| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner - was nun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.11.2010, 13:58
| #1 |
 |  Trojaner - was nun? Hallo, vor zwei Tagen hat mir AVG angezeigt, dass mein Laptop infiziert ist. Der Virenscanner hat den Trojaner in die Virenquarantäne verschoben, aber seit gestern und heute tauchen immer noch Meldungen auf, zudem hat sich mein Windows Media Player verselbständig. Folgende Viren worden in die Quarantäne verschoben Trojaner: Generic19.CMHY, Win32/Kryptik.HYW, Fubyki/moaqc.exe. Ich weiss leider nicht, was zu tun ist, Anti-Malware hat gestern nichts gefunden. Vielen Dank im voraus. |
|
11.11.2010, 14:03
| #2 |
| /// Malware-holic   |  Trojaner - was nun? ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
11.11.2010, 23:55
| #3 |
| | Trojaner - was nun? So hier der OTL logfile
__________________Code:
ATTFilter OTL logfile created on: 11.11.2010 23:20:23 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Marion\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 998,00 Mb Total Physical Memory | 197,00 Mb Available Physical Memory | 20,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free Paging file location(s): C:\pagefile.sys 1500 3000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 142,51 Gb Total Space | 82,91 Gb Free Space | 58,18% Space Free | Partition Type: NTFS Computer Name: LENOVO-FB376359 | User Name: Irmgard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Marion\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\SeaMonkey\seamonkey.exe (mozilla.org) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE (Software 2000 Limited) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\SoftMaker Office 2008\smash.exe () PRC - C:\Programme\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.) PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) PRC - C:\Programme\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (IBM) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) PRC - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) PRC - c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) PRC - C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) PRC - C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) PRC - c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe () PRC - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () PRC - C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO) PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) PRC - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) PRC - C:\Programme\Digital Line Detect\DLG.exe (Avanquest Software ) PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) PRC - c:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) PRC - C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\issch.exe (InstallShield Software Corporation) PRC - C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\agent.exe (InstallShield Software Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Marion\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe () SRV - (avgwd) -- C:\Programme\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.) SRV - (TSSCoreService) -- C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe (IBM) SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (AcPrfMgrSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) SRV - (AcSvc) -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) SRV - (SUService) -- c:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TVT Scheduler) -- c:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited) SRV - (TVT Backup Service) -- C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited) SRV - (tvtnetwk) -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe () SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (Diskeeper) -- C:\Programme\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (SmcService) -- C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) ========== Driver Services (SafeList) ========== DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found DRV - (TVTPktFilter) -- C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys File not found DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo) DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.) DRV - (mdvrmng) -- C:\WINDOWS\system32\drivers\mdvrmng.sys () DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation) DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys () DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited) DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions) DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.) DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.) DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.) DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.) DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.) DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.) DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.) DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (ac97intc) Intel(r) 82801 Audiotreiber-Installationsdienst (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\..\URLSearchHook: {0c3c917a-52b8-47cb-9625-cc0272510ed9} - C:\Programme\TyndaleHouse\tbTyn0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad [binary data] IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.1.4.1:8080 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.12.29 12:06:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG10\Firefox\ [2010.11.09 18:33:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programme\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010.11.09 18:34:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.14 23:27:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.23 12:59:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\SeaMonkey 2.0.1\extensions\\Components: C:\Programme\SeaMonkey\components [2010.08.27 20:32:18 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\SeaMonkey 2.0.1\extensions\\Plugins: C:\Programme\SeaMonkey\plugins [2010.09.23 12:59:16 | 000,000,000 | ---D | M] [2010.08.27 20:32:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\Mozilla\Extensions [2010.08.27 20:32:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a} [2010.08.27 20:32:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\Mozilla\SeaMonkey\Profiles\l2jnamx3.default\extensions [2010.08.14 23:27:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [1999.12.31 16:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2009.12.02 09:31:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.02 09:31:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.02 09:31:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.02 09:31:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.02 09:31:53 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (TyndaleHouse Toolbar) - {0c3c917a-52b8-47cb-9625-cc0272510ed9} - C:\Programme\TyndaleHouse\tbTyn0.dll (Conduit Ltd.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (TyndaleHouse Toolbar) - {0c3c917a-52b8-47cb-9625-cc0272510ed9} - C:\Programme\TyndaleHouse\tbTyn0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\..\Toolbar\WebBrowser: (TyndaleHouse Toolbar) - {0C3C917A-52B8-47CB-9625-CC0272510ED9} - C:\Programme\TyndaleHouse\tbTyn0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\..\Toolbar\WebBrowser: (TyndaleHouse Toolbar) - {0C3C917A-52B8-47CB-9625-CC0272510ED9} - C:\Programme\TyndaleHouse\tbTyn0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACTray] C:\Programme\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo ) O4 - HKLM..\Run: [ACWLIcon] C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMSG] C:\Programme\ThinkVantage\AMSG\Amsg.exe (LENOVO) O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AwaySch] C:\Programme\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [BLOG] C:\Programme\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [cssauth] C:\Programme\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [DiskeeperSystray] C:\Programme\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.) O4 - HKLM..\Run: [HPUsageTracking] C:\Programme\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [LPManager] C:\Programme\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.) O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Programme\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.) O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe (SONIX) O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKU\S-1-5-21-2113579362-2319363791-163619842-1005..\Run: [Smash] C:\Programme\SoftMaker Office 2008\Smash.exe () O4 - HKU\S-1-5-21-2113579362-2319363791-163619842-1006..\Run: [Smash] C:\Programme\SoftMaker Office 2008\Smash.exe () O4 - HKU\S-1-5-21-2113579362-2319363791-163619842-1006..\Run: [XhdRsdAAPg.exe] C:\DOKUME~1\Marion\LOKALE~1\Temp\XhdRsdAAPg.