| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weiterleitung auf falsche Website bei Klick auf Links + WerbungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.10.2010, 14:12
| #1 | ||
 |  Weiterleitung auf falsche Website bei Klick auf Links + Werbung Hallo zusammen, ich habe seit gestern das Problem, dass ich in meinen Browsern (Chrome + Firefox) beim Anklicken auf Links auf Seiten geleitet werde, die nicht korrekt sind. Das passiert sowohl bei Ergebnissen von Suchmaschinen als auch bei allen möglichen Links auf anderen Websites - allerdings nicht immer. Wenn ich eine URL direkt in die Adresszeile des Browsers eingebe, funktioniert alles einwandfrei. Auf meinem Rechner ist AVG installiert, das Programm meldet bei diesen Weiterleitungen verdächtige Aktivitäten - siehe ein Screenshot im Anhang. Dabei ist zu sagen, dass die Bezeichnung des Schädlings immer eine andere ist. Anbei eine Logs, die ich nach Eurer Anleitung  erstellt habe:MBAM-Log: Zitat:
Zitat:
GMER.txt: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-07 14:29:53
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\uxldipog.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C132D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C12898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2B1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C8A599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 98413C9D 28 Bytes [C4, 92, 01, 1C, 33, 64, 26, ...]
.text peauth.sys 98413CC1 28 Bytes [C4, 92, 01, 1C, 33, 64, 26, ...]
.text autochk.exe 002111D2 1 Byte [5C]
.text autochk.exe 002111D2 3 Bytes [5C, 00, 4C]
.text autochk.exe 002111D6 1 Byte [65]
.text autochk.exe 002111D6 3 Bytes [65, 00, 6E]
.text autochk.exe 002111DA 1 Byte [6F]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\explorer.exe[4444] ntdll.dll!NtCreateThread 77644B80 5 Bytes CALL 00550000
.text C:\Windows\explorer.exe[4444] ntdll.dll!NtCreateUserProcess 77644BE0 5 Bytes CALL 006B0000
.text C:\Windows\explorer.exe[4444] ntdll.dll!NtProtectVirtualMemory 77645380 5 Bytes CALL 00410000
.text C:\Windows\explorer.exe[4444] kernel32.dll!ExitProcess 75D32AEF 5 Bytes CALL 006D0000
.text C:\Windows\explorer.exe[4444] kernel32.dll!CreateProcessInternalW 75D342CE 5 Bytes JMP 0073859F
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] ntdll.dll!NtCreateThread 77644B80 5 Bytes CALL 007B0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] ntdll.dll!NtCreateUserProcess 77644BE0 5 Bytes CALL 00E30000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] ntdll.dll!NtProtectVirtualMemory 77645380 5 Bytes CALL 00790000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] ntdll.dll!LdrLoadDll 7765F625 5 Bytes JMP 00F013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] kernel32.dll!ExitProcess 75D32AEF 5 Bytes CALL 00E50000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] ADVAPI32.dll!CryptGenKey 77178AC7 5 Bytes CALL 02200000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] ADVAPI32.dll!CryptImportKey 7717BB52 5 Bytes CALL 021E0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] ADVAPI32.dll!CryptDeriveKey 771B2150 5 Bytes CALL 02220000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] WS2_32.dll!closesocket 75FF3BED 5 Bytes JMP 00106339
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] WS2_32.dll!recv 75FF47DF 5 Bytes JMP 00105FA5
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] WS2_32.dll!WSASend 75FF68A7 5 Bytes JMP 00106070
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] WS2_32.dll!WSARecv 75FFC29F 5 Bytes JMP 0010610A
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] WS2_32.dll!send 75FFC4C8 5 Bytes JMP 00105F32
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] USER32.dll!PeekMessageW 75E091B5 5 Bytes CALL 02010000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!HttpAddRequestHeadersA 76059ABA 5 Bytes CALL 01F70000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!InternetCloseHandle 7605C83E 5 Bytes CALL 01FF0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!InternetReadFile 7605E264 5 Bytes CALL 00E70000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!HttpSendRequestW 7605EEB3 5 Bytes CALL 01F10000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!HttpOpenRequestA 760603FA 5 Bytes CALL 01FB0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!InternetConnectA 7606050F 5 Bytes CALL 00ED0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!HttpOpenRequestW 760605D3 5 Bytes CALL 01FD0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!HttpAddRequestHeadersW 76060848 5 Bytes CALL 01F90000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!InternetQueryDataAvailable 760641CB 5 Bytes CALL 00EF0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!CommitUrlCacheEntryW 7607A290 5 Bytes CALL 01F50000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!CommitUrlCacheEntryA 7607CB22 5 Bytes CALL 01F30000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!InternetReadFileExW 760812C1 5 Bytes CALL 00EB0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!InternetReadFileExA 760812F9 5 Bytes CALL 00E90000
