ab-11de-b122-001b776e201e}\Shell - "" = AutoRun
O33 - MountPoints2\{bead30e0-88ab-11de-b122-001b776e201e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bead30e0-88ab-11de-b122-001b776e201e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d5867470-cc67-11de-b1c5-00059a3c7800}\Shell\AutoRun\command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{d5867470-cc67-11de-b1c5-00059a3c7800}\Shell\Explore\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\{d5867470-cc67-11de-b1c5-00059a3c7800}\Shell\Open\Command - "" = AutoRun\AutoStart.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
[2026.02.18 07:04:03 | 000,003,120 | ---- | M] () -- C:\WINDOWS\System32\ALLFSAF5a.ocx
@Alternate Data Stream - 388229 bytes -> C:\WINDOWS\Temp:temp
:Files
C:\System Volume Information\_restore{d5fffa500b1b}
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.09.2010, 11:19
| #6 |
| | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Hmm, das hat meinen Computer zum Abstürzen gebracht. Es kam ein Fenster: DCOM (oder so ähnlich) muss beendet werden, in 1:00 Minute wird Windows heruntergefahren. Das Programm OTL muss beendet werden - sofort beenden/abbrechen? Ich habe auf abbrechen geklickt, dann ging nichts mehr. Habe den Computer jetzt neu gestartet. Wie weiter? Soll ich es nochmal versuchen? |
|
17.09.2010, 13:31
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Ja bitte nochmal versuchen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2010, 13:52
| #8 |
| | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Gleiches Problem, aber dieses Mal habe ich versucht mir den Text besser zu merken. Es ging sofort ein Fenster auf, in dem etwas in folgender Richtung stand: "Das System wird sofort heruntergefahren. Das Herunterfahren wurde veranlasst von N-Autoritaet-System (oder so ähnlich), Meldung: Der Remoteprozedur... (okay, das habe ich mir ziemlich sicher falsch gemerkt) wurde gestoppt. Anscheinend habe ich mir den Text doch nicht so gut gemerkt. Aber vielleicht kannst Du trotzdem etwas damit anfangen? Avira hat beide mal in dem Moment, in dem diese Meldung aufging nochmal den Fund des Trojaners gemeldet. |
|
17.09.2010, 13:53
| #9 |
| | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Ich habe gerade nochmal überlegt, ich glaube es war der Remoteprozedurdienst (RPD). Bin mir aber nicht sicher. |
|
17.09.2010, 15:15
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Bitte den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus. Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen. Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2010, 15:33
| #11 |
| | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Es nennt erst die Programm Version (1.2.0.0) und meine Windows Version. Dann steht da: System volume is \\.\C: \\.\C:\\.\PhysicalDrive0 at offset 0x00000000'00007e00 Boot sector MD5 is: 274955059efe9236c07688c5ff924262 Size Device Name MBR status 74 GB \\.\PhysicalDrive0 unknown boot code Unknown boot code has been found on some of your physical disks. To inspect the boot manually, dump the master boot sector: remover.exe dump <device_name> [output_file] To disinfect the master boot sector, use the following command: remover.exe fix <device_name> Done; Press any key to quit... |
|
17.09.2010, 18:02
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Zuerst mal bitte - falls noch nicht getan - die Datei remover.exe (vom BootkitRemover) vom Desktop nach c:\windows\system32 kopieren! Danach die Konsole starten über Start, Ausführen, cmd eintippen, ok. Den Text im folgenden Codefeld eintippen und mit Enter/Return ausführen: Code:
ATTFilter remover.exe dump \\.\PhysicalDrive0 c:\mbr.dat
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.09.2010, 02:49
| #13 | |
| | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Hallo, mein Computer scheint sich leider gegen alles zu wehren. Erst meinte cmd, den Befehl remover.exe würde es nicht finden. Ich habe geschlossen, dass bei mir die Datei auch bootkit_remover.exe und nicht nur remover_exe heißt und habe denselben Befehl nochmal mit bootkit_remover.exe eingegeben (ich hoffe, dass war nicht total falsch). Ergebnis: Zitat:
|
|
18.09.2010, 12:29
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira findet TR Vilsel.aejm, kann ihn aber nicht beseitigen Dann bitte jetzt CF ausführen, im Anschluss müssten wir den MBR reparieren können. ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
Linear-Darstellung