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk = C:\Programme\Digital Line Detect\DLG.exe (Avanquest Software ) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2113579362-2319363791-163619842-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-2113579362-2319363791-163619842-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - C:\Programme\Lenovo\HOTKEY\notifyf2.dll - C:\Programme\Lenovo\HOTKEY\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - C:\Programme\Lenovo\HOTKEY\tphklock.dll - C:\Programme\Lenovo\HOTKEY\tphklock.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Programme\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183528496136192) ========== Files/Folders - Created Within 30 Days ========== [2010.11.11 01:59:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.11.11 01:46:17 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2010.11.11 01:46:16 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.11.11 01:46:16 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.11.11 01:46:07 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.11.11 01:45:41 | 002,192,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010.11.11 01:45:41 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010.11.11 01:45:40 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe [2010.11.11 01:45:39 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010.11.11 01:42:02 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll [2010.11.10 22:23:18 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2010.11.10 22:22:24 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2010.11.10 22:21:43 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010.11.10 22:21:38 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010.11.10 22:18:11 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2010.11.10 22:18:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2010.11.10 22:18:05 | 000,737,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll [2010.11.10 22:14:30 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2010.11.10 22:09:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.11.10 22:03:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\Sun [2010.11.10 21:54:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010.11.10 21:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de [2010.11.10 21:54:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010.11.10 21:46:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2010.11.10 21:40:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.11.10 20:59:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\AVG10 [2010.11.10 13:53:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\AVG [2010.11.09 18:36:02 | 000,000,000 | ---D | C] -- C:\AVG10 [2010.11.09 18:34:41 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2010.11.09 18:34:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar [2010.11.09 18:32:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10 [2010.11.09 18:32:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG [2010.11.09 18:08:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2010.11.09 15:01:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\Malwarebytes [2010.11.09 15:01:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.11.09 15:01:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.11.09 15:01:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.11.09 15:01:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.10.18 00:05:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\ProgSense [2010.10.18 00:05:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\GrabPro [2010.10.18 00:05:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\Orbit [2010.10.17 00:56:59 | 000,000,000 | ---D | C] -- C:\Programme\NirSoft [2010.10.13 20:46:50 | 000,000,000 | ---D | C] -- C:\Programme\VLCPortable [2010.10.09 10:01:27 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll [2010.10.09 10:01:27 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2010.10.09 10:01:27 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [2010.10.09 10:01:27 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll [2009.12.29 10:54:20 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [2009.12.29 10:54:20 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.11 23:18:05 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2010.11.11 23:07:14 | 098,993,653 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2010.11.11 23:03:59 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job [2010.11.11 23:03:13 | 000,025,261 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2010.11.11 23:02:36 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2010.11.11 23:02:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.11 23:02:29 | 1046,786,048 | -HS- | M] () -- C:\hiberfil.sys [2010.11.11 12:56:44 | 000,192,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.11.11 02:27:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.11.11 02:20:14 | 000,459,066 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.11.11 02:20:14 | 000,441,322 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.11 02:20:14 | 000,084,524 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.11.11 02:20:14 | 000,071,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.11.11 02:01:02 | 000,000,140 | ---- | M] () -- C:\Dokumente und Einstellungen\Irmgard\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2010.11.11 01:52:29 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2010.11.10 22:09:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.10 21:46:13 | 000,251,712 | RHS- | M] () -- C:\NTLDR [2010.11.10 13:52:05 | 000,000,809 | ---- | M] () -- C:\Dokumente und Einstellungen\Irmgard\Desktop\AVG PC Tuneup 2011.lnk [2010.11.09 18:34:14 | 000,000,693 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk [2010.11.09 15:01:29 | 000,000,683 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.17 01:45:50 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\Irmgard\Desktop\GetASFStream.lnk [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.11 23:07:14 | 098,993,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm [2010.11.10 13:52:17 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job [2010.11.10 13:52:05 | 000,000,809 | ---- | C] () -- C:\Dokumente und Einstellungen\Irmgard\Desktop\AVG PC Tuneup 2011.lnk [2010.11.09 18:34:14 | 000,000,693 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk [2010.11.09 15:01:29 | 000,000,683 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.10.17 01:45:50 | 000,000,706 | ---- | C] () -- C:\Dokumente und Einstellungen\Irmgard\Desktop\GetASFStream.lnk [2010.10.09 10:01:31 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2010.06.08 14:18:26 | 000,000,056 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsidmv.dat [2010.01.02 20:56:17 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys [2009.12.29 15:15:22 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009.12.29 15:13:25 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll [2009.12.29 11:26:48 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Irmgard\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.12.29 11:19:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009.12.29 11:12:22 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2009.12.29 11:06:10 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009.12.29 11:04:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009.12.29 11:04:37 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009.12.29 11:04:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009.12.29 11:04:37 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009.12.29 11:04:37 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009.12.29 11:04:37 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009.12.29 10:57:49 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2009.12.29 10:57:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll [2009.12.29 10:55:51 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2009.12.29 10:54:20 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2009.12.29 10:54:20 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2009.12.29 10:54:05 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll [2009.12.29 10:53:05 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS [2009.07.13 10:35:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\RemoveDevice.dll [2008.02.07 10:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll [2007.07.27 07:37:40 | 000,025,261 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2007.07.27 07:37:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI [2007.02.27 17:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007.02.27 17:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007.01.16 16:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006.09.05 14:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL [2006.01.27 18:18:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.01.27 18:05:14 | 000,002,963 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.01.26 18:09:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.10.15 18:31:56 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll [2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2009.12.29 15:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Canneverbe_Limited [2009.12.31 09:38:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GrabPro [2009.12.29 11:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo [2010.01.03 21:57:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lingo4u [2009.12.29 12:08:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia [2009.12.31 11:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Orbit [2010.01.01 16:09:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SoftMaker [2009.12.29 17:01:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\uTorrent [2010.11.11 01:54:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar [2010.11.11 13:13:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10 [2010.11.09 18:18:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9 [2010.01.02 20:57:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Birdstep Technology [2009.12.29 15:16:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.11.09 18:34:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2009.12.30 19:16:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.12.29 11:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo [2010.11.09 18:09:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2010.01.02 20:52:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.12.29 11:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC-Doctor [2010.11.11 02:38:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp [2010.01.09 19:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\The Word [2009.12.29 11:17:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UIB [2010.01.11 15:44:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.12.29 11:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Lenovo [2010.11.10 13:53:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\AVG [2010.11.10 20:59:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\AVG10 [2010.01.02 20:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\Birdstep Technology [2010.10.18 00:05:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\GrabPro [2009.12.29 18:17:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\Lenovo [2010.10.18 00:20:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\Orbit [2009.12.29 15:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\PC Suite [2010.10.18 00:05:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\ProgSense [2010.01.19 14:38:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Irmgard\Anwendungsdaten\SoftMaker [2010.11.09 18:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\AVG10 [2010.01.02 20:58:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\Birdstep Technology [2009.12.29 20:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\Canneverbe_Limited [2010.11.11 13:10:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\Fubyki [2009.12.31 19:00:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\GrabPro [2010.11.11 13:08:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\Ilyhyn [2010.01.03 00:24:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\InterVideo [2009.12.29 12:01:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\Lenovo [2010.01.04 23:10:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\Lingo4u [2010.05.23 01:35:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\mp3DirectCut [2010.03.30 20:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\Nokia [2010.10.18 18:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\Octoshape [2009.12.31 20:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\Orbit [2009.12.29 12:08:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\PC Suite [2010.08.10 16:55:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\SoftMaker [2010.10.27 00:01:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\The Word [2009.12.29 21:57:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marion\Anwendungsdaten\uTorrent [2010.11.11 23:18:05 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job [2010.11.11 23:03:59 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job [2010.11.11 01:52:29 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > Invalid Environment Variable: APPDATA Invalid Environment Variable: APPDATA < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.11.10 21:40:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.11.10 21:40:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2010.11.10 21:40:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.04 08:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004.08.04 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.11.10 21:40:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.11.10 21:40:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2010.11.10 21:40:10 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\sp3.cab:atapi.sys [2007.04.03 11:39:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2007.03.14 22:20:18 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=683FB3F8B7B40317BE7362CF86BFA998 -- C:\Programme\ThinkVantage Fingerprint Software\eventlog.dll [2004.08.04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe < MD5 for: IASTOR.SYS > [2007.02.12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys [2007.02.12 05:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys [2007.02.12 18:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\I386\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll [2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2005.04.01 19:33:14 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=B0B3908F5432F9DBBCD83CA4C33F0D82 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.01.26 19:08:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006.01.26 19:08:21 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006.01.26 19:08:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:0B4227B4 < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.11.2010 23:20:23 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Marion\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
998,00 Mb Total Physical Memory | 197,00 Mb Available Physical Memory | 20,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 142,51 Gb Total Space | 82,91 Gb Free Space | 58,18% Space Free | Partition Type: NTFS
Computer Name: LENOVO-FB376359 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-2113579362-2319363791-163619842-1006\SOFTWARE\Classes\<extension>]
.html [@ = SeaMonkeyHTML] -- C:\Programme\SeaMonkey\seamonkey.exe (mozilla.org)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\AVG\AVG10\avgdiagex.exe" = C:\Programme\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnose 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgnsx.exe" = C:\Programme\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG10\avgemcx.exe" = C:\Programme\AVG\AVG10\avgemcx.exe:*:Enabled:Personal eMail-Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10DDCDDD-9A59-4496-9371-C17F1668D433}" = Windows Live Toolbar
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Präsentationsdirektor
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEEA65D4-E9F8-4B2C-B512-8872343403F3}" = BibleMax
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D728E945-256D-4477-B377-6BBA693714AC}" = Ergänzung zu Productivity Center für ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype 5.0
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1AC923B-2A52-4C5D-8011-5FC83CD58CF4}" = hppusgP1000
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"AwayTask" = Maintenance Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)
"GetASFStream" = GetASFStream
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lenovo Registration" = Lenovo Registration
"LingoPad_is1" = LingoPad 2.5.1 (Build 325)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"NirSoft WebVideoCap" = NirSoft WebVideoCap
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"OnScreenDisplay" = Anzeige am Bildschirm
"PC-Doctor 5 for Windows" = PC-Doctor 5 für Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Remove Multimedia Center" = Remove Multimedia Center
"SeaMonkey (2.0.1)" = SeaMonkey (2.0.1)
"sm-un1.u32" = TextMaker 2008 (C:\Programme\SoftMaker Office 2008)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Tnach" = Tnach
"TyndaleHouse Toolbar" = TyndaleHouse Toolbar
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"ZTE_MF627_LEGACY_DRIVER_1.2059.0.4" = ZTE_MF627_USB_MODEM_1.2059.0.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2113579362-2319363791-163619842-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"sm-un1.u32" = TextMaker 2008 (C:\Programme\SoftMaker Office 2008)
"sm-un2.u32" = PlanMaker 2008 (C:\Programme\SoftMaker Office 2008)
"sm-un3.u32" = SoftMaker Presentations 2008 (C:\Programme\SoftMaker Office 2008)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.10.2010 17:33:56 | Computer Name = LENOVO-FB376359 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung Smc.exe, Version 5.6.0.2808, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x000119b3.