.text C:\Program Files\Mozilla Firefox\firefox.exe[6080] wininet.dll!HttpSendRequestA 760D02E0 5 Bytes CALL 01DF0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:4536] B724EF2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00197efa0706
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00197efa0706 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.10.2010 14:37:54 - Run 1 OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Christian\Desktop\MFTools An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 297,99 Gb Total Space | 98,32 Gb Free Space | 32,99% Space Free | Partition Type: NTFS Drive D: | 15,01 Gb Total Space | 11,24 Gb Free Space | 74,86% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded Drive F: | 7,47 Gb Total Space | 5,29 Gb Free Space | 70,71% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THINKPAD Current User Name: Christian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.10.07 12:24:14 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\MFTools\OTL.exe PRC - [2010.10.05 10:29:03 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe PRC - [2010.09.24 17:39:19 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe PRC - [2010.09.16 19:56:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.07.15 17:48:48 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe PRC - [2010.07.15 17:48:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe PRC - [2010.07.15 17:48:18 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe PRC - [2010.07.15 17:48:17 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2009.12.11 13:19:02 | 000,337,256 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe PRC - [2009.11.24 09:59:50 | 000,093,032 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\TrackPoint\tp4serv.exe PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.10.15 00:45:00 | 000,153,088 | ---- | M] (troubadix) -- C:\Programme\TPFanControl\TPFanControl.exe PRC - [2009.09.09 04:05:00 | 000,075,040 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe PRC - [2009.08.24 14:43:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe PRC - [2009.08.20 09:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe PRC - [2009.08.19 16:54:48 | 000,132,464 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe PRC - [2009.07.29 15:09:04 | 000,177,440 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe PRC - [2009.07.29 15:09:00 | 000,435,488 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe PRC - [2009.07.29 15:08:56 | 000,238,880 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2009.07.29 15:08:54 | 000,124,192 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2009.07.29 12:00:04 | 000,335,872 | ---- | M] (Lenovo) -- C:\Programme\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2009.07.23 04:11:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE PRC - [2009.07.23 04:11:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe PRC - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2009.07.10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2009.05.21 20:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2009.05.18 17:28:04 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\Core\smax4pnp.exe PRC - [2009.03.13 17:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe PRC - [2009.02.02 18:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe PRC - [2008.10.08 02:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE PRC - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\Scheduler\tvtsched.exe PRC - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007.02.26 18:45:22 | 000,063,024 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe ========== Modules (SafeList) ========== MOD - [2010.10.07 12:24:14 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\MFTools\OTL.exe MOD - [2010.07.15 17:48:48 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll MOD - [2010.06.30 08:21:47 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.07.14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.07.14 03:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2009.07.14 03:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll MOD - [2009.07.14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll MOD - [2009.07.14 03:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 03:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2010.07.15 17:48:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.10.09 13:12:30 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC) SRV - [2009.09.09 04:05:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2009.08.24 14:43:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC) SRV - [2009.07.29 15:08:56 | 000,238,880 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2009.07.29 15:08:54 | 000,124,192 | ---- | M] (Lenovo) [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009.07.13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2009.07.03 18:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV - [2009.06.12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2009.05.21 20:48:18 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV - [2008.07.15 17:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SSPORT.sys -- (SSPORT) DRV - [2010.07.15 17:48:49 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010.07.15 17:48:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010.06.02 18:41:38 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2010.03.26 08:15:50 | 000,221,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel(R) DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.11.24 09:59:30 | 000,023,152 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tp4track.sys -- (Tp4Track) DRV - [2009.10.17 16:28:27 | 000,104,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.10.09 13:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf) DRV - [2009.10.09 13:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN) DRV - [2009.09.26 19:57:34 | 000,025,768 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009.09.09 04:05:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF) DRV - [2009.08.28 19:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl) DRV - [2009.08.24 14:43:54 | 000,024,872 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV - [2009.08.06 17:02:58 | 004,786,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx) DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt) DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.14 00:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92) DRV - [2009.07.14 00:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac) DRV - [2009.07.14 00:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.07.07 18:53:02 | 000,028,160 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.05.18 17:32:58 | 000,381,440 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV - [2008.05.12 18:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi) DRV - [2008.01.19 05:55:26 | 000,030,720 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2007.11.09 10:14:09 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp) DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd) DRV - [2006.12.21 12:50:24 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2006.12.21 12:49:04 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2006.12.21 12:48:54 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2006.11.27 17:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006.10.13 04:21:00 | 000,020,512 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 C7 59 68 F4 3E CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855 FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:1.2 FF - prefs.js..extensions.enabledItems: ctrl-tab@design-noir.de:0.21.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9 FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.995 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: undoclosedtabsbutton@supernova00.biz:3.6.2 FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.09.24 17:41:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 20:59:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 19:57:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 19:57:01 | 000,000,000 | ---D | M] [2009.09.18 13:51:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions [2010.10.06 16:51:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions [2009.09.20 21:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41} [2010.09.24 17:35:53 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.02.13 15:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648} [2010.08.11 09:36:25 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.19 20:53:32 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.06 09:33:38 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.05.31 10:14:17 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010.01.09 20:17:10 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} [2010.05.24 15:24:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\bettergmail2@ginatrapani.org [2010.03.24 19:42:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\ctrl-tab@design-noir.de [2010.02.13 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\de-DE@dictionaries.addons.mozilla.org [2009.09.20 21:14:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\rtmgmail@rememberthemilk.com [2010.01.22 22:00:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\vh9jcj4x.default\extensions\undoclosedtabsbutton@supernova00.biz [2010.10.06 16:51:18 | 000,001,919 