Error - 09.11.2010 12:20:01 | Computer Name = LENOVO-FB376359 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung Smc.exe, Version 5.6.0.2808, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x00018af2.
Error - 09.11.2010 12:21:06 | Computer Name = LENOVO-FB376359 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.2180, Fehleradresse 0x0001295d.
Error - 10.11.2010 15:59:24 | Computer Name = LENOVO-FB376359 | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung Smc.exe, Version 5.6.0.2808, fehlgeschlagenes
Modul tse.dll, Version 0.0.0.0, Fehleradresse 0x000a9c88.
Error - 10.11.2010 15:59:53 | Computer Name = LENOVO-FB376359 | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung Smc.exe, Version 5.6.0.2808, fehlgeschlagenes
Modul Netport.dll, Version 5.5.0.0, Fehleradresse 0x0003efa0.
Error - 10.11.2010 16:00:08 | Computer Name = LENOVO-FB376359 | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung Smc.exe, Version 5.6.0.2808, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x000119b3.
Error - 10.11.2010 16:00:24 | Computer Name = LENOVO-FB376359 | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung Smc.exe, Version 5.6.0.2808, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x00018af2.
Error - 10.11.2010 16:00:34 | Computer Name = LENOVO-FB376359 | Source = Application Error | ID = 1004
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.2180, Fehleradresse 0x0001295d.
[ System Events ]
Error - 17.10.2010 15:18:46 | Computer Name = LENOVO-FB376359 | Source = Tcpip | ID = 4199
Description = Das System hat einen Adressenkonflikt der IP-Adresse 192.168.0.2 mit
dem Computer mit der Netzwerkhardwareadresse 00:1E:2A:E6:6C:9F ermittelt. Netzwerkvorgänge
könnten daher auf diesem System unterbrochen werden.
Error - 18.10.2010 08:27:34 | Computer Name = LENOVO-FB376359 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.2 für die Netzwerkkarte mit der Netzwerkadresse
001F3C674ACD wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 21.10.2010 08:24:07 | Computer Name = LENOVO-FB376359 | Source = Windows Update Agent | ID = 16
Description = Verbindung nicht möglich: Es konnte keine Verbindung mit dem Dienst
"Automatische Updates" hergestellt werden, daher können Updates nicht nach dem
angegebenen Zeitplan heruntergeladen und installiert werden. Es wird weiterhin versucht,
eine Verbindung herzustellen.
< End of report >
|
|
12.11.2010, 11:33
| #4 |
| /// Malware-holic | Trojaner - was nun? bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.11.2010, 23:33
| #5 |
| | Trojaner - was nun? So, die Erstellung der Datei hat etwas gedauert, da ich Probleme mit AVG hatte. AVG war beim Neustart von ComboFix aktiviert. Ich habe deshalb alles beendet und habe dann den Neustart über mein Adminkonto vorgenommen. ComboFix Logfile Code:
ATTFilter ComboFix 10-11-12.01 - *** 12.11.2010 21:07:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.998.367 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\Cofi.exe
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\dokumente und einstellungen\***\Anwendungsdaten\Ilyhyn
c:\dokumente und einstellungen\***\Anwendungsdaten\Ilyhyn\omgu.fyu
c:\dokumente und einstellungen\***\Anwendungsdaten\Ilyhyn\omgu.tmp
c:\dokumente und einstellungen\***\Anwendungsdaten\Niugu
c:\dokumente und einstellungen\***\Anwendungsdaten\Niugu\poiso.tmp
c:\dokumente und einstellungen\***\Anwendungsdaten\Niugu\poiso.ymd
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((( Dateien erstellt von 2010-10-12 bis 2010-11-12 ))))))))))))))))))))))))))))))
.