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\FireFox\Profiles\vh9jcj4x.default\searchplugins\onvista.xml [2009.09.20 21:12:42 | 000,001,289 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\FireFox\Profiles\vh9jcj4x.default\searchplugins\twitter-search.xml [2009.09.21 12:01:30 | 000,000,952 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Mozilla\FireFox\Profiles\vh9jcj4x.default\searchplugins\youtube-videosuche.xml [2010.08.10 17:43:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.10 17:43:23 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.01 10:26:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.09.16 19:56:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.16 19:56:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.16 19:56:58 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.16 19:56:58 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.16 19:56:58 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.01.30 18:50:47 | 000,377,845 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123haustiereundmehr.com O1 - Hosts: 13021 more lines... O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo) O4 - HKLM..\Run: [ACWlIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo) O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Programme\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [LPMailChecker] C:\Programme\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PWMTRV] C:\Programme\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [TrackPointSrv] C:\Programme\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\Run: [Beapi] C:\Users\Christian\AppData\Roaming\Adobe\Update\mfcres.exe () O4 - HKCU..\Run: [TPKMAPMN] C:\Programme\ThinkPad\Utilities\TpKmapMn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: QuickLaunchEnabled = 1 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d46996c3-f600-11de-bae1-0016d3bc9ec3}\Shell - "" = AutoRun O33 - MountPoints2\{d46996c3-f600-11de-bae1-0016d3bc9ec3}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Christian\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe () MsConfig - State: "startup" - 2 Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) ========== Files/Folders - Created Within 90 Days ========== [2010.10.07 13:12:51 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\virus# [2010.10.07 12:36:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.10.07 12:34:55 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.10.07 12:23:43 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\MFTools [2010.10.06 18:14:47 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes [2010.10.06 18:14:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.10.06 18:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.10.06 18:14:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.10.06 18:14:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.06 13:47:57 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server [2010.09.25 14:58:52 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DivX [2010.08.28 12:56:39 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2010.08.28 12:56:15 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.08.28 12:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.08.15 14:34:49 | 000,000,000 | ---D | C] -- C:\Users\Christian\.shsh [2010.08.10 17:42:59 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2010.08.05 12:15:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.08.05 00:32:06 | 000,041,984 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\libusb0.dll [2010.08.05 00:32:06 | 000,028,160 | ---- | C] (hxxp://libusb-win32.sourceforge.net) -- C:\Windows\System32\drivers\libusb0.sys [2010.08.04 09:14:28 | 000,000,000 | R--D | C] -- C:\Users\Christian\Saved Games [2010.07.22 22:01:15 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\HandBrake [2010.07.22 22:00:52 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\HandBrake [2010.07.22 22:00:44 | 000,000,000 | ---D | C] -- C:\Programme\Handbrake [2010.07.21 11:05:17 | 000,000,000 | ---D | C] -- C:\Programme\Medieval Software [2010.07.15 17:48:48 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll ========== Files - Modified Within 90 Days ========== [2010.10.07 14:39:44 | 000,013,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.07 14:39:44 | 000,013,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.07 14:33:27 | 007,864,320 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT [2010.10.07 14:32:28 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.07 14:32:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.10.07 14:32:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.07 14:32:04 | 341,537,357 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.10.07 14:32:00 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2010.10.07 14:23:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2148613658-2886658470-609265780-1001UA.job [2010.10.07 14:01:27 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.07 13:13:37 | 014,537,651 | -H-- | M] () -- C:\Users\Christian\AppData\Local\IconCache.db [2010.10.07 13:12:01 | 000,000,000 | ---- | M] () -- C:\Users\Christian\defogger_reenable [2010.10.07 12:34:59 | 000,000,894 | ---- | M] () -- C:\Users\Christian\Desktop\NTREGOPT.lnk [2010.10.07 12:34:58 | 000,000,875 | ---- | M] () -- C:\Users\Christian\Desktop\ERUNT.lnk [2010.10.07 12:24:14 | 000,284,915 | ---- | M] () -- C:\Users\Christian\Desktop\Gmer.zip [2010.10.07 12:24:14 | 000,050,477 | ---- | M] () -- C:\Users\Christian\Desktop\defogger.exe [2010.10.07 11:23:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2148613658-2886658470-609265780-1001Core.job [2010.10.07 11:02:18 | 065,681,351 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm [2010.10.06 18:14:17 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [[2010.10.05 21:36:37 | 001,498,506 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.10.05 21:36:37 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.05 21:36:37 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.05 21:36:37 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.05 21:36:37 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.17 11:31:37 | 000,377,845 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.umbrella [2010.08.12 18:32:07 | 000,301,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.07.15 17:48:49 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys [2010.07.15 17:48:48 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll [2010.07.15 17:48:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys ========== Files Created - No Company Name ========== [2010.10.07 14:32:04 | 341,537,357 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010.10.07 13:12:01 | 000,000,000 | ---- | C] () -- C:\Users\Christian\defogger_reenable [2010.10.07 12:34:59 | 000,000,894 | ---- | C] () -- C:\Users\Christian\Desktop\NTREGOPT.lnk [2010.10.07 12:34:58 | 000,000,875 | ---- | C] () -- C:\Users\Christian\Desktop\ERUNT.lnk [2010.10.07 12:23:51 | 000,050,477 | ---- | C] () -- C:\Users\Christian\Desktop\defogger.exe [2010.10.07 12:23:49 | 000,284,915 | ---- | C] () -- C:\Users\Christian\Desktop\Gmer.zip [2010.10.06 18:14:17 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.03 13:39:30 | 000,000,965 | ---- | C] () -- C:\Users\Christian\Desktop\CCleaner.lnk [2010.07.22 22:00:44 | 000,000,977 | ---- | C] () -- C:\Users\Christian\Desktop\Handbrake.lnk [2010.07.21 11:05:30 | 000,001,200 | ---- | C] () -- C:\Users\Public\Desktop\Medieval CUE Splitter.lnk [2010.06.30 22:29:53 | 000,004,608 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.16 21:41:21 | 000,000,250 | ---- | C] () -- C:\Windows\ODBC.INI [2010.06.16 21:24:09 | 001,318,912 | ---- | C] () -- C:\Windows\System32\eclicpub.dll [2010.06.06 16:22:57 | 000,374,784 | ---- | C] () -- C:\Windows\System32\Axa32.dll [2010.06.06 16:22:57 | 000,097,280 | ---- | C] () -- C:\Windows\System32\Ecxa.dll [2010.04.26 20:07:47 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.04.26 20:07:47 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2009.11.15 20:25:02 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.10.08 15:45:30 | 000,007,597 | ---- | C] () -- C:\Users\Christian\AppData\Local\Resmon.ResmonCfg [2009.09.18 14:51:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2009.09.18 14:49:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.28 11:52:28 | 000,022,723 | ---- | C] () -- C:\Windows\System32\ssp1ml3.dll [2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll ========== LOP Check ========== [2009.11.07 16:12:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AVG9 [2009.09.24 17:08:27 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Canneverbe_Limited [2010.08.11 09:35:00 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Dropbox [2010.03.14 15:51:32 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\elsterformular [2010.07.22 22:01:08 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\HandBrake [2009.10.29 19:41:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech [2009.09.20 20:57:16 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Lenovo [2010.04.13 20:22:28 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TeamViewer [2010.08.31 18:39:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.10.07 14:32:00 | 1603,084,288 | -HS- | M] () -- C:\hiberfil.sys [2010.10.07 14:32:07 | 2137,448,448 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2007.11.27 14:55:36 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\1_ssp1mpc.dll [2009.07.14 03:15:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP4.DLL [2009.06.22 18:58:20 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL [2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2007.11.27 14:55:36 | 000,019,968 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\System32\spool\prtprocs\w32x86\ssp1mpc.dll [2009.07.14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > [2010.10.07 12:12:03 | 000,283,136 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Adobe\Update\mfcres.exe < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 06:41:57 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=381A2F21F4701730B924C57C6D0006E1 -- C:\Windows\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=33218E52223C097F5117DA8FDE4663E5 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-06 10:45:50 < End of report > und zum Schluss noch Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.10.2010 14:37:54 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Christian\Desktop\MFTools
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 98,32 Gb Free Space | 32,99% Space Free | Partition Type: NTFS
Drive D: | 15,01 Gb Total Space | 11,24 Gb Free Space | 74,86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 7,47 Gb Total Space | 5,29 Gb Free Space | 70,71% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: THINKPAD
Current User Name: Christian
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'ThinkPad-Tastaturanpassung'
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 20
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD295B9-0190-4C54-B08E-33A6ECA922DF}" = ThinkVantage Access Connections
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{717F5741-5C2E-4469-BDA0-B5EC2243646F}_is1" = TPFanControl v0.62
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Energie-Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Digsby" = Digsby
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular 11.2.0.4074" = ElsterFormular
"ERUNT_is1" = ERUNT 1.1j
"Handbrake" = Handbrake 0.9.4
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"JDownloader" = JDownloader
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"OnScreenDisplay" = Anzeige am Bildschirm
"PDF Blender" = PDF Blender
"Power Management Driver" = ThinkPad Power Management Driver
"Samsung ML-2240 Series" = Samsung ML-2240 Series
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 07.10.2010 08:18:23 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.10.2010 08:18:23 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2492911
Error - 07.10.2010 08:18:23 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2492911
Error - 07.10.2010 08:18:38 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.10.2010 08:18:38 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2508699
Error - 07.10.2010 08:18:38 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2508699
Error - 07.10.2010 08:18:54 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 07.10.2010 08:18:54 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2524299
Error - 07.10.2010 08:18:54 | Computer Name = Thinkpad | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2524299
Error - 07.10.2010 08:33:13 | Computer Name = Thinkpad | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_PWMTR32V.DLL, Version:
6.1.7600.16385, Zeitstempel: 0x4a5bc637 Name des fehlerhaften Moduls: PWMTR32V.DLL,
Version: 1.0.0.0, Zeitstempel: 0x4aa725c0 Ausnahmecode: 0xc0000005 Fehleroffset:
0x000156ae ID des fehlerhaften Prozesses: 0x910 Startzeit der fehlerhaften Anwendung:
0x01cb661bbc80c63e Pfad der fehlerhaften Anwendung: C:\Windows\System32\rundll32.exe
Pfad
des fehlerhaften Moduls: C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL Berichtskennung:
0c8f519c-d20f-11df-9d87-001f3c37c57c
[ OSession Events ]
Error - 13.06.2010 11:06:47 | Computer Name = Thinkpad | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 3312
seconds with 360 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.03.2010 16:17:49 | Computer Name = Thinkpad | Source = bowser | ID = 8003
Description =
Error - 30.03.2010 16:19:20 | Computer Name = Thinkpad | Source = bowser | ID = 8003
Description =
Error - 30.03.2010 16:20:50 | Computer Name = Thinkpad | Source = bowser | ID = 8003
Description =
Error - 30.03.2010 16:22:21 | Computer Name = Thinkpad | Source = bowser | ID = 8003
Description =
Error - 30.03.2010 16:23:51 | Computer Name = Thinkpad | Source = bowser | ID = 8003
Description =
Error - 30.03.2010 16:25:22 | Computer Name = Thinkpad | Source = bowser | ID = 8003
Description =
Error - 30.03.2010 16:26:53 | Computer Name = Thinkpad | Source = bowser | ID = 8003
Description =
Error - 30.03.2010 16:28:23 | Computer Name = Thinkpad | Source = bowser | ID = 8003
Description =
Error - 30.03.2010 16:29:54 | Computer Name = Thinkpad | Source = bowser | ID = 8003
Description =
Error - 30.03.2010 16:31:24 | Computer Name = Thinkpad | Source = bowser | ID = 8003
Description =
< End of report >
Die Logs sind auch noch gezippt im Anhang. Was kann ich tun?? Danke!!! Markus |
|
07.10.2010, 14:26
| #2 |