2010-11-11 00:55 . 2010-11-11 00:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-11-11 00:46 . 2010-09-18 06:52 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-11-11 00:46 . 2010-09-18 06:52 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-11 00:46 . 2010-09-18 06:52 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-11 00:46 . 2010-08-23 16:11 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-11 00:45 . 2010-04-28 18:11 2192256 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-11-11 00:45 . 2010-04-28 05:41 2148864 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-11-11 00:45 . 2010-04-28 05:41 2069120 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-11-11 00:45 . 2010-04-28 05:41 2027008 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-11-11 00:42 . 2010-08-16 08:44 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-10 21:23 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-10 21:22 . 2008-06-14 17:32 273024 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-10 21:21 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-10 21:21 . 2009-11-21 15:54 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-10 21:18 . 2010-08-27 08:01 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-10 21:18 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-10 21:18 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2010-11-10 21:18 . 2009-03-06 14:19 286720 ------w- c:\windows\system32\dllcache\pdh.dll
2010-11-10 21:18 . 2009-02-09 11:21 111104 ------w- c:\windows\system32\dllcache\services.exe
2010-11-10 21:18 . 2009-02-09 10:51 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2010-11-10 21:18 . 2009-02-09 10:51 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2010-11-10 21:18 . 2009-06-25 08:25 737792 ------w- c:\windows\system32\dllcache\lsasrv.dll
2010-11-10 21:18 . 2009-02-09 10:51 678400 ------w- c:\windows\system32\dllcache\advapi32.dll
2010-11-10 21:18 . 2009-02-09 10:51 740352 ------w- c:\windows\system32\dllcache\ntdll.dll
2010-11-10 21:18 . 2009-02-09 10:51 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-11-10 21:14 . 2008-10-15 16:35 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-10 21:14 . 2010-07-16 12:01 220160 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-11-10 20:54 . 2010-11-10 20:54 -------- d-----w- c:\windows\l2schemas
2010-11-10 20:54 . 2010-11-10 20:59 -------- d-----w- c:\windows\system32\de
2010-11-10 20:54 . 2010-11-10 20:58 -------- d-----w- c:\windows\system32\bits
2010-11-10 12:53 . 2010-11-10 12:53 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\AVG
2010-11-09 17:52 . 2010-11-09 17:52 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\AVG10
2010-11-09 17:36 . 2010-11-09 17:36 -------- d-----w- C:\AVG10
2010-11-09 17:34 . 2010-11-09 17:34 -------- d--h--w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Common Files
2010-11-09 17:32 . 2010-11-12 19:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AVG10
2010-11-09 17:32 . 2010-11-12 19:20 -------- d-----w- c:\windows\system32\drivers\AVG
2010-11-09 17:08 . 2010-11-09 17:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\MFAData
2010-11-09 16:34 . 2010-11-09 16:34 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-11-09 14:31 . 2010-11-09 14:51 -------- d-----w- c:\dokumente und einstellungen\***\DoctorWeb
2010-11-09 14:01 . 2010-11-09 14:01 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2010-11-09 14:01 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-09 14:01 . 2010-11-09 14:01 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-11-09 14:01 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 14:01 . 2010-11-09 14:01 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-11-06 00:55 . 2010-11-06 00:55 -------- d-----w- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Octoshape
2010-10-26 16:20 . 2010-10-26 16:20 -------- d-----w- c:\dokumente und einstellungen\LocalService\Startmenü
2010-10-18 17:25 . 2010-10-18 17:25 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Octoshape
2010-10-17 23:05 . 2010-10-17 23:05 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\ProgSense
2010-10-17 23:05 . 2010-10-17 23:05 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\GrabPro
2010-10-17 23:05 . 2010-10-17 23:20 -------- d-----w- c:\dokumente und einstellungen\***\Anwendungsdaten\Orbit
2010-10-16 23:56 . 2010-10-17 23:21 -------- d-----w- c:\programme\NirSoft
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 16:39 . 2010-10-04 16:39 371272 ------r- c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
2010-09-18 11:22 . 2006-01-27 01:01 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:52 . 2006-01-27 01:01 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:52 . 2006-01-27 01:01 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:52 . 2006-01-27 01:01 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:47 . 2006-01-27 01:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:47 . 2006-01-27 01:01 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:47 . 2006-01-27 01:01 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-07 02:48 . 2010-09-07 02:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 02:48 . 2010-09-07 02:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-01 11:50 . 2006-01-27 01:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:54 . 2006-01-27 01:00 1852928 ------w- c:\windows\system32\win32k.sys
2010-08-27 08:01 . 2006-01-27 01:01 119808 ------w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-01-27 01:00 99840 ------w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2010-08-13 17:44 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2006-01-27 01:00 357248 ------w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:11 . 2006-01-27 01:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2006-01-27 01:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:44 . 2006-01-27 01:01 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
"{0c3c917a-52b8-47cb-9625-cc0272510ed9}"= "c:\programme\TyndaleHouse\tbTyn0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CLASSES_ROOT\clsid\{0c3c917a-52b8-47cb-9625-cc0272510ed9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0c3c917a-52b8-47cb-9625-cc0272510ed9}]
2010-10-18 10:26 3908192 ----a-w- c:\programme\TyndaleHouse\tbTyn0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\programme\ConduitEngine\ConduitEngin0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 10:31 2475336 ----a-w- c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
"{0c3c917a-52b8-47cb-9625-cc0272510ed9}"= "c:\programme\TyndaleHouse\tbTyn0.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\programme\ConduitEngine\ConduitEngin0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{0c3c917a-52b8-47cb-9625-cc0272510ed9}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
"{0C3C917A-52B8-47CB-9625-CC0272510ED9}"= "c:\programme\TyndaleHouse\tbTyn0.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CLASSES_ROOT\clsid\{0c3c917a-52b8-47cb-9625-cc0272510ed9}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smash"="c:\programme\SoftMaker Office 2008\Smash.exe" [2007-12-07 163840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2007-07-05 110592]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-07-05 512000]
"TPFNF7"="c:\programme\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"TPHOTKEY"="c:\programme\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"SunJavaUpdateSched"="c:\programme\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\programme\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\programme\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"HPUsageTracking"="c:\programme\HP\HP UT\bin\hppusg.exe" [2009-05-11 24576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-30 262144]
"AVG_TRAY"="c:\programme\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
BTTray.lnk - c:\programme\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
Digital Line Detect.lnk - c:\programme\Digital Line Detect\DLG.exe [2009-12-29 50688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-14 21:17 89600 ------w- c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\programme\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\programme\Lenovo\HOTKEY\tphklock.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Dokumente und Einstellungen\\***\\Lokale Einstellungen\\Anwendungsdaten\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\AVG\\AVG10\\avgmfapx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Programme\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Programme\\AVG\\AVG10\\avgemcx.exe"=
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [16.10.2007 18:32 19504]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07.09.2010 03:48 249424]
R2 avgwd;AVG WatchDog;c:\programme\AVG\AVG10\avgwdsvc.exe [10.09.2010 01:45 265400]
R2 smihlp;SMI Helper Driver (smihlp);c:\programme\Gemeinsame Dateien\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [14.03.2007 22:10 11152]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22.05.2007 15:59 30336]
S2 AVGIDSAgent;AVGIDSAgent;c:\programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [11.10.2010 12:58 6104656]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\programme\AVG\AVG10\Toolbar\ToolbarBroker.exe [06.10.2010 11:31 517448]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [07.09.2009 15:55 7680]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
.
Inhalt des "geplante Tasks" Ordners
2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-11-12 c:\windows\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
- c:\programme\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 14:54]
2010-11-12 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job
- c:\programme\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2010-11-10 09:21]
2010-11-12 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-12-29 16:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
uSearchURL,(Default) = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\programme\Windows Live Toolbar\msntb.dll/search.htm
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\programme\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Notify-ACNotify - ACNotify.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-11-12 22:03
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1012)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infra.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\ThinkVantage Fingerprint Software\remote.dll
c:\programme\Lenovo\HOTKEY\tphklock.dll
c:\programme\ThinkVantage Fingerprint Software\pscssint.dll
c:\programme\ThinkVantage Fingerprint Software\crypto.dll
- - - - - - - > 'explorer.exe'(4864)
c:\programme\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\programme\Lenovo\Client Security Solution\tvt_passwordmanager.dll
c:\programme\Lenovo\Client Security Solution\css_banner.dll
c:\programme\Lenovo\Client Security Solution\csswait.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\programme\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\programme\Gemeinsame Dateien\Lenovo\tvt_think_res.dll
c:\programme\Lenovo\Client Security Solution\css_think_res.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\programme\Sygate\SPF\smc.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Diskeeper Corporation\Diskeeper\DkService.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\lenovo\system update\suservice.exe
c:\programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\programme\Lenovo\Client Security Solution\tvttcsd.exe
c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
c:\programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\programme\Windows Media Player\WMPNetwk.exe
c:\programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\AVG\AVG10\avgchsvx.exe
c:\programme\AVG\AVG10\avgrsx.exe
c:\programme\AVG\AVG10\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\programme\Lenovo\HOTKEY\TPONSCR.exe
c:\programme\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\ThinkPad\ConnectUtilities\AcFnF5.exe
c:\programme\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\programme\iPod\bin\iPodService.exe
c:\programme\ThinkPad\ConnectUtilities\AcFnF5.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-11-12 22:07:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-11-12 21:07
Vor Suchlauf: 17 Verzeichnis(se), 88.836.714.496 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 91.467.960.320 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - BC30719498698C9EE1B8B8B7B95AD629
|
|
13.11.2010, 11:27
| #6 |
| /// Malware-holic | Trojaner - was nun? lade den CCleaner slim: CCleaner instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> Trojaner - was nun? |
|
13.11.2010, 12:01
| #7 |
| | Trojaner - was nun? Hier die gewünschte Liste. Vielen Dank. Code:
ATTFilter 3Connect 3 Mobile Broadband 2.0.0 benötigt
Access Help 2.02 unbekannt
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.1.82.76 benötigt
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 10.0.42.34 benötigt
Adobe Reader 9.2 - Deutsch Adobe Systems Incorporated 9.2.0 unnötigt
Anzeige am Bildschirm 5.04
Apple Application Support Apple Inc. 1.1.0 unnötigt
Apple Mobile Device Support Apple Inc. 2.6.0.32 unnötigt
Apple Software Update Apple Inc. 2.1.1.116 unnötigt
AVG 2011 AVG Technologies 10.0.1153 benötigt
AVG PC Tuneup 2011 AVG 10.0.0.23 benötigt
Bonjour Apple Inc. 1.0.106 unnötigt
CCleaner Piriform 3.00 benötigt
CDBurnerXP CDBurnerXP 4.2.7.1801 benötigt
Client Security Solution Lenovo Group Limited 8.00.0311.00 benötigt
Conduit Engine Conduit Ltd. unbekannt
Dienstprogramm "ThinkPad UltraNav" 1.03 benötigt
Diskeeper Lite Diskeeper Corporation 9.0.541 benötigt
DivX Codec DivX, Inc. 6.9.1 benötigt
DivX Converter DivX, Inc. 7.1.0 benötigt
DivX Player DivX, Inc. 7.2.0 benötigt
DivX Plus DirectShow Filters DivX, Inc. benötigt
DivX Plus Web Player DivX,Inc. 2.0.0 benötigt
Ergänzung zu Productivity Center für ThinkPad 2.00 benötigt
GetASFStream unnötigt
Help Center 2.00c unbekannt
HP LaserJet P1000 series benötigt
HPSSupply Ihr Firmenname 2.1.1.00 00 unbekannt
Integrated Camera Sonix 5.8.8.010 unnötigt
Intel(R) Graphics Media Accelerator Drivers benötigt
Intel(R) PRO Network Connections Drivers benötigt
Intel(R) PROSet/Wireless Software Intel Corporation 11.01.0.API benötigt
InterVideo WinDVD InterVideo Inc. 5.0-B11.1156 benötigt