| /// Malware-holic   | Weiterleitung auf falsche Website bei Klick auf Links + Werbung • Starte bitte die OTL.exe.
__________________• Kopiere nun das Folgende in die Textbox. :OTL O4 - HKCU..\Run: [Beapi] C:\Users\Christian\AppData\Roaming\Adobe\Update\mfcres.exe () :FILES C:\Users\Christian\AppData\Roaming\Adobe\Update\mfcres.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten öffne mein computer, c:\_OTL rechtsklick auf moved files und zu moved files.rar oder zip hinzufügen. archiv zu uns hochladen. http://www.trojaner-board.de/54791-a...ner-board.html |
|
07.10.2010, 15:19
| #3 | |
| | Weiterleitung auf falsche Website bei Klick auf Links + Werbung Habe die Datei hochgeladen.
__________________Nachfolgend die Log-Datei von OTL nach dem Neustart: Zitat:
|
|
07.10.2010, 15:25
| #4 |
| /// Malware-holic | Weiterleitung auf falsche Website bei Klick auf Links + Werbung machst du onlinebanking oder sonstige online einkäufe? |
|
07.10.2010, 15:27
| #5 |
| | Weiterleitung auf falsche Website bei Klick auf Links + Werbung Ja, mache ich beides sehr regelmäßig. |
|
07.10.2010, 15:38
| #6 |
| /// Malware-holic | Weiterleitung auf falsche Website bei Klick auf Links + Werbung ich würde dir daher raten: 1. bank anrufen.online banking muss gespert werden. desweiteren solltest du dich über onlinebanking mit chipcard beraten lassen, das ist sicherer. du bekommst dazu ein lesegerät, da sollte es eins der klasse 3 sein. 2. solltest du neu aufsetzen ich gebe dir tipps zum absichern, das ist das sicherste, da mit diesem pc wichtige transaktionen durchgeführt werden. |
|
07.10.2010, 15:41
| #7 | |
| | Weiterleitung auf falsche Website bei Klick auf Links + WerbungZitat:
Puh  Was genau habe ich mir denn da eingefangen?Okay... zu 1. Banking: Du sagst Sperren lassen - Reicht es, wenn ich von einem anderen PC aus meine PINs/Zugangsdaten entsprechend ändere? zu 2. Neu aufsetzten bedeutet formatieren und komplette Neuinstallation des Systems? Danke! |
|
07.10.2010, 15:47
| #8 |
| /// Malware-holic | Weiterleitung auf falsche Website bei Klick auf Links + Werbung du kannst alle deine passwörter die du so hast von nem sauberen pc aus endern, klar :-) du hast dir einen passwort stealer eingefangen der es evtl. auch auf online banking daten abgesehen hatt. das bedeutet den pc neu aufsetzen. und dann nach dieser anleitung neu machen. 1. solltest du nur noch als eingeschrenkter nutzer arbeiten , das admin konto ist nur für instalationen gedacht. klicke start, tippe unter suchen (ausführen) systemsteuerung. wähle dort Benutzerkonten hinzufügen/entfernen. wähle "neues konto erstellen" Wähle standard benutzer. die konten sollten mit einem passwort geschützt werden. dazu auf konto endern klicken und passwörter vergeben. die uac sollte auf maximum stehen. klicke auf start, ausführen (suchen) tippe uac enter nachfrage bestätigen, regler auf höchste stufe. so ist es schwiriger heimlich etwas auf dem pc zu instalieren. Die folgenden konfigurationen als admin ausführen: 2. dep aktivieren: dep für alle prozesse: Datenausführungsverhinderung (DEP) • "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:". wenn es zu problemen kommen sollte, kann man die betroffenen prozesse aus der Überwachung entfernen. 3. sehop aktivieren: SEHOP aktivieren: Aktivieren von SEHOP (Structured Exception Handling Overwrite Protection) in Windows-Betriebssystemen klicke auf "Feature automatisch aktivieren" und folge den anweisungen dieser tipp, gilt auch für windows 7 4. einer der sichersten browser ist opera. Opera Webbrowser | Schneller & sicherer | Die neuen Internet-Browser kostenlos herunterladen in den letzten jahren lag er was die sicherheit angeht weit vor den großen wie dem internet explorer und dem firefox. mit diesem tool lässt sich ein werbeblocker laden Opera AdBlock Configurator - Freeware - DE - Download.CHIP.eu zusätzlich kannst du das auch manuell erledigen, falls mal etwas nicht geblockt wird: Computerbase - Werbung blockieren 5. avg: AVG Free Antivirus 2011 - Download - CHIP Online 6. um das surfen sicherer zu machen, würde ich Sandboxie empfehlen. Download: drop.io (als pdf) hier noch ein paar zusatzeinstellungen, nicht verunsichern lassen, wenn ihr das programm instaliert habt, werden sie klar. den direkten datei zugriff bitte auf opera beschrenken, bei Internetzugriff: opera.exe öffne dann sandboxie, dann oben im menü auf sandbox klickem, wähle deine sandbox aus und klicke dann auf sandboxeinstellung. dort auf anwendung, webbrowser, andere dort auf direkten zugriff auf opera bookmarks erlauben. dann auf hinzufügen und ok. somit kannst du deine lesezeichen auch in der sandbox dauerhaft abspeichern. wenn du mit dem programm gut auskommst, ist ne lizenz zu empfehlen. 1. es gibt dann noch ein paar mehr funktionen. 2. kommt nach nem monat die anzeige, dass das programm freeware ist, die verschwindet erst nach ner zeit, find ich n bissel nerfig. 3. ist die lizenz lebenslang gültig, kostenpunkt rund 30 €, und du kannst sie auf allen pcs in deinem haushalt einsetzen. 7. autorun für usb deaktivieren: über diesen weg werden sehr häufig schaddateien verbreitet, schalte die funktion also ab. Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de usb sticks, festplatten etc, sollte man mit panda vaccine impfen: ANTIMALWARE: Panda USB Vaccine - Download FREE - PANDA SECURITY so holt man sich keine infektionen ins haus, wenn man mal die festplatte etc verleit. hake an: hake an: run panda usb vaccine automatically when computer boots automatically vaccine any new insert usb key enable ntfs file suport 8. updates: Updates sind für dein system genauso wichtig, wie ein antivirenscanner. Sehr häufig gelangen schädlinge nur aufs system, weil der user veraltete software nutzt. instaliere die folgenden update checker. Secunia: http://www.trojaner-board.de/83959-s...ector-psi.html und file hippo update checker: FileHippo.com Update Checker - FileHippo.com das file Hippo Symbol wird im infobereich neben der uhr auftauchen, mache bitte nen rechtsklick darauf, wähle settings, results, setze einen haken bei "hide beta updates" klicke ok. dann doppelklicke file hippo, eine Internetseite wird geöffnet, auf der dier die aktuellsten updates gezeigt werden, diese downloaden und instalieren. Beide programme sollten im autostart bleiben, und sobald eines der programme updates anzeigt sollten diese umgehend instaliert werden. 9. regelmäßige Backups des systems sind sehr wichtig, du weist nie, ob deine festplatte mal kaputt geht. Acronis True Image 2011 - Festplatten-Backup-Software, Datei-Backup und Disk Imaging, Wiederherstellung von Anwendungseinstellungen, Backup von Musik, Videos, Fotos und Outlook-Mails außerdem kannst du, bei neuerlichem malware befall das system zurücksetzen. Das Backup sollte möglichst auf eine externe festplatte etc emacht werden, nicht auf die selbe, wo sich die zu sichernden daten befinden. Von sehr wichtigen Daten könnte man noch eine zusätzliche Sicherung auf dvds/cds erstellen, dazu könnte man auch wiederbeschreibbare verwenden (rws) falls die sammlung mal erneuert werden soll. 10. passwörter endern. melde dich ab sofort im standard nutzerkonto an und surfe dort nur noch in sandboxie, mit klick auf "sandboxed web browser" ich denke du hast eine recovery funktion oder cd, da wird meist noch viel unnützes zeug instaliert /gestartet, wenn du willst können wir das nach instalation mal durchgehen und aufräumen was unnötig ist. im allgemeinen kann ich dir schon mal sagen, auf toolbars verzichten, keine illegalen file sharing downloads, keine filme von kino.to und anderen streaming seiten, das sind alles potentielle malware schläudern :-) |
|
07.10.2010, 15:54
| #9 |
| | Weiterleitung auf falsche Website bei Klick auf Links + Werbung Okay, dann werde ich mal alles neu aufsetzen. Danke für die Tipps, auch bzgl. der Programme. Antivir läuft bei mir nicht, weil es sich nicht mit dem Security-Chip meines Thinkpads versteht - daher habe ich AVG drauf. Kann ich meine Eigenen Dateien auf einem USB-Datenträger sichern und auf das neue System rüberspielen oder besteht dabei die Gefahr, dass ich infizierte Daten kopiere? Danke!! |
|
07.10.2010, 15:59
| #10 |
| /// Malware-holic | Weiterleitung auf falsche Website bei Klick auf Links + Werbung ich hab doch zu avg verlinkt :-) nur zu der neuesten version. du kannst die dateien kopieren, dann arbeitest du alles durch und zum schluss kannst du den stick ja mal mit avg prüfen um sicher zu gehen |
|
07.10.2010, 16:37
| #11 |
| | Weiterleitung auf falsche Website bei Klick auf Links + Werbung Ja, da hast Du Recht - ich war ein wenig blind und habe etwas anderes gelesen als da steht  Dann werde ich mal loslegen jetzt, wird sicher eine Weile dauern... Danke schonmal, ich Update hier wenn ich weiter bin!  |
|
07.10.2010, 16:44
| #12 |
| /// Malware-holic | Weiterleitung auf falsche Website bei Klick auf Links + Werbung ja das wäre nett, damit ich weis das alles geklappt hatt |
|
| Themen zu Weiterleitung auf falsche Website bei Klick auf Links + Werbung |
| 7-zip, 80-100, adblock, avg free, bho, bonjour, browser, canon, cdburnerxp, components, controlset002, corp./icp, desktop, error, excel.exe, extras.txt, falsche website, festplatte, firefox, firefox.exe, flash player, fontcache, format, google chrome, install.exe, jdownloader, langs, libusb0.sys, local\temp, location, locker, logfile, microsoft office word, monitor, mozilla, national, ntdll.dll, nvstor.sys, office 2007, oldtimer, plug-in, problem, programdata, programm, registry, rundll, saver, searchplugins, security, security update, server, shell32.dll, software, suchmaschine, super, system, tcp, thinkvantage registry monitor service, udp, user agent, virus, vlc media player, webcheck, weiterleitungen, werbung |
Linear-Darstellung