InterVideo WinDVD Creator 3 InterVideo Inc. 3.0.01.196 benötigt
iTunes Apple Inc. 9.0.2.25 unnötigt
J2SE Runtime Environment 5.0 Update 6 Sun Microsystems, Inc. 1.5.0.60 unbekannt
Lenovo Registration Lenovo - Leader Technologies benötigt
LingoPad 2.5.1 (Build 325) Lingo4you GbR 2.5.1 benötigt
Maintenance Manager 3.0.5.0 unbekannt
Malwarebytes' Anti-Malware Malwarebytes Corporation benötigt
Message Center 2.01b unbekannt
Microsoft .NET Framework 1.1 benötigt
Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft Corporation benötigt
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729 benötigt
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729 benötigt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation benötigt
Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 1 benötigt
Microsoft User-Mode Driver Framework Feature Pack 1.7 Microsoft Corporation benötigt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.59193 benötigt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148 benötigt
Mozilla Firefox (3.5.6) Mozilla 3.5.6 (de) benötigt
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 4.20.9841.0 benötigt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 4.20.9870.0 benötigt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 4.20.9876.0 benötigt
MSXML 6 Service Pack 2 (KB973686) Microsoft Corporation 6.20.2003.0 benötigt
NirSoft VideoCacheView unbekannt
NirSoft WebVideoCap unbekannt
Nokia Connectivity Cable Driver Nokia 7.1.17.0 unbekannt
Nokia PC Suite Nokia 7.1.30.9 benötigt
Octoshape Streaming Services unnötigt
PC Connectivity Solution Nokia 9.23.3.0 unbekannt
PC-Doctor 5 für Windows PC-Doctor, Inc. 5.00.4565.08 benötigt
PDF-Viewer Tracker Software Products Ltd 2.0.56.0 benötigt
Picasa 2 Google, Inc. 2.0 unbekannt
PlanMaker 2008 (C:\Programme\SoftMaker Office 2008) SoftMaker Software GmbH benötigt
Präsentationsdirektor 3.04 unbekannt
QuickTime Apple Inc. 7.65.17.80 unnötigt
RecordNow Audio Sonic Solutions 2.0.4 benötigt
RecordNow Copy Sonic Solutions 2.0.4 benötigt
RecordNow Data Sonic Solutions 2.0.4 benötigt
Remove Multimedia Center benötigt
Rescue and Recovery Lenovo Group Limited 4.00.0114.00 benötigt
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 3.52.02 unbekannt
SeaMonkey (2.0.1) Mozilla 2.0.1 (de) benötigt
Skype 5.0 Skype Technologies S.A. 5.0.123 benötigt
SoftMaker Presentations 2008 (C:\Programme\SoftMaker Office 2008) SoftMaker Software GmbH benötigt
Sonic DLA Sonic Solutions 5.2.0 unbekannt
Sonic Express Labeler Sonic Solutions 2.1.0 unbekannt
Sonic Icons for Lenovo Lenovo 1.0.2 unbekannt
Sonic Update Manager Sonic Solutions 3.0.0 bekannt
SoundMAX Analog Devices 5.10.01.5410 benötigt
Sygate Personal Firewall Sygate Technologies, Inc. 5.6.2808 benötigt
System Migration Assistant Lenovo Group Limited. 5.20.0033 benötigt
TextMaker 2008 (C:\Programme\SoftMaker Office 2008) SoftMaker Software GmbH benötigt
TextMaker 2008 (C:\Programme\SoftMaker Office 2008) SoftMaker Software GmbH benötigt
ThinkPad Bluetooth with Enhanced Data Rate Software Lenovo 5.1.0.3100 benötigt
ThinkPad Energie-Manager 1.22 benötigt
ThinkPad FullScreen Magnifier 1.16 benötigt
ThinkPad Modem 7.62.00 benötigt
ThinkPad Power Management Driver 1.43 benötigt
ThinkPad UltraNav Driver 7.5.17.24 benötigt
ThinkPad-Dienstprogramm 'EasyEject' 2.32 benötigt
ThinkVantage Access Connections 4.42 benötigt
ThinkVantage Fingerprint Software 5.6 UPEK Inc. 5.6.1.3425 benötigt
ThinkVantage Productivity Center 2.10 benötigt
ThinkVantage System für aktiven Festplattenschutz Lenovo 1.54 benötigt
ThinkVantage System Update Lenovo 3.00.0030 benötigt
Tnach unnötigt
TyndaleHouse Toolbar TyndaleHouse 6.1.0.7 unnötigt
USB PC Camera Plus Sonix 5.21.1.000 unnötigt
VLC media player 1.0.3 VideoLAN Team 1.0.3 benötigt
Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation benötigt
Windows Internet Explorer 8 Microsoft Corporation 20090308.140743 benötigt
Windows Live Toolbar Microsoft Corporation 03.01.0130 benötigt
Windows Media Format 11 runtime benötigt
Windows Media Player 11 benötigt
Windows XP Service Pack 3 Microsoft Corporation 20080414.031514 benötigt
Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1) Nokia 06/01/2009 4.1 benötigt
Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3) Nokia 06/01/2009 7.01.0.3 benötigt
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 08/22/2008 7.0.0.0 benötigt
WinRAR benötigt
ZTE_MF627_USB_MODEM_1.2059.0.4 unbekannt
µTorrent 2.1.0 unnötigt
|
|
13.11.2010, 12:28
| #8 |
| /// Malware-holic | Trojaner - was nun? falls du ihn doch mal wieder benötigst: Adobe Reader 9.2 ersetzen durch: Adobe - Adobe Reader herunterladen - Alle Versionen ohne mcafee security scan instalieren, auf der seite abhaken. öffne den adobe reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus. so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden. bitte noch unnötige plugins verschieben: Adobe Reader schneller starten behalte aber: EScript.api Escript.deu Search.api Search.DEU deinstaliere: Anzeige am Bildschirm steht nichts hinter, falls nicht benötigt, weg. Apple Application Support Apple Mobile Device Support Apple Software Update AVG PC Tuneup auf solchen tuneup misst sollte man verzichten, er bringt nichts, falls möglich, deinstalieren. Bonjour Conduit Engine GetASFStream Help Center Integrated Camera Sonix 5.8.8.010 iTunes J2SE Runtime Environment 5.0 Update 6 ersetzen durch: Java SE Downloads - Sun Developer Network (SDN) klicke auf download jre Maintenance Manager Message Center NirSoft VideoCacheView NirSoft WebVideoCap Octoshape PC-Doctor auf solchen schnick schnack sollte man auch verzichten. Picasa 2 QuickTime RICOH R5C83x Sonic DLA Sonic Express Labeler Sonic Icons for Lenovo Sygate Personal Firewall firewalls sind, meiner meinung nach, unnötig, sie können nur begrenzt schutz bieten. ich zeige dir, wie du windows sicherr machst, ports schließen etc, dann benötigst du sie nicht. Tnach TyndaleHouse Toolbar USB PC Camera Windows Live Toolbar toolbars sind ein sicherheitsrisiko, sie machen den browser langsam, und können das nutzerverhalten ausspähen, weg damit :-) µTorrent wenn du fertig bist, sag bescheid.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.11.2010, 16:43
| #9 |
| | Trojaner - was nun? Ich habe die Änderungen vorgenommen. Das Message Center konnte ich nicht löschen, weil es mit den Lenovo-Programmen zusammen hängt. Sygate Personal Firewall habe ich noch nicht deinstalliert. |
|
13.11.2010, 17:20
| #10 |
| /// Malware-holic | Trojaner - was nun? dienste konfigurieren: Windows-Dienste sicher konfigurieren und abschalten (Windows 7/Vista/XP/2000) - www.ntsvcfg.de download link ist hier http://ntsvcfg.de/svc2kxp.zip lies den abschnitt über die svc2kxp.md du solltest die methode 3 wählen, diese ist die sicherste. je weniger dienste der pc nach außen anbietet, desto besser. automatische windows updates sowie inteligenter hintergrundübertragunsdienst sollten schon aktiev sein, prüfe das bitte nachdem du das tool ausgeführt hast nach. start ausführen services.msc suche die beiden dienste und schaue ob der starttyp automatisch lautet, falls nicht, wähle den dienst aus, rechtsklick, eigenschaften, starttyp automatisch dann kannst du die fw deinstalieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.11.2010, 20:12
| #11 |
| | Trojaner - was nun? Das Programm läuft nun. Es hat etwas gedauert,weil ich nicht ins Internet gekommen bin. Wie weiss ich nun, ob mein Laptop keinen Trojaner mehr hat? |
|
13.11.2010, 20:25
| #12 |
| /// Malware-holic | Trojaner - was nun? sieht gut aus. wir machen noch 1 online scan, dann sichern wir den pc ab, dann sind wir fertig. Free ESET Online Antivirus Scanner nutze den eset scanner und poste das log.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.11.2010, 23:13
| #13 |
| | Trojaner - was nun? Hier der Bericht. Es wurden leider 7 infizierte Dateien gefunden  .Code:
ATTFilter C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\dzynetgvxqhveo.jar-5a5d563f-5ebeab7f.zip a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\huevgvfvjvfog2.jar-675b8306-2cc778ef.zip a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\jmdvymkpitishm1.jar-4489cca5-2339d259.zip a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\jmdvymkpitishm1.jar-5681fcc9-29664ceb.zip a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\jmdvymkpitishm1.jar-5982df49-1dc30b7f.zip a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Dokumente und Einstellungen\***\DoctorWeb\Quarantine\xvid_setup.exe a variant of Win32/Adware.HotBar.G application cleaned by deleting - quarantined
C:\System Volume Information\_restore{B991F27A-883F-42A9-A172-EAAB1D37FFFA}\RP266\A0043755.exe a variant of Win32/Adware.HotBar.G application cleaned by deleting - quarantined
|
|
14.11.2010, 12:39
| #14 |
| /// Malware-holic | Trojaner - was nun? bereinige mit dem CCleaner dateien + registry: http://www.trojaner-board.de/51464-a...-ccleaner.html leere den java chache: Löschen des Caches von Java Runtime Environment (JRE) reinige mit otcleanit: http://oldtimer.geekstogo.com/OTM.exe Klicke cleanup! dein pc wird evtl. neu starten deaktiviere die systemwiederherstellung auf allen laufwerken Windows XP - Die Systemwiederherstellung komplett abschalten nach 5 min wieder einschalten. ich denke es sind keine probleme mehr aufgetreten? dann kommen wir zum absichern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.11.2010, 14:16
| #15 |
| | Trojaner - was nun? Hm, ich kann das Java-Symbol unter der Systemsteuerung nicht finden. Ich habe nur den Installshield manager, ist das vielleicht das gleiche? Mein System ist Windows xp pro. |
|
| Themen zu Trojaner - was nun? |
| angezeigt, anti-malware, avg, folge, folgende, generic, gestern, heute, infiziert, laptop, media, media player, meldungen, nichts, player, quarantäne, scan, scanner, troja, trojaner, verschoben, virenquarantäne, virenscan, virenscanner, windows, windows media player |
Linear-Darstellung